| 4941 | Local File Read via XSS in Dynamically Generated PDF |
XSS
LFI |
NA |
Rahul Maini (@iamnoooob) |
Bug Bounty | 2017-11-08 | 2023-06-13 |
| 4940 | How to delete all company progress by one "rm" command in AWS s3 Buckets |
AWS misconfiguration |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2017-11-09 | 2023-06-13 |
| 4939 | Stealing bitcoin wallet backups from blockchain.info |
Logic flaw |
Blockchain.info |
Shashank (@cyberboyIndia) |
Bug Bounty | 2017-11-11 | 2023-06-13 |
| 4938 | From Recon to DOM-Based XSS |
DOM XSS |
NA |
Abdelfattah Ibrahim |
Bug Bounty | 2017-11-11 | 2023-06-13 |
| 4937 | How I Pwned a company using IDOR & Blind XSS |
IDOR
Blind XSS |
NA |
Osama Ansari (@AnsariOsama10) |
Bug Bounty | 2017-11-15 | 2023-06-13 |
| 4936 | How signing up for an account with an @company.com email can have unexpected results |
Logic flaw |
NA |
Zseano (@zseano) |
Bug Bounty | 2017-11-15 | 2023-06-13 |
| 4935 | Bypassing Crossdomain Policy and Hit Hundreds of Top Alexa Sites |
CSRF |
NA |
Ak1T4 (@akita_zen) |
Bug Bounty | 2017-11-16 | 2023-06-13 |
| 4933 | SQL in everywhere. |
SQL injection |
NA |
Utkarsh Agrawal (@agrawalsmart7) |
Bug Bounty | 2017-11-16 | 2023-06-13 |
| 4932 | JWT Refresh Token Manipulation |
JWT
Authentication bypass
Account takeover |
NA |
Mikail Tunç (@emtunc) |
Bug Bounty | 2017-11-16 | 2023-06-13 |
| 4931 | Transforming a Domain into the Matrix (an open redirect story) |
Open redirect |
NA |
Ak1T4 (@akita_zen) |
Bug Bounty | 2017-11-17 | 2023-06-13 |
| 4930 | Account Take Over Vulnerability in Google acquisition [Famebit] |
CSRF |
Google |
Hassan Khan Yusufzai |
Bug Bounty | 2017-11-17 | 2023-06-13 |
| 4929 | VMware Official VCDX Reflected XSS |
Reflected XSS |
VMware |
Honc (@honcbb) |
Bug Bounty | 2017-11-19 | 2023-06-13 |
| 4928 | Amazon Bypass Open Redirect |
Open redirect |
Amazon |
Honc (@honcbb) |
Bug Bounty | 2017-11-19 | 2023-06-13 |
| 4927 | UBER Wildcard Subdomain Takeover | BugBounty POC |
Subdomain takeover |
Uber |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2017-11-20 | 2023-06-13 |
| 4926 | Taking note: XSS to RCE in the Simplenote Electron client |
XSS
RCE |
Automattic |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-11-22 | 2023-06-13 |
| 4925 | Story of bypassing Referer Header to make open redirect |
Open redirect |
NA |
Mohammed Eldeeb (@malcolmx0x) |
Bug Bounty | 2017-11-22 | 2023-06-13 |
| 4924 | Image removal vulnerability in Facebook polling feature |
IDOR |
Meta / Facebook |
Pouya Darabi (@Pouyadarabi) |
Bug Bounty | 2017-11-25 | 2023-06-13 |
| 4923 | Tricky CORS Bypass in Yahoo! View |
CORS misconfiguration |
Yahoo! / Verizon Media |
Corben Leo (@hacker_) |
Bug Bounty | 2017-11-27 | 2023-06-13 |
| 4922 | SQL Injection in rog.asus.com |
SQL injection
Security code review |
Asus |
Corben Leo (@hacker_) |
Bug Bounty | 2017-11-30 | 2023-06-13 |
| 4921 | LFI to Command Execution: Deutche Telekom Bug Bounty |
LFI
RCE |
Deutche Telekom |
Daniel Maksimovic |
Bug Bounty | 2017-11-30 | 2023-06-13 |
| 4920 | DEV XSS Protection bypass made my quickest bounty ever!! |
XSS |
NA |
Yeasir Arafat |
Bug Bounty | 2017-12-03 | 2023-06-13 |
| 4919 | Getting a RCE — CTF Way |
RCE |
NA |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-12-05 | 2023-06-13 |
| 4918 | How I Was Able To See The Bounty Balance Of Any Bug Bounty Program In HackerOne |
Logic flaw |
HackerOne |
Cj Legacion (@LegacionCj) |
Bug Bounty | 2017-12-06 | 2023-06-13 |
| 4917 | Bug Bounty: Fastmail |
Blind SSRF
Blind XXE |
Fastmail |
Brian Hyde (@0xHyde) |
Bug Bounty | 2017-12-08 | 2023-06-13 |
| 4916 | Using App Ads Helper as an Analytic User |
Authorization flaw |
Meta / Facebook |
Joshua Regio |
Bug Bounty | 2017-12-09 | 2023-06-13 |
