| 4189 | Ssrf to Read Local Files and Abusing the AWS metadata |
SSRF |
NA |
Pratik Yadav (@PratikY9967) |
Bug Bounty | 2019-04-21 | 2023-06-13 |
| 4187 | [XSS] Reflected XSS Bypass Filter |
Reflected XSS |
NA |
Mohamed Sayed (@FlEx0Geek) |
Bug Bounty | 2019-04-23 | 2023-06-13 |
| 4186 | Yet Other Examples of Abusing CSRF in Logout |
CSRF |
NA |
Soroush Dalili (@irsdl) |
Bug Bounty | 2019-04-23 | 2023-06-13 |
| 4182 | A picture that steals data |
Information disclosure |
NA |
Sergey Kashatov (@iframe0x01) |
Bug Bounty | 2019-04-24 | 2023-06-13 |
| 4181 | CSRF Attack can lead to Stored XSS |
CSRF
Stored XSS |
NA |
Mohamed Sayed (@FlEx0Geek) |
Bug Bounty | 2019-04-25 | 2023-06-13 |
| 4180 | The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise! |
LFI
SSRF
WAF bypass
Cloudflare bypass |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-04-25 | 2023-06-13 |
| 4179 | Stealing local storage data through XSS |
Stored XSS
Account takeover |
NA |
Harshad Gaikwad (@h4rsh4d) |
Bug Bounty | 2019-04-25 | 2023-06-13 |
| 4175 | How to bypass a 2FA with a HTTP header |
MFA bypass |
NA |
Yumi |
Bug Bounty | 2019-04-26 | 2023-06-13 |
| 4174 | Denial of Service using Cookie Bombing |
DoS
Cookie bomb |
NA |
Ronak Patel (@ronak_9889) |
Bug Bounty | 2019-04-26 | 2023-06-13 |
| 4173 | "CI Knew There Would Be Bugs Here" — Exploring Continuous Integration Services as a Bug Bounty Hunter |
Information disclosure
CI/CD |
NA |
EdOverflow (@EdOverflow) |
Bug Bounty | 2019-04-26 | 2023-06-13 |
| 4169 | From Reflected XSS to Account Takeover — Showing XSS Impact |
Reflected XSS
Account takeover |
NA |
A Bug’z Life (@abugzlife1) |
Bug Bounty | 2019-04-30 | 2023-06-13 |
| 4162 | ESI Injection Part 2: Abusing specific implementations |
ESI injection
RCE
SSRF
HTTP header injection |
NA |
Philippe Arteau (@h3xstream) |
Bug Bounty | 2019-05-02 | 2023-06-13 |
| 4161 | Server Side Request Forgery(SSRF){port issue hidden approch } |
SSRF |
NA |
Deepak Holani (@w_hat_boy) |
Bug Bounty | 2019-05-03 | 2023-06-13 |
| 4159 | SQL injection through User-Agent |
SQL injection |
NA |
fr0stNuLL |
Bug Bounty | 2019-05-08 | 2023-06-13 |
| 4158 | 4x CSRFs Chained For Company Account Takeover |
CSRF
Account takeover |
NA |
A Bug’z Life (@abugzlife1) |
Bug Bounty | 2019-05-08 | 2023-06-13 |
| 4155 | Think Outside the Scope: Advanced CORS Exploitation Techniques |
CORS misconfiguration |
NA |
Ayoub (@sandh0t) |
Bug Bounty | 2019-05-14 | 2023-06-13 |
| 4153 | You do not need to run 80 reconnaissance tools to get access to user accounts |
Open redirect |
NA |
Stefano Vettorazzi (@stefanohablando) |
Bug Bounty | 2019-05-15 | 2023-06-13 |
| 4152 | From parameter pollution to XSS |
HTTP parameter pollution
XSS |
NA |
Mo%27men Basel |
Bug Bounty | 2019-05-16 | 2023-06-13 |
| 4147 | A base64 encoded parameter. |
HTML injection |
NA |
Navneet (@na5n33t) |
Bug Bounty | 2019-05-19 | 2023-06-13 |
| 4146 | Open-redirect to Account Takeover. |
Open redirect
Account takeover |
NA |
Rishabh (@____cypher____) |
Bug Bounty | 2019-05-19 | 2023-06-13 |
| 4144 | Leaking OpenID tokens with “ — the bug right infront of you |
OpenID Connect
Open redirect
Token leak |
NA |
Zseano (@zseano) |
Bug Bounty | 2019-05-21 | 2023-06-13 |
| 4142 | Google Adwords(Privilege Escalation): Read-only user able to add YouTube channels via Linked accounts |
Privilege escalation
Authorization flaw |
Google |
Family guy |
Bug Bounty | 2019-05-21 | 2023-06-13 |
| 4139 | How I acquired $XXX bounty by investing 99 cents |
Logic flaw |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 4137 | Security assessment on the staging domains |
Missing authentication |
NA |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 4136 | From file upload to email:pass |
Unrestricted file upload |
NA |
fr0stNuLL |
Bug Bounty | 2019-05-24 | 2023-06-13 |
