2607 | From Wayback Machine To Account Takeover |
Open redirect
Account takeover |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-04-25 | 2023-06-13 |
2592 | Facebook account takeover due to unsafe redirects after the OAuth flow |
OAuth
Open redirect
Account takeover |
Meta / Facebook |
Youssef Sammouda (@samm0uda) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
2591 | Password reset code brute-force vulnerability in AWS Cognito |
Password reset
Bruteforce
Rate limiting bypass
Account takeover |
AWS |
Pentagrid (@pentagridsec) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
2550 | My Fourth Account takeover through password reset |
Account takeover
Password reset |
NA |
Omar Hamdy (@seaman00o) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
2528 | Chaining XSS with authentication issues to turn it into full account takeover |
XSS
Account takeover |
NA |
N1GHTMAR3 (@n1ghtmar3_2421) |
Bug Bounty | 2021-05-24 | 2023-06-13 |
2523 | How I hacked a Target again and again… |
OAuth
Account takeover
XSS
Broken Access Control |
NA |
Aditya Verma (@0cirius0) |
Bug Bounty | 2021-05-27 | 2023-06-13 |
2518 | Account Takeover via iFrame Injection |
Iframe injection
Account takeover |
NA |
xbforce (@xbforce) |
Bug Bounty | 2021-05-29 | 2023-06-13 |
2486 | Story of Account Takeover : Using Social Login with Mass Assignment Vulnerability to hack accounts ! |
Mass assignment
Account takeover |
NA |
Mohammad Kaif |
Bug Bounty | 2021-06-13 | 2023-06-13 |
2473 | Part-1 Dive into Zoom Applications |
CSRF
Payment bypass
Logic flaw
Account takeover
Privilege escalation |
Zoom |
Rakesh Thodupunoori (@rakesh_3895) |
Bug Bounty | 2021-06-16 | 2023-06-13 |
2466 | Account takeover via stored XSS with arbitrary file upload |
Insecure file upload
XSS
Account takeover |
NA |
0xbadb00da (@0xbadb00da) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
2463 | Zero Click account Takeover |
Account takeover
Password reset |
NA |
Zahir Tariq (@ZahirTariq3) |
Bug Bounty | 2021-06-19 | 2023-06-13 |
2461 | How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It |
Account takeover
MFA bypass
Rate limiting bypass
Race condition |
Apple |
Laxman Muthiyah (@laxmanmuthiyah) |
Bug Bounty | 2021-06-19 | 2023-06-13 |
2459 | Stored XSS via Invite leading to Mass Account Takeover at Opera. |
Stored XSS |
Opera |
Samrat Gupta (@Sm4rty_) |
Bug Bounty | 2021-06-20 | 2023-06-13 |
2449 | From Information Disclosure to interesting Privilege Escalation |
Information disclosure
Account takeover
Privilege escalation |
NA |
David Shaul (@dudy2kk) |
Bug Bounty | 2021-06-25 | 2023-06-13 |
2442 | Taking over Uber accounts through voicemail |
Account takeover
Voicemail hacking |
Uber |
Shubham Shah (@infosec_au) |
Bug Bounty | 2021-06-27 | 2023-06-13 |
2438 | How I was able to Takeover Accounts on Foxit.com |
Password reset
Account takeover |
NA |
Jefferson Gonzales (@gonzxph) |
Bug Bounty | 2021-06-29 | 2023-06-13 |
2435 | Testing Cookies worth $500 |
Account takeover
IDOR |
NA |
Sankalpa Acharya (@sankalpa_02) |
Bug Bounty | 2021-06-30 | 2023-06-13 |
2423 | Account Takeovers — Believe the Unbelievable |
Account takeover
Session management issue
Weak credentials
Components with known vulnerabilities
Password reset |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-07-09 | 2023-06-13 |
2420 | Critical Bug Bounty Reports: Part 1 |
Account takeover
Password reset
RCE
Information disclosure |
NA |
Greg Gibson |
Bug Bounty | 2021-07-11 | 2023-06-13 |
2415 | Part 2: Dive into Zoom Applications |
CSRF
Account takeover
Information disclosure
Session expiration issue
Authorization flaw
Logic flaw |
Zoom |
Rakesh Thodupunoori (@rakesh_3895) |
Bug Bounty | 2021-07-13 | 2023-06-13 |
2402 | Account Takeover + A Bonus Vulnerability |
Account takeover
Session fixation |
NA |
Vikash Maurya |
Bug Bounty | 2021-07-18 | 2023-06-13 |
2392 | Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm |
Weak crypto |
NA |
Craig Hays (@craighays) |
Bug Bounty | 2021-07-22 | 2023-06-13 |
2384 | Bug Chain leads to Mass Account Takeover! |
Information disclosure
Password reset
Account takeover |
NA |
Shubhayu Majumdar (@shubhayu64) |
Bug Bounty | 2021-07-26 | 2023-06-13 |
2380 | You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures |
Password reset
Host header injection
CSRF
Account takeover |
NA |
Tommaso Innocenti (@innotommy) |
Bug Bounty | 2021-07-26 | 2023-06-13 |
2375 | Information Disclosure to Account Takeover |
Information disclosure
OAuth
Account takeover
Authentication bypass |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-07-28 | 2023-06-13 |