| 2515 | Escalating SSRF to Accessing all user PII information by aws metadata |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-05-31 | 2023-06-13 |
| 2514 | AppCache%27s forgotten tales |
Browser hacking |
Google (Chrome) |
Luan Herrera (@lbherrera_) |
Bug Bounty | 2021-05-31 | 2023-06-13 |
| 2513 | Facebook Page Admin Disclosure |
Information disclosure |
Meta / Facebook |
Kunjan Nayak (@kunjannayak5) |
Bug Bounty | 2021-05-31 | 2023-06-13 |
| 2512 | CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads |
CRLF injection |
Synology |
Justin Taft |
Bug Bounty | 2021-06-01 | 2023-06-13 |
| 2511 | Escalating SSRF to Accessing all user PII information by aws metadata |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-06-01 | 2023-06-13 |
| 2510 | Admin Panel? Pwned! |
Information disclosure
Hardcoded credentials |
NA |
Splintersec (@splint3rsec) |
Bug Bounty | 2021-06-02 | 2023-06-13 |
| 2509 | Huawei LTE USB Stick E3372: From File Overwrite to Code Execution |
Local Privilege Escalation |
Huawei |
Martin Rakhmanov (@mrakhmanov) |
Bug Bounty | 2021-06-02 | 2023-06-13 |
| 2508 | Exploiting Open Redirect - Whitelist Bypass Using Salesforce Environment |
Open redirect
Token theft
Salesforce |
NA |
Gaurav Nayak (@4auvar) |
Bug Bounty | 2021-06-02 | 2023-06-13 |
| 2507 | XSS in the AWS Console |
XSS
CSP bypass
CSTI |
AWS |
Nick Frichette (@frichette_n) |
Bug Bounty | 2021-06-02 | 2023-06-13 |
| 2506 | Bypassing LFI (Local File Inclusion) |
LFI |
NA |
Abhishek (@abhishake21) |
Bug Bounty | 2021-06-03 | 2023-06-13 |
| 2505 | Server Side Request Forgery - A Forged Document |
SSRF
File upload |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-06-03 | 2023-06-13 |
| 2504 | Android: Exploring vulnerabilities in WebResourceResponse |
Arbitrary file read
Android |
Amazon |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-06-03 | 2023-06-13 |
| 2503 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #3 |
Broken Access Control |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-06-04 | 2023-06-13 |
| 2502 | 403 Forbidden Bypass |
OTP bypass
Exposed registration page
XSS |
NA |
th3.d1p4k (@DipakPanchal05) |
Bug Bounty | 2021-06-04 | 2023-06-13 |
| 2501 | Executing CSRF With Phone Validation |
CSRF |
NA |
Greg Gibson |
Bug Bounty | 2021-06-04 | 2023-06-13 |
| 2500 | Pop-Ups in a good-world |
XSS |
Imgur |
Guilherme Keerok (@k33r0k) |
Bug Bounty | 2021-06-04 | 2023-06-13 |
| 2499 | Shopify Multipass Misconfiguration |
Authentication flaw
Logic flaw |
NA |
Ahmed A. Sherif |
Bug Bounty | 2021-06-05 | 2023-06-13 |
| 2498 | How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-06-06 | 2023-06-13 |
| 2497 | How I could have accessed all your private videos/photos saved inside your device without even unlocking it? |
Authorization flaw
Logic flaw |
Meta / Facebook |
Samip Aryal (@samiparyal_) |
Bug Bounty | 2021-06-06 | 2023-06-13 |
| 2496 | Story of my first cash bounty on hackerone. |
SSRF
XSS |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2021-06-07 | 2023-06-13 |
| 2495 | Joomla Password Reset Vulnerability And A Stored XSS For Full Compromise |
Password reset
Stored XSS
Privilege escalation
RCE
Security code review |
NA |
Adrian Tiron (@Adrian__T) |
Bug Bounty | 2021-06-07 | 2023-06-13 |
| 2494 | How i was able to bypass parental pin of showmax |
Authorization flaw |
Showmax |
abdulsec (@moodiAbdoul) |
Bug Bounty | 2021-06-09 | 2023-06-13 |
| 2493 | Author spoofing in Google Colaboratory |
Logic flaw |
Google |
Zohar Shachar |
Bug Bounty | 2021-06-09 | 2023-06-13 |
| 2492 | Unexpected IDOR Vulnerability in [REDACTED] - [redacted].net (Write Up) |
IDOR |
NA |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2021-06-10 | 2023-06-13 |
| 2491 | Second Order Race Condition |
Race condition |
NA |
Prasoon Gupta (@0xdekster) |
Bug Bounty | 2021-06-10 | 2023-06-13 |
