| 5298 | Resources for Application Security |
Application Security |
N/A |
Ishaq Mohammed |
CheatSheet | 2018-08-27 | 2024-01-31 |
| 5296 | Resources for Application Security |
Application Security |
N/A |
Ishaq Mohammed |
CheatSheet | 2018-08-27 | 2024-01-31 |
| 5290 | Facebook XSS via Cross-Origin Resource Sharing |
XSS |
Meta / Facebook |
Matt Austin (@mattaustin) |
Bug Bounty | 2010-07-06 | 2023-06-13 |
| 5253 | GitHub RCE Writeup |
RCE |
GitHub |
joernchen (@joernchen) |
Bug Bounty | 2014-02-22 | 2023-06-13 |
| 5248 | Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS) |
RCE
SQL injection
LFI
XSS |
Magix |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2014-04-26 | 2023-06-13 |
| 5242 | Popping a shell on the Oculus developer portal |
SQL injection
CSRF
RCE
IDOR |
Meta / Facebook |
Bitquark (@bitquark) |
Bug Bounty | 2014-08-31 | 2023-06-13 |
| 5224 | Flickr API Explorer – Force users to execute any API request. |
CSRF |
Flickr |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2015-02-03 | 2023-06-13 |
| 5210 | XSS to RCE in ... |
XSS
RCE |
NA |
Neil Hakuna Matatall (@ndm) |
Bug Bounty | 2015-09-08 | 2023-06-13 |
| 5207 | XSS to RCE in Atlassian Hipchat |
XSS
RCE |
Atlassian |
Matt Austin (@mattaustin) |
Bug Bounty | 2015-11-15 | 2023-06-13 |
| 5205 | How To Hack PayU – And Buy 10x More For The Same Price |
RCE |
PayU |
Rick Harris (@codel10n) |
Bug Bounty | 2015-12-18 | 2023-06-13 |
| 5202 | Instagram%27s Million Dollar Bug |
RCE |
Meta / Facebook |
Wesley Wineberg |
Bug Bounty | 2015-12-27 | 2023-06-13 |
| 5199 | [manager.paypal.com] Remote Code Execution Vulnerability |
RCE |
Paypal |
Michael Stepankin (@artsploit) |
Bug Bounty | 2016-01-25 | 2023-06-13 |
| 5192 | Hacking Magento eCommerce For Fun And 17.000 USD |
Information disclosure
LFI
RFI |
Adobe |
Egidio Romano / EgiX |
Bug Bounty | 2016-03-03 | 2023-06-13 |
| 5170 | InstaBrute: Two Ways to Brute-force Instagram Account Credentials |
Bruteforce
Username enumeration |
Meta / Facebook |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2016-05-19 | 2023-06-13 |
| 5163 | Uber Hacking: How we found out who you are, where you are and where you went |
Bruteforce
Information disclosure
Logic flaw
IDOR |
Uber |
Vitor “r0t” Oliveira (@r0t1v) |
Bug Bounty | 2016-06-24 | 2023-06-13 |
| 5158 | Blind XSS in Spotify%27s Salesforce Integration |
Blind XSS
Salesforce |
Spotify |
Mohammed Diaa (@mhmdiaa) |
Bug Bounty | 2016-07-19 | 2023-06-13 |
| 5157 | Twitter%27s Vine Source code dump - $10080 |
Source code disclosure
Information disclosure |
Twitter |
avicoder (@avicoder) |
Bug Bounty | 2016-07-22 | 2023-06-13 |
| 5156 | How we broke PHP, hacked Pornhub and earned $20,000 |
RCE
Memory corruption
Use-After-Free |
PornHub |
Ruslan Habalov (@evonide) |
Bug Bounty | 2016-07-23 | 2023-06-13 |
| 5155 | Remote Code Execution (RCE) on Microsoft%27s %27signout.live.com%27 |
RCE |
Microsoft |
Peter Adkins (@darkarnium) |
Bug Bounty | 2016-07-24 | 2023-06-13 |
| 5147 | [demo.paypal.com] Node.js code injection (RCE) |
RCE |
Paypal |
Michael Stepankin (@artsploit) |
Bug Bounty | 2016-08-19 | 2023-06-13 |
| 5143 | RCE In AddThis |
RCE |
AddThis |
whitehatnepal |
Bug Bounty | 2016-09-04 | 2023-06-13 |
| 5127 | Hacking JasperReports – The Hidden Shell Feature |
RCE |
NA |
Steve Breen (@breenmachine) |
Bug Bounty | 2016-10-14 | 2023-06-13 |
| 5119 | Atom.io Misconfiguration Allowed Code Execution on Untrusted Networks |
RCE |
GitHub |
Adam Baldwin (@adam_baldwin) |
Bug Bounty | 2016-11-30 | 2023-06-13 |
| 5110 | Spring Boot RCE |
RCE
SpEL injection
Spring Boot |
NA |
Tushar (@0xdeadpool) |
Bug Bounty | 2017-02-02 | 2023-06-13 |
| 5100 | How I was able to remove your Instagram Phone number |
Bruteforce |
Meta / Facebook |
Neeraj Sonaniya (@neeraj_sonaniya) |
Bug Bounty | 2017-02-20 | 2023-06-13 |
