2490 | Two weeks of securing Samsung devices: Part 1 |
Arbitrary file write
Insecure intent
Android |
Samsung |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-06-10 | 2023-06-13 |
2489 | Bypassing 2FA using OpenID Misconfiguration |
MFA bypass
Authentication flaw |
NA |
Youstin (@iustinBB) |
Bug Bounty | 2021-06-11 | 2023-06-13 |
2488 | How I was able to bypass the admin panel without the credentials. |
Information disclosure |
NA |
Pratikkhalane (@KhalanePratik) |
Bug Bounty | 2021-06-12 | 2023-06-13 |
2487 | How I found the silliest logical vulnerability for $750 that no one found for 3 years |
Logic flaw |
NA |
Sina Kheirkhah (@SinSinology) |
Bug Bounty | 2021-06-12 | 2023-06-13 |
2486 | Story of Account Takeover : Using Social Login with Mass Assignment Vulnerability to hack accounts ! |
Mass assignment
Account takeover |
NA |
Mohammad Kaif |
Bug Bounty | 2021-06-13 | 2023-06-13 |
2485 | [Google VRP] Privilege escalation on https://dialogflow.cloud.google.com |
Authorization flaw
Logic flaw |
Google |
lalka (@0x01alka) |
Bug Bounty | 2021-06-13 | 2023-06-13 |
2483 | An exciting journey to find SSRF , Bypass Cloudflare , and extract AWS metadata ! |
SSRF |
NA |
hosein vita (@HoseinVita) |
Bug Bounty | 2021-06-13 | 2023-06-13 |
2482 | Blind Command Injection - It hurts |
Command injection
RCE |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-06-14 | 2023-06-13 |
2481 | Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs |
postMessage
Token leak |
Microsoft |
Evan Grant (@stargravy) |
Bug Bounty | 2021-06-14 | 2023-06-13 |
2480 | Exploiting outdated Apache Airflow instances |
Session management issue |
NA |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2021-06-14 | 2023-06-13 |
2479 | Importance of burp history analysis to bypass 403 |
403 bypass |
NA |
Vuk Ivanovic |
Bug Bounty | 2021-06-15 | 2023-06-13 |
2478 | This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them |
IDOR
GraphQL |
NA |
Mayur Fartade (@mayurfartade) |
Bug Bounty | 2021-06-15 | 2023-06-13 |
2477 | How We Are Able To Hack Any Company By Sending Message – $20,000 Bounty [CVE-2021–34506] |
Universal XSS |
Microsoft |
Shivam Kumar Singh (@MrRajputHacker) |
Bug Bounty | 2021-06-15 | 2023-06-13 |
2476 | Authentication Bypass | Easy P1 in 10 minutes |
Authentication bypass
Forced browsing |
NA |
Anirudh Makkar (@anirudhmakkar) |
Bug Bounty | 2021-06-16 | 2023-06-13 |
2475 | One-click DOS via Response Manipulation |
Logic flaw |
NA |
Akhil |
Bug Bounty | 2021-06-16 | 2023-06-13 |
2474 | Story of Google Hall of Fame and Private program bounty worth $$$$ |
Exposed registration page |
Google |
Basavaraj Banakar (@basu_banakar) |
Bug Bounty | 2021-06-16 | 2023-06-13 |
2473 | Part-1 Dive into Zoom Applications |
CSRF
Payment bypass
Logic flaw
Account takeover
Privilege escalation |
Zoom |
Rakesh Thodupunoori (@rakesh_3895) |
Bug Bounty | 2021-06-16 | 2023-06-13 |
2472 | Why dynamic code loading could be dangerous for your apps: a Google example |
Arbitrary file write
Insecure intent
Android |
Google |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-06-17 | 2023-06-13 |
2471 | Crashing your LinkedIn app with a connection request. |
Application-level DoS |
LinkedIn |
Renganathan (@IamRenganathan) |
Bug Bounty | 2021-06-17 | 2023-06-13 |
2470 | HTML Injection and a dream in Google Chrome for Linux (Write Up) |
HTML injection |
Google |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2021-06-17 | 2023-06-13 |
2469 | Certified Pre-Owned |
Active Directory Privilege Escalation
ADCS
Windows |
Microsoft |
Will Schroeder (@harmj0y) |
Bug Bounty | 2021-06-17 | 2023-06-13 |
2468 | How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506] |
Universal XSS |
Microsoft |
Vansh Devgan (@Th3Pr0xyB0y) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
2467 | M1 Macs GateKeeper bypass aka CVE-2021-30658 |
Local Privilege Escalation |
Apple |
Wojciech Reguła (@_r3ggi) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
2466 | Account takeover via stored XSS with arbitrary file upload |
Insecure file upload
XSS
Account takeover |
NA |
0xbadb00da (@0xbadb00da) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
2465 | Accessing Restricted Documents With Extra JSON Body Content |
Mass assignment
Authorization flaw |
NA |
Imran Huda (@imranHudaA) |
Bug Bounty | 2021-06-18 | 2023-06-13 |