| 5212 | Hacking Facebook Pages |
Authorization flaw
Privilege escalation
Broken Access Control |
Meta / Facebook |
Laxman Muthiyah (@LaxmanMuthiyah) |
Bug Bounty | 2015-08-26 | 2023-06-13 |
| 5200 | Broken Access Control in bingmapsportal !!! |
Broken Access Control |
Microsoft |
Sai Krishna Kothapalli (@kmskrishna) |
Bug Bounty | 2016-01-23 | 2023-06-13 |
| 4051 | Tale of account takeover — Sensitive info Disclosure + Broken Access Control |
IDOR
Account takeover |
NA |
Md Saqib (@sakyb7) |
Bug Bounty | 2019-07-10 | 2023-06-13 |
| 3801 | Dank Writeup On Broken Access Control On An Indian Startup |
Unrestricted file upload
Authorization flaw |
NA |
Divyanshu Shukla (@justm0rph3u5) |
Bug Bounty | 2019-11-30 | 2023-06-13 |
| 3697 | How I get my first SWAG from SIDN (Sensitive Data Expose) |
Broken Access Control
Information disclosure |
SIDN |
Mehedi Hasan Remon (@mehedi1194) |
Bug Bounty | 2020-01-29 | 2023-06-13 |
| 3466 | Easy bounties with subdomain discovery - Using Project Sonar for bug bounty |
Broken access control
Authorization flaw |
Bpost |
Torben Capiau (@TorbenCapiau) |
Bug Bounty | 2020-05-20 | 2023-06-13 |
| 3083 | 300$ P3 Easy Bug in 30 Seconds |
Missing authentication
Broken Access Control |
NA |
Omar Hamdy (@seaman00o) |
Bug Bounty | 2020-10-22 | 2023-06-13 |
| 3066 | Hinge Hackerone Writeup |
Broken Access Control |
Hinge |
Tyle Butler (@tbutler0x90) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
| 3026 | Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data |
Information disclosure
Broken access control
IDOR
SQL injection |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
| 2964 | JavaScript analysis leading to Admin portal access |
Authorization flaw
Broken Access Control |
NA |
Rikesh Baniya / NotRickyy (@rikeshbaniya) |
Bug Bounty | 2020-12-16 | 2023-06-13 |
| 2958 | Broken Access Control on samsung.com subdomain leads to Mass Account Takeover of Samsung employees application accounts |
Information disclosure
Account takeover
Authorization flaw |
Samsung |
Gal Nagli (@naglinagli) |
Bug Bounty | 2020-12-18 | 2023-06-13 |
| 2927 | Privilege Escalation: From being a normal user to admin |
Privilege escalation
Broken Access Control |
NA |
Akshar Tank |
Bug Bounty | 2021-01-05 | 2023-06-13 |
| 2853 | Broken Access Control & Stored XSS - Easy Hunt |
Stored XSS
IDOR |
NA |
Kabeer (@iTheKabeer) |
Bug Bounty | 2021-01-29 | 2023-06-13 |
| 2724 | Messing with GitHub%27s fork collaboration for fun and profit |
Broken Access Control |
GitHub |
Teddy Katz (@not_aardvark) |
Bug Bounty | 2021-03-10 | 2023-06-13 |
| 2690 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #2 |
Broken Access Control
IDOR |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-03-26 | 2023-06-13 |
| 2687 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #1 |
Broken Access Control
IDOR |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-03-28 | 2023-06-13 |
| 2682 | I felt like there were no more bugs left after winning € 2000 … But an email worth €750 changed my mind |
Broken Access Control
IDOR |
NA |
Thexssrat (@theXSSrat) |
Bug Bounty | 2021-03-31 | 2023-06-13 |
| 2668 | Gain write permission of repositories with a bug in GitHub Actions |
Broken Access Control
Logic flaw |
GitHub |
tyage (@tyage) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
| 2621 | DMCA.COM Hack, Full Disclosure (With Proof-of-Concept) |
Privilege escalation
Client-side enforcement of server-side security
Stored XSS
Broken Access Control |
DMCA |
Joël Aviad Ossi |
Bug Bounty | 2021-04-21 | 2023-06-13 |
| 2552 | Auth Bypass in https://nearbydevices-pa.googleapis.com |
Broken Access Control |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-05-16 | 2023-06-13 |
| 2523 | How I hacked a Target again and again… |
OAuth
Account takeover
XSS
Broken Access Control |
NA |
Aditya Verma (@0cirius0) |
Bug Bounty | 2021-05-27 | 2023-06-13 |
| 2503 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #3 |
Broken Access Control |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-06-04 | 2023-06-13 |
| 2417 | Broken Access control bug : Bypassing 403’s by finding another endpoint that do the same thing. |
Broken Access Control
403 bypass |
NA |
tomorrowisnew (@tomorrowisnew_) |
Bug Bounty | 2021-07-12 | 2023-06-13 |
| 2273 | Broken Access Control Leads To Change Of Admin Details |
Privilege escalation
Client-side enforcement of server-side security |
NA |
V3D (@v3d_bug) |
Bug Bounty | 2021-08-31 | 2023-06-13 |
| 2210 | Admin access !! |
Privilege escalation
Broken Access Control |
NA |
th3.d1p4k (@DipakPanchal05) |
Bug Bounty | 2021-09-19 | 2023-06-13 |
