| 4858 | How I was able to remotely crash any android user’s instagram app and was paid a mere 500$ for it. |
Android
DoS |
Meta / Facebook |
Waleed Ahmed |
Bug Bounty | 2018-02-15 | 2023-06-13 |
| 4848 | How I was able to delete any image in Facebook community question forum |
IDOR |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2018-02-24 | 2023-06-13 |
| 4835 | #BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality |
Logic flaw
Password reset
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-03-14 | 2023-06-13 |
| 4803 | #SecurityBreach — "How I was able to book hotel room for 1.50₹!" |
CORS misconfiguration |
NA |
Hariom Vashisth |
Bug Bounty | 2018-04-15 | 2023-06-13 |
| 4791 | #BugBounty — "Journey from LFI to RCE!!!"-How I was able to get the same in one of the India’s popular property buy/sell company. |
LFI
RCE |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-04-19 | 2023-06-13 |
| 4780 | #BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get root user account! |
RCE |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-04-29 | 2023-06-13 |
| 4766 | How I was able to get subscription of $120/year For Free |
Payment bypass |
WeTransfer |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2018-05-18 | 2023-06-13 |
| 4755 | #BugBounty — "How I was able to hack any user account via password reset?" |
IDOR
Account takeover
Password reset |
NA |
Bikash Gupta (@BgxDoc) |
Bug Bounty | 2018-05-23 | 2023-06-13 |
| 4754 | How I was able to see any private album passwrod in Picturepush — IDOR |
IDOR |
PicturePush |
Murtada Kamil |
Bug Bounty | 2018-05-23 | 2023-06-13 |
| 4751 | How i was able to get admin panel on a private program |
Weak credentials |
NA |
Shahzad Sadiq (@ShahzadSadiq25) |
Bug Bounty | 2018-05-29 | 2023-06-13 |
| 4734 | How I was able to list some internal information from PayPal #BugBounty |
Expression Language Injection (JSTL)
Information disclosure |
Paypal |
Adrien Jeanneau (@adrien_jeanneau) |
Bug Bounty | 2018-06-07 | 2023-06-13 |
| 4721 | [Responsible disclosure] How I could have booked movie tickets through other user accounts |
Password reset
Account takeover
Bruteforce
OTP bypass |
AGS Cinemas |
Bharathvaj Ganesan |
Bug Bounty | 2018-06-18 | 2023-06-13 |
| 4699 | #BugBounty - Compromising User Account- "How I was able to compromise user account via HTTP Parameter Pollution(HPP)" |
HTTP parameter pollution
Password reset
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-07-07 | 2023-06-13 |
| 4686 | How I was able to delete 13k+ Microsoft Translator projects |
CSRF
IDOR |
Microsoft |
Haider Mahmood (@haiderinfosec) |
Bug Bounty | 2018-07-19 | 2023-06-13 |
| 4682 | RCE due to ShowExceptions |
RCE
Information disclosure
Debugging enabled |
NA |
Harsh Jaiswal (@rootxharsh) |
Bug Bounty | 2018-07-20 | 2023-06-13 |
| 4638 | Distorted and Undeletable Posts in Facebook Group |
Authorization flaw
Logic flaw |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2018-08-12 | 2023-06-13 |
| 4570 | Responsible disclosure: retrieving a user%27s private Facebook friends. |
Logic flaw
Authorization flaw
Information disclosure |
Meta / Facebook |
Riccardo Padovani (@rpadovani93) |
Bug Bounty | 2018-09-23 | 2023-06-13 |
| 4559 | How I was able to takeover account%27s of an Earning App |
Information disclosure |
NA |
Abbas Wafa |
Bug Bounty | 2018-10-01 | 2023-06-13 |
| 4548 | Apache Struts double evaluation RCE lottery |
RCE
Double OGNL evaluation |
Apache Struts |
Man Yue Mo (@mmolgtm) |
Bug Bounty | 2018-10-04 | 2023-06-13 |
| 4541 | Make any Unit in Facebook Groups Undeletable |
Logic flaw
IDOR
Authorization flaw |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2018-10-09 | 2023-06-13 |
| 4520 | Cookie-based-injection XSS making exploitable with-out exploiting other Vulns |
XSS |
NA |
Utkarsh Agrawal (@agrawalsmart7) |
Bug Bounty | 2018-10-22 | 2023-06-13 |
| 4513 | CSRF account takeover Explained Automated/Manual — Bug Bounty |
CSRF
Account takeover |
OpenMenu |
Vulnerables |
Bug Bounty | 2018-10-26 | 2023-06-13 |
| 4509 | #BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites! |
.git folder disclosure
Source code disclosure |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-10-27 | 2023-06-13 |
| 4507 | Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable |
CSRF
Clickjacking |
NA |
Zseano (@zseano) |
Bug Bounty | 2018-10-29 | 2023-06-13 |
| 4487 | Object name Exposure — ING Bank Responsible Disclosure Program |
Information disclosure |
ING Bank |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2018-11-08 | 2023-06-13 |
