4531 | [Bug bounty | mail.ru] Access to the admin panel of the partner site and data disclosure of 2 million users |
Authentication bypass
Blind XSS |
Mail.ru |
Max (@iSecMax) |
Bug Bounty | 2018-10-12 | 2023-06-13 |
4503 | It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive knowledge about the program |
Information disclosure
Authentication bypass
Account takeover |
NA |
Zseano (@zseano) |
Bug Bounty | 2018-10-30 | 2023-06-13 |
4448 | Instagram Multi-factor authentication Bypass |
MFA bypass |
Meta / Facebook |
Vishnuraj |
Bug Bounty | 2018-11-27 | 2023-06-13 |
4416 | #BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account” |
OAuth
Authentication bypass
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-12-13 | 2023-06-13 |
4404 | Asus’S Admin Panel Auth Bypass |
Authentication bypass |
Asus |
Mustafa Khan (@by6153) |
Bug Bounty | 2018-12-18 | 2023-06-13 |
4397 | Client side validation strikes again: PIN code bypass ! |
Client-side enforcement of server-side security
Authentication bypass
Authorization flaw |
Netflix
Linxo |
Davy (@RandoriSec) |
Bug Bounty | 2018-12-22 | 2023-06-13 |
4317 | How i was able to dump SqlDB | Simple bug |
Directory listing
SQL injection
Authentication bypass |
NA |
clever idi0t |
Bug Bounty | 2019-02-07 | 2023-06-13 |
4279 | SHAREit Multiple Vulnerabilities Enable Unrestricted Access to Adjacent Devices’ Files |
Android
Arbitrary file download
Authentication bypass |
SHAREit |
Abdulrahman Nour (@aboodnour) |
Bug Bounty | 2019-02-25 | 2023-06-13 |
4099 | Password Bypass and Something Else… |
Authentication bypass |
NA |
Vibhurushi Chotaliya (@_Vibhurushi_) |
Bug Bounty | 2019-06-16 | 2023-06-13 |
4052 | OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect |
Open redirect
Token leak
Account takeover |
Airbnb |
Evgeniy Yakovchuk (@h1_sp1d3r) |
Bug Bounty | 2019-07-10 | 2023-06-13 |
3949 | Shodan is your friend!!! If you ignore him you will lose many… |
SQL injection
Authentication bypass |
NA |
Vijaysimha Reddy Bathini (@fatratfatrat) |
Bug Bounty | 2019-08-28 | 2023-06-13 |
3933 | Accessing 2 million Verizon Pay Monthly contracts |
Information disclosure
Authentication bypass
IDOR |
Yahoo! / Verizon Media |
Daley Bee (@daley) |
Bug Bounty | 2019-09-09 | 2023-06-13 |
3905 | [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE |
Information disclosure
SQL injection
Authentication bypass
Unrestricted file upload
RCE
XSS |
NA |
Tomi (@noobe_io) |
Bug Bounty | 2019-09-22 | 2023-06-13 |
3890 | REST framework Admin Panel bypass and how I recon for this vulnerability |
Authentication bypass |
NA |
Aziz Hakim (@hackerb0y_) |
Bug Bounty | 2019-10-02 | 2023-06-13 |
3831 | LDAP Admin Account Bypassed :) |
LDAP injection
Authentication bypass |
NA |
Himanshu Pdy (@himanshu_pdy) |
Bug Bounty | 2019-11-16 | 2023-06-13 |
3823 | Broken session management leads to bypass 2FA and Permanent access to Facebook user’s |
Authentication bypass |
Meta / Facebook |
Mahmoud Barakat (@0xBarakat) |
Bug Bounty | 2019-11-19 | 2023-06-13 |
3791 | Authentication Bypass |
MFA bypass |
NA |
Rushiikesh (@u1tran00b) |
Bug Bounty | 2019-12-09 | 2023-06-13 |
3783 | Facebook New Account Verification Bypass |
Authentication bypass |
Meta / Facebook |
Santosh Baral (@santoshbrl5) |
Bug Bounty | 2019-12-13 | 2023-06-13 |
3742 | Bypass Mobile PIN Verification |
Authentication bypass |
NA |
Sourav Sahana (@kernel_rider) |
Bug Bounty | 2020-01-01 | 2023-06-13 |
3694 | OK Google: bypass the authentication! |
Authentication bypass |
Google |
Mattia Vinci |
Bug Bounty | 2020-01-31 | 2023-06-13 |
3602 | Using Vulnerability Analytics Feature Like a Boss |
SSRF
Reflected XSS
Authentication bypass |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2020-03-15 | 2023-06-13 |
3563 | Touch ID Authentication Bypass on Evernote and Dropbox IOS Apps |
Authentication bypass
iOS |
Evernote
Dropbox |
Sahil Tikoo (@viperbluff) |
Bug Bounty | 2020-04-03 | 2023-06-13 |
3529 | Two Factor Authentication Bypass [ $50 ] |
MFA bypass |
NA |
Aung Pyae Ko Ko (@BlcKVRtuL1) |
Bug Bounty | 2020-04-24 | 2023-06-13 |
3489 | Another Zoho ManageEngine Story |
Authentication bypass |
Zoho |
Florian Hauser (@frycos) |
Bug Bounty | 2020-05-11 | 2023-06-13 |
3460 | My First Bug Bounty — 2 Factor Authentication Bypass |
OTP bypass |
NA |
Talatmehmood |
Bug Bounty | 2020-05-22 | 2023-06-13 |