| 5044 | Making an XSS triggered by CSP bypass on Twitter. |
XSS
CSP bypass |
Twitter |
tbmnull |
Bug Bounty | 2017-07-06 | 2023-06-13 |
| 5043 | WhatsApp — DoS Vulnerability In iOS & Android |
DoS |
Meta / Facebook |
Vishnuraj |
Bug Bounty | 2017-07-07 | 2023-06-13 |
| 5042 | Managed Apps and Music: a tale of two XSSes in Google Play |
XSS |
Google |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-07-07 | 2023-06-13 |
| 5041 | Medium Content Spoofing Leads to XSS |
Content spoofing
Stored XSS |
Medium |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2017-07-08 | 2023-06-13 |
| 5040 | Coinbase AngularJS DOM XSS via Kiteworks |
DOM XSS |
Coinbase |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2017-07-08 | 2023-06-13 |
| 5039 | How a simple IDOR become a $4K User Impersonation vulnerability |
IDOR |
NA |
Shahmeer Amir (@Shahmeer_Amir) |
Bug Bounty | 2017-07-08 | 2023-06-13 |
| 5038 | XSS by tossing cookies |
XSS
Cookie tossing |
Microsoft
Twitter |
WeSecureApp (@wesecureapp) |
Bug Bounty | 2017-07-10 | 2023-06-13 |
| 5037 | How we tookover shopify accounts with one single click |
Stored XSS |
Shopify |
WeSecureApp (@wesecureapp) |
Bug Bounty | 2017-07-10 | 2023-06-13 |
| 5036 | Fabric.io API permission apocalypse – Privilege Escalations |
Authorization flaw
Account takeover |
Twitter |
WeSecureApp (@wesecureapp) |
Bug Bounty | 2017-07-10 | 2023-06-13 |
| 5035 | Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information |
IDOR
Account takeover |
NA |
Zseano (@zseano) |
Bug Bounty | 2017-07-13 | 2023-06-13 |
| 5034 | How to find internal subdomains? YQL, Yahoo! and bug bounty. |
Information disclosure |
Yahoo! / Verizon Media |
Wojciech |
Bug Bounty | 2017-07-16 | 2023-06-13 |
| 5033 | ctrl+c & ctrl+v to Steal SESSIONID |
Clickjacking |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-18 | 2023-06-13 |
| 5032 | IDOR While Connecting Social Account in Hackster.io |
IDOR |
Hackster.io |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-18 | 2023-06-13 |
| 5031 | Stealing Access Token of One-drive Integration By Chaining CSRF Vulnerability |
OAuth
CSRF |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-18 | 2023-06-13 |
| 5030 | Exploiting Misconfigured CORS on popular BTC Site |
CORS misconfiguration |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-19 | 2023-06-13 |
| 5029 | Xss using dynamically generated js file |
XSS |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-19 | 2023-06-13 |
| 5028 | That Escalated Quickly : From partial CSRF to reflected XSS to complete CSRF to Stored XSS |
CSRF
Reflected XSS
Stored XSS |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2017-07-19 | 2023-06-13 |
| 5027 | Business Logic Vulnerabilities Series: A brief on Abusing Invitation Systems |
Logic flaw |
Meta / Facebook |
Ali Kabeel |
Bug Bounty | 2017-07-19 | 2023-06-13 |
| 5026 | Self XSS to Good XSS Clickjacking |
XSS
Clickjacking |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-20 | 2023-06-13 |
| 5025 | Race Condition bypassing team limit |
Race condition |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-20 | 2023-06-13 |
| 5024 | Missing Authorization check in Facebook Pages Manager |
Authorization flaw |
Meta / Facebook |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-20 | 2023-06-13 |
| 5023 | How i was able to bypass strong xss protection in well known website. (imgur.com) |
XSS |
Imgur |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2017-07-21 | 2023-06-13 |
| 5022 | May the Shells be with You - A Star Wars RCE Adventure! |
RCE |
NA |
Andy Gill (@ZephrFish) |
Bug Bounty | 2017-07-22 | 2023-06-13 |
| 5021 | pen Redirect In Flock | My First Swag pack |
Open redirect |
Flock |
Noman Shaikh (@nomanali181) |
Bug Bounty | 2017-07-24 | 2023-06-13 |
| 5020 | Stored XSS on Rockstar Game |
XSS |
Rockstar Games |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-07-26 | 2023-06-13 |
