| 4993 | Reflected XSS in Yahoo! |
Reflected XSS |
Yahoo! / Verizon Media |
Shahzada AL Shahriar Khan (@TheShahzada) |
Bug Bounty | 2017-08-31 | 2023-06-13 |
| 4992 | Stealing 0Auth Token (MITM) |
OAuth |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-09-01 | 2023-06-13 |
| 4991 | My write up about UBER Cross-site scripting by help of KNOXSS |
Reflected XSS |
Uber |
Emad Shanab (@Alra3ees) |
Bug Bounty | 2017-09-02 | 2023-06-13 |
| 4990 | Don’t just alert(1) , Because XSS is for fun…!! |
XSS |
Optimizely |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2017-09-02 | 2023-06-13 |
| 4989 | IDOR on HackerOne Hacker Review “What Program Say” |
IDOR |
HackerOne |
Japz Divino (@japzdivino) |
Bug Bounty | 2017-09-02 | 2023-06-13 |
| 4988 | How I found Reflective XSS in Yahoo Subdomain |
Reflected XSS |
Yahoo! / Verizon Media |
Syntax Error (@SYNTAXERRORBA) |
Bug Bounty | 2017-09-03 | 2023-06-13 |
| 4987 | Reflective XSS and Open Redirect on Indeed.com subdomain |
Reflected XSS
Open redirect |
Indeed |
Syntax Error (@SYNTAXERRORBA) |
Bug Bounty | 2017-09-04 | 2023-06-13 |
| 4986 | Phishing with history.back() open redirect |
Open redirect |
NA |
Brian Hyde (@0xHyde) |
Bug Bounty | 2017-09-09 | 2023-06-13 |
| 4985 | Bypassing Facebook Profile Picture Guard Security. |
Authorization flaw |
Meta / Facebook |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2017-09-09 | 2023-06-13 |
| 4984 | How I hacked hundreds of companies through their helpdesk |
Ticket Trick
Logic flaw |
GitLab
Slack
Yammer
Kayako
Zendesk |
Inti De Ceukelaire (@securinti) |
Bug Bounty | 2017-09-10 | 2023-06-13 |
| 4982 | Stored XSS] with arbitrary cookie installation |
XSS |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-09-17 | 2023-06-13 |
| 4981 | Chaining Self XSS with UI Redressing is Leading to Session Hijacking (PWN users like a boss) |
Self-XSS
Clickjacking |
NA |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2017-09-18 | 2023-06-13 |
| 4980 | Story of a Parameter Specific XSS! |
XSS |
NA |
Rahul Maini (@iamnoooob) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4979 | Exploiting a Single Request for Multiple Vulnerabilities |
Stored XSS
Reflected XSS
SSRF
OS command injection |
NA |
Osama Ansari (@AnsariOsama10) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4978 | First bounty, time to step up my game |
Same Origin Method Execution |
NA |
Roderick Schaefer (@kciredor_) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4977 | Multiple vulnerabilities in Oracle EBS |
SQL injection
XXE
XSS |
NA |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4976 | All About Hackerone Private Program Terapeak |
IDOR
Reflected XSS |
Terapeak |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2017-09-20 | 2023-06-13 |
| 4975 | This domain is my domain — G Suite A record vulnerability |
Domain takeover |
Google
Uber |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-09-21 | 2023-06-13 |
| 4974 | Luminate Internal Privilege Escalation — Admin to Owner |
Authorization flaw |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-09-21 | 2023-06-13 |
| 4973 | Stored XSS to Full Information disclosure |
Stored XSS |
Terapeak |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2017-09-21 | 2023-06-13 |
| 4972 | IDOR – Execute JavaScript into anyone account |
IDOR
Stored XSS |
Terapeak |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2017-09-21 | 2023-06-13 |
| 4971 | How i bypassed Practo’s firewall and triggered a XSS. |
XSS |
Practo |
Vipin Chaudhary (@vipinxsec) |
Bug Bounty | 2017-09-23 | 2023-06-13 |
| 4970 | 900$ XSS in yahoo ( Recon Wins ) |
XSS |
Yahoo! / Verizon Media |
Th3G3nt3lman (@Th3G3nt3lman) |
Bug Bounty | 2017-09-24 | 2023-06-13 |
| 4969 | Filter Bypass to Reflected XSS on https://finance.yahoo.com (mobile version) |
Reflected XSS |
Yahoo! / Verizon Media |
Samuel (@saamux) |
Bug Bounty | 2017-09-24 | 2023-06-13 |
| 4968 | Device Authorization Bypass! |
Authorization flaw |
NA |
Hassan Khan Yusufzai |
Bug Bounty | 2017-09-25 | 2023-06-13 |
