| 2281 | ATO of WordPress Website “4 digits €€€€ Bounty in 5 Minute!” |
Exposed registration page
Account takeover |
NA |
Ritesh Gohil (@RiteshG37659480) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
| 2280 | What would you do if Oracle’s mailing server sent you this? |
HTML injection |
Oracle |
I am Broot |
Bug Bounty | 2021-08-29 | 2023-06-13 |
| 2279 | Hunting for XSS with CodeQL |
XSS |
GitLab |
Daniel Santos (@bananabr) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
| 2278 | How MarkMonitor left >60,000 domains for the taking |
Subdomain takeover |
NA |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
| 2277 | Two account takeover bugs worth $4300 🎁 |
Account takeover
Privilege escalation
403 bypass
IDOR |
NA |
Usama Varikkottil (@usama_dev) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
| 2276 | I owe your Request | HTTP Request Smuggling leads to Full Accounts takeover |
HTTP Request Smuggling |
NA |
Muhammad Adel (@ItsFadinG_) |
Bug Bounty | 2021-08-30 | 2023-06-13 |
| 2275 | Proxytoken: An Authentication Bypass In Microsoft Exchange Server |
Authentication bypass |
Microsoft |
Xuan Tuyen |
Bug Bounty | 2021-08-30 | 2023-06-13 |
| 2274 | CVE-2021-39165: A Bug Bounty Journey from a Laravel SQL Injection Vulnerability |
SQL injection |
NA |
Xuan Tuyen |
Bug Bounty | 2021-08-30 | 2023-06-13 |
| 2273 | Broken Access Control Leads To Change Of Admin Details |
Privilege escalation
Client-side enforcement of server-side security |
NA |
V3D (@v3d_bug) |
Bug Bounty | 2021-08-31 | 2023-06-13 |
| 2272 | Bypassing 2-Factor Authentication for Facebook Business Manager (Bounty: 1000 USD) |
MFA bypass |
Meta / Facebook |
Shubham Bhamare (@theshubh77) |
Bug Bounty | 2021-08-31 | 2023-06-13 |
| 2271 | Dropping root shell in a Crypto Exchange for Fun and Profitn%27t |
RCE |
ChangeNOW |
Nirmal Thapa (@tnirmalz) |
Bug Bounty | 2021-08-31 | 2023-06-13 |
| 2270 | Full PoC | Metasploit Pro Trial License Request Limit Bypass |
Privilege escalation
Logic flaw |
Rapid7 |
ChooK |
Bug Bounty | 2021-08-31 | 2023-06-13 |
| 2269 | Now Patched Vulnerability in WhatsApp could have led to data exposure of users |
Memory corruption |
Meta / Facebook |
Dikla Barda |
Bug Bounty | 2021-09-01 | 2023-06-13 |
| 2268 | SQL injection in harvard subdomain |
SQL injection |
Harvard University |
Brandon Roldan (@tomorrowisnew_) |
Bug Bounty | 2021-09-01 | 2023-06-13 |
| 2267 | CVE-2021-2429: A Heap-based Buffer Overflow Bug In The Mysql Innodb Memcached Plugin |
Memory corruption |
Oracle (MySQL) |
- |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2266 | Hacking Dutch Government For a lousy T-shirt |
IDOR
Information disclosure |
Dutch Government |
Veshraj Ghimire (@GhimireVeshraj) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2265 | How I Found Multiple XSS in Hidden Legacy Pages |
XSS |
NA |
Marx Chryz |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2264 | chaining bugs from self XSS to account takeover |
Self-XSS
WAF bypass
CSRF
Account takeover |
NA |
Behnam Yazdanpanah (@abhiunix) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2263 | Breaking Application’s Logic to DOS Attack |
IDOR
DoS |
NA |
Abhijeet Singh (@abhiunix) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2262 | SQL injection in harvard subdomain |
XSS
SQL injection |
Harvard University |
Brandon Roldan (@tomorrowisnew_) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2261 | Your Vulnerability Is In Another OEM! |
Memory corruption
RCE |
Western Digital |
Lucas Georges |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2259 | RCE By Code Injection | Perl Reverse Shell |
RCE
Code injection |
NA |
Abdulrahman-Kamel |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2258 | Play the music and bypass TCC aka CVE-2020-29621 |
Privacy issue
MacOS |
Apple |
Wojciech Reguła (@_r3ggi) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2257 | Google Cloud Build — under the hood |
gRPC |
Google |
Imre Rad (@ImreRad) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
| 2256 | IDOR Vulnerability In GraphQL Api On Website |
IDOR
GraphQL |
NA |
Aidil Arief |
Bug Bounty | 2021-09-03 | 2023-06-13 |
