| 5215 | Bypassing Google Authentication on Periscope%27s Administration Panel |
Authentication bypass |
Google |
Jack Whitton (@fin1te) |
Bug Bounty | 2015-07-20 | 2023-06-13 |
| 5120 | Authentication bypass on Ubiquity’s Single Sign-On via subdomain takeover |
Subdomain takeover
Authentication bypass |
Ubiquity Networks |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2016-11-29 | 2023-06-13 |
| 5081 | Inspect Element leads to Stripe Account Lockout Authentication Bypass |
Authentication bypass |
Stripe |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2017-04-03 | 2023-06-13 |
| 5079 | Tales of SugarCRM Security Horrors |
PHP Object Injection
SQL injection
Authentication bypass |
SugarCRM |
Egidio Romano / EgiX |
Bug Bounty | 2017-04-23 | 2023-06-13 |
| 5070 | Nokia Asha Series Lock Screen Bypass |
Authentication bypass
Lock screen bypass |
Nokia |
Hammad Shamsi (@HammadShamsii) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5062 | From JS to another JS files lead to authentication bypass |
Authentication bypass |
NA |
yappare (@yappare) |
Bug Bounty | 2017-06-06 | 2023-06-13 |
| 5055 | Authentication bypass on Airbnb via OAuth tokens theft |
OAuth
Login CSRF
Open redirect
Authentication bypass |
Airbnb |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2017-06-22 | 2023-06-13 |
| 5051 | Authentication bypass on Uber’s Single Sign-On via subdomain takeover |
Subdomain takeover
Authentication bypass |
Uber |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2017-06-25 | 2023-06-13 |
| 5004 | Accidentally typo to bypass administration access |
Authentication bypass |
NA |
yappare (@yappare) |
Bug Bounty | 2017-08-13 | 2023-06-13 |
| 4952 | Slack SAML authentication bypass |
Authentication bypass |
Slack |
Antonio Sanso (@asanso) |
Bug Bounty | 2017-10-26 | 2023-06-13 |
| 4932 | JWT Refresh Token Manipulation |
JWT
Authentication bypass
Account takeover |
NA |
Mikail Tunç (@emtunc) |
Bug Bounty | 2017-11-16 | 2023-06-13 |
| 4915 | How I was able to takeover Facebook account |
Authentication bypass |
Meta / Facebook |
Ameer Hamza |
Bug Bounty | 2017-12-10 | 2023-06-13 |
| 4901 | "F**k you Thomas" - ToyTalk bug bounty writeup |
Authentication bypass
HTML injection |
ToyTalk |
Jahmel Harris |
Bug Bounty | 2018-01-04 | 2023-06-13 |
| 4871 | #BugBounty — "I don%27t need your current password to login into your account" - How could I completely takeover any user%27s account in an online classified ads company. |
Authentication bypass |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-02-03 | 2023-06-13 |
| 4849 | Bypassing Google’s authentication to access their Internal Admin panels |
Authentication bypass |
Google |
Vishnu Prasad P G (@vishnuprasadnta) |
Bug Bounty | 2018-02-24 | 2023-06-13 |
| 4820 | My Best Small Report Bounty Report in Private Program ( Django REST framework Admin Login ByPass ) |
SQL injection
Authentication bypass
Account takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2018-04-01 | 2023-06-13 |
| 4810 | Source Code Analysis in YSurvey — Luminate bug |
Authentication bypass
Authorization flaw
SQL injection |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-04-10 | 2023-06-13 |
| 4687 | Oracle WebLogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933) |
SAML
Authentication bypass |
Oracle (WebLogic) |
Denis Andzakovic |
Bug Bounty | 2018-07-18 | 2023-06-13 |
| 4641 | Adminer Script Results to Pwning Server?, Private Bug Bounty Program |
Authentication bypass |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2018-08-11 | 2023-06-13 |
| 4598 | ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC |
XSS
SQL injection |
ZOL Zimbabwe |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2018-09-09 | 2023-06-13 |
| 4594 | Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC |
SQL injection |
AutoTrader |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2018-09-10 | 2023-06-13 |
| 4579 | Facebook $750 Reward for a Simple Bug |
Authentication bypass
Logic flaw |
Meta / Facebook |
Aman Shahid (@amansmughal) |
Bug Bounty | 2018-09-18 | 2023-06-13 |
| 4577 | Bypassing Authentication Using Javascript Debugger. |
Authentication bypass |
NA |
Mohit Dabas (@mohitdabas08) |
Bug Bounty | 2018-09-18 | 2023-06-13 |
| 4536 | Symantec Messaging Gateway authentication bypass |
Authentication bypass |
Symantec |
Artem Kondratenko (@artkond) |
Bug Bounty | 2018-10-10 | 2023-06-13 |
| 4535 | Access to staging environment via User-Agent string |
Authentication bypass |
NA |
Yasser Gersy (@yassergersy) |
Bug Bounty | 2018-10-10 | 2023-06-13 |
