| 3077 | TikTok fixes privacy issue discovered by Check Point Research |
Information disclosure |
TikTok |
Eran Vaknin |
Bug Bounty | 2020-10-26 | 2023-06-13 |
| 3075 | The YouTube bug that allowed unlisted uploads to any channel |
IDOR
Information disclosure |
Google |
Ryan Kovatch |
Bug Bounty | 2020-10-27 | 2023-06-13 |
| 3063 | How i got 7000$ in Bug-Bounty for my Critical Finding. |
Information disclosure |
NA |
Kishan Kumar / Noobie BoY (@hst_kishan) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
| 3058 | Reveal the page admin that uploaded a video on the page in comment section |
Information disclosure
Logic flaw |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2020-11-02 | 2023-06-13 |
| 3054 | How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day |
Information disclosure |
Brave Software |
sickcodes (@sickcodes) |
Bug Bounty | 2020-11-05 | 2023-06-13 |
| 3038 | User’s private watched videos/saved videos exposed through a messenger call from a locked smartphone. |
Information disclosure
Authorization flaw |
Meta / Facebook |
Samip Aryal (@samiparyal_) |
Bug Bounty | 2020-11-13 | 2023-06-13 |
| 3037 | How a simple bug in Facebook Lite let me win my first bug bounty from Facebook |
Information disclosure |
Meta / Facebook |
Samip Aryal (@samiparyal_) |
Bug Bounty | 2020-11-13 | 2023-06-13 |
| 3035 | How I Found The Facebook Messenger Leaking Access Token Of Million Users |
Information disclosure |
Meta / Facebook |
Guhan Raja (@havocgwen) |
Bug Bounty | 2020-11-13 | 2023-06-13 |
| 3029 | Exploiting API with AuthToken |
Token leak
Information disclosure |
NA |
Rafi Ahamed (Leonidas D. Ace) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
| 3026 | Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data |
Information disclosure
Broken access control
IDOR
SQL injection |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
| 3023 | Stealing User’s PII info by visiting API endpoint directly |
Information disclosure
Logic flaw |
NA |
Kunal pandey (@kunalp94) |
Bug Bounty | 2020-11-16 | 2023-06-13 |
| 3018 | Server Side Misconfigurartion - A Funny Fix |
Information disclosure |
Basecamp |
Jerry Shah (@Jerry) |
Bug Bounty | 2020-11-18 | 2023-06-13 |
| 3005 | How images on Github will leak your private information |
Information disclosure |
GitHub |
fuomag9 (@fuomag9) |
Bug Bounty | 2020-11-24 | 2023-06-13 |
| 3000 | Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB |
Information disclosure
Account takeover |
NA |
DarkLotus (@darklotuskdb) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
| 2993 | Hacking — Always check out the Images |
Information disclosure |
GitLab |
Jack |
Bug Bounty | 2020-12-02 | 2023-06-13 |
| 2991 | Leaking Browser URL/Protocol Handlers |
Information disclosure |
Google
Microsoft
Mozilla |
Tabahi (@_tabahi) |
Bug Bounty | 2020-12-03 | 2023-06-13 |
| 2988 | Leaking Credit card Activity in logs? Yes Sir! |
Information disclosure |
NA |
Rody Shahnazarian (@Komradz86) |
Bug Bounty | 2020-12-03 | 2023-06-13 |
| 2968 | Confirm an email address belonging to a specific user |
Information disclosure |
Meta / Facebook |
abdellah yaala (@yaalaab) |
Bug Bounty | 2020-12-12 | 2023-06-13 |
| 2963 | How I hacked IBM and got full access on many services? |
Information disclosure |
IBM |
Abdullah Mohamed (@3bodymo_) |
Bug Bounty | 2020-12-16 | 2023-06-13 |
| 2962 | D-Link: Multiple Security Vulnerabilities Leading to RCE |
RCE
Authentication bypass
Information disclosure |
D-Link |
Harold Zang |
Bug Bounty | 2020-12-17 | 2023-06-13 |
| 2958 | Broken Access Control on samsung.com subdomain leads to Mass Account Takeover of Samsung employees application accounts |
Information disclosure
Account takeover
Authorization flaw |
Samsung |
Gal Nagli (@naglinagli) |
Bug Bounty | 2020-12-18 | 2023-06-13 |
| 2955 | Facebook bug Bounty -Finding the hidden members of the private events. |
Information disclosure
Logic flaw |
Meta / Facebook |
Vivek ps (@vivekps143) |
Bug Bounty | 2020-12-20 | 2023-06-13 |
| 2954 | This is how I was able to view anyone’s private email and birthday on Instagram |
Information disclosure
Logic flaw |
Meta / Facebook |
Saugat Pokharel (@saugatpk5) |
Bug Bounty | 2020-12-20 | 2023-06-13 |
| 2946 | Facebook page admin disclosure by "Message Seller" button (Bounty: 1500 USD) |
Information disclosure |
Meta / Facebook |
Shubham Bhamare (@theshubh77) |
Bug Bounty | 2020-12-26 | 2023-06-13 |
| 2941 | Facebook page admin disclosure by "Create doc" button (Bounty: 5000 USD) |
Information disclosure |
Meta / Facebook |
Shubham Bhamare (@theshubh77) |
Bug Bounty | 2020-12-28 | 2023-06-13 |
