| 2594 | How I was able to Retrieve your Personal Documents using the Wayback Machine! |
Privacy issue
Information disclosure |
NA |
Savir Suda (@savxiety) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
| 2593 | My first OOB XXE exploitation |
XXE |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
| 2592 | Facebook account takeover due to unsafe redirects after the OAuth flow |
OAuth
Open redirect
Account takeover |
Meta / Facebook |
Youssef Sammouda (@samm0uda) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
| 2591 | Password reset code brute-force vulnerability in AWS Cognito |
Password reset
Bruteforce
Rate limiting bypass
Account takeover |
AWS |
Pentagrid (@pentagridsec) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
| 2590 | How I got $400 for my first SSRF bug? |
SSRF |
NA |
Usama Varikkottil (@usama_dev) |
Bug Bounty | 2021-05-01 | 2023-06-13 |
| 2589 | How I found my first RCE? |
RCE |
NA |
ipanda (@ipanda915) |
Bug Bounty | 2021-05-01 | 2023-06-13 |
| 2588 | SSRF Through PDF Generation |
SSRF |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2021-05-01 | 2023-06-13 |
| 2587 | Chaining CSRF with XSS to deactivate Mass user accounts by single click |
CSRF
XSS |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-02 | 2023-06-13 |
| 2586 | Basic recon to RCE |
Insecure deserialization
RCE |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2021-05-02 | 2023-06-13 |
| 2585 | IDOR Leads To Leak Any Uber Eats Restaurant Analytics |
IDOR |
Uber |
Prial Islam Khan (@prial261) |
Bug Bounty | 2021-05-02 | 2023-06-13 |
| 2584 | Finding known exploits for bugbounties. |
RCE |
NA |
ipanda (@ipanda915) |
Bug Bounty | 2021-05-03 | 2023-06-13 |
| 2583 | Deep Dive into Open Source Bug Bounty |
CSRF |
NA |
Ritik Sahni (@ritiksahni22) |
Bug Bounty | 2021-05-03 | 2023-06-13 |
| 2582 | Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida |
RCE |
Valve |
Geebz (@Gbps111) |
Bug Bounty | 2021-05-04 | 2023-06-13 |
| 2581 | ExifTool CVE-2021-22204 - Arbitrary Code Execution |
RCE |
GitLab |
William Bowling / vakzz (@wcbowling) |
Bug Bounty | 2021-05-04 | 2023-06-13 |
| 2580 | XSS Through Parameter Pollution |
XSS
HTTP parameter pollution |
NA |
Saajan Bhujel (@saajanbhujel) |
Bug Bounty | 2021-05-05 | 2023-06-13 |
| 2579 | Injecting Punycode URL Within the Arbitrary Text via Comment Box In Google Photo Sharing Option |
HTML injection |
Google |
Divyanshu Shukla (@justm0rph3u5) |
Bug Bounty | 2021-05-05 | 2023-06-13 |
| 2578 | XSS Through Parameter Pollution |
Open redirect
XSS
HTTP parameter pollution |
NA |
Saajan Bhujel (@saajanbhujel11) |
Bug Bounty | 2021-05-05 | 2023-06-13 |
| 2577 | How I Found Sql Injection on intensedebate.com (h1) in 5 minute $350 |
SQL injection |
Automattic |
Ahmad A Abdulla (@lu3ky13) |
Bug Bounty | 2021-05-05 | 2023-06-13 |
| 2575 | How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit |
RCE |
Google |
- |
Bug Bounty | 2021-05-05 | 2023-06-13 |
| 2574 | CVE-2021-1815 – MacOS Local Privilege Escalation Via Preferences |
Local Privilege Escalation |
Apple |
Offensive Security (@offsectraining) |
Bug Bounty | 2021-05-06 | 2023-06-13 |
| 2572 | Apple Bug bounty writeups XSS(2021) |
XSS |
Apple |
Takashi Suzuki |
Bug Bounty | 2021-05-07 | 2023-06-13 |
| 2571 | Workplace by Facebook | Unauthorized access to companies environment — $27,5k |
Authorization flaw
Logic flaw
IDOR |
Meta / Facebook |
Marcos Ferreira (@mvinni_) |
Bug Bounty | 2021-05-07 | 2023-06-13 |
| 2570 | Microsoft bug bounty writeup |
Information disclosure |
Microsoft |
th3.d1p4k (@DipakPanchal05) |
Bug Bounty | 2021-05-08 | 2023-06-13 |
| 2569 | Unauthorized access to Django Admin Dashboard by endpoint leaked on GitHub |
Missing authentication
Forced browsing |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-10 | 2023-06-13 |
| 2568 | Exploiting Activity in medium android app |
Insecure intent
Android |
Medium |
Raju kumar (@MrCyberwarrior) |
Bug Bounty | 2021-05-10 | 2023-06-13 |
