| 4135 | Multiple API issues due to Fixed Authorization token. |
Authorization flaw |
NA |
Mustafa Khan (@by6153) |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 4133 | How did I bypass a Custom Brute Force protection and why that solution is not a good idea? |
Bruteforce
Authentication flaw |
NA |
dortz |
Bug Bounty | 2019-05-25 | 2023-06-13 |
| 4132 | An unexploited CORS misconfiguration reflecting further issues. |
CORS misconfiguration |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2019-05-27 | 2023-06-13 |
| 4130 | Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS #bugbounty |
Stored XSS
MIME sniffing |
NA |
HackerOn2Wheels (@HackerOn2Wheels) |
Bug Bounty | 2019-05-30 | 2023-06-13 |
| 4129 | My First CSRF to Account Takeover worth $750 |
CSRF
Account takeover |
NA |
Nishant Saurav (@inishantsinha) |
Bug Bounty | 2019-05-30 | 2023-06-13 |
| 4127 | Story of a uri based xss with some simple google dorking |
XSS |
NA |
Jatin Aesthetic (@techyfreakk) |
Bug Bounty | 2019-06-02 | 2023-06-13 |
| 4126 | The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise |
SSRF
RFI |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-06-02 | 2023-06-13 |
| 4124 | Simple PathTraversal bypass |
Path traversal |
NA |
fr0stNuLL |
Bug Bounty | 2019-06-03 | 2023-06-13 |
| 4123 | Chaining multiple low-impact bugs to arbitrary file read in GitLab |
Path traversal |
GitLab |
Li Rongxi (@nyan_gawa) |
Bug Bounty | 2019-06-04 | 2023-06-13 |
| 4122 | REMOTE CODE EXECUTION ! 😜 Recon Wins |
RCE |
NA |
Vishnuraj |
Bug Bounty | 2019-06-04 | 2023-06-13 |
| 4120 | Unicode vs WAF — XSS WAF Bypass |
XSS |
NA |
Prial Islam Khan (@prial261) |
Bug Bounty | 2019-06-05 | 2023-06-13 |
| 4118 | How I was able to get private ticket response panel and FortiGate web panel via blind XSS |
Blind XSS |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2019-06-06 | 2023-06-13 |
| 4116 | IDOR Leads To Project Takeover |
IDOR |
NA |
Hariharan.s (@DJHARIZ1) |
Bug Bounty | 2019-06-09 | 2023-06-13 |
| 4115 | Account takeover using IDOR and the misleading case of error 403. |
IDOR |
NA |
Plenum (@plenumlab) |
Bug Bounty | 2019-06-11 | 2023-06-13 |
| 4114 | Facebook Vulnerability: Non-unfriendable user in /hacked workflow |
Logic flaw |
Meta / Facebook |
Ritish Kumar Singh |
Bug Bounty | 2019-06-11 | 2023-06-13 |
| 4113 | Reflected XSS on Error Page |
Reflected XSS |
NA |
Tomi (@noobe_io) |
Bug Bounty | 2019-06-11 | 2023-06-13 |
| 4112 | Redstrom Denial Of Service — Write Up |
DoS |
NA |
Zerb0a |
Bug Bounty | 2019-06-12 | 2023-06-13 |
| 4111 | Chaining Improper Authorization To Race Condition To Harvest Credit Card Details : A Bug Bounty Story |
Authorization flaw
Race condition |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2019-06-13 | 2023-06-13 |
| 4110 | How spending our Saturday hacking earned us 20k |
IDOR |
NA |
Matti Bijnens (@MattiBijnens) |
Bug Bounty | 2019-06-14 | 2023-06-13 |
| 4109 | IDOR — Account Takeover |
IDOR |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-14 | 2023-06-13 |
| 4107 | Admin Account total Information Disclosure |
Source code disclosure
Information disclosure |
NA |
Nishant Saurav (@inishantsinha) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 4104 | Complete Web Server Access |
Unrestricted file upload
RCE |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 4103 | Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion |
WAF bypass
LFI
Information disclosure |
NA |
Λявєη (@spenkkkkk) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 4102 | Stealing Cookies to Login in any Account |
Cookie theft |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-16 | 2023-06-13 |
| 4101 | Account Takeover Worth $900 |
Account takeover
CSRF |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-16 | 2023-06-13 |
