| 4854 | How I hacked Tinder accounts using Facebook’s Account Kit and earned $6,250 in bounties |
Account takeover
Authorization flaw |
Tinder
Meta / Facebook |
Anand Prakash (@anandpraka_sh) |
Bug Bounty | 2018-02-20 | 2023-06-13 |
| 4841 | Facebook Bug Bounty Reports |
Authorization flaw
Logic flaw
Information disclosure |
Meta / Facebook |
Raushan Raj (@raushan_rajj) |
Bug Bounty | 2018-03-06 | 2023-06-13 |
| 4837 | How I hacked 74k users of a website. |
Authorization flaw |
NA |
Utkarsh Agrawal (@agrawalsmart7) |
Bug Bounty | 2018-03-11 | 2023-06-13 |
| 4819 | Facebook BugBounty: Intercept incoming friend requests of Victim add/accept to your facebook account |
Authorization flaw |
Meta / Facebook |
Family guy |
Bug Bounty | 2018-04-02 | 2023-06-13 |
| 4810 | Source Code Analysis in YSurvey — Luminate bug |
Authentication bypass
Authorization flaw
SQL injection |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-04-10 | 2023-06-13 |
| 4809 | How I broke into Google Issue Tracker |
Logic flaw
Authorization flaw |
Google |
Abhishek Bundela (@abhibundela) |
Bug Bounty | 2018-04-10 | 2023-06-13 |
| 4805 | How I hacked companies related to the crypto currency and earned $60,000 |
Authorization flaw
CSRF
IDOR
Stored XSS
HTML injection |
okex.com
livecoin.net |
Max (@0xw2w) |
Bug Bounty | 2018-04-14 | 2023-06-13 |
| 4792 | Bypassing the Current Password Protection at PayPal TechSupport Portal |
Authorization flaw
Account takeover |
Paypal |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2018-04-19 | 2023-06-13 |
| 4782 | Bypassing the Confirmation Email for Newsletter (bof.nl) |
Authorization flaw
IDOR |
Bits of Freedom |
Mohammed Israil (@mdisrail2468) |
Bug Bounty | 2018-04-26 | 2023-06-13 |
| 4771 | Asus Control Center – An Information Disclosure and a database connection Clear-Text password leakage Vulnerability |
Authorization flaw
Information disclosure |
Asus |
Mohamed A. Baset |
Bug Bounty | 2018-05-08 | 2023-06-13 |
| 4769 | How I used a simple Google query to mine passwords from dozens of public Trello boards |
Authorization flaw
Information disclosure |
Trello |
Kushagra Pathak (@xKushagra) |
Bug Bounty | 2018-05-09 | 2023-06-13 |
| 4757 | AWS Security Flaw which can grant admin access! |
Authorization flaw |
Amazon |
Sharath AV |
Bug Bounty | 2018-05-22 | 2023-06-13 |
| 4717 | Using a GitHub app to escalate to an organization owner for a $10,000 bounty |
Authorization flaw
IDOR |
GitHub |
Tanner Emek (@itscachemoney) |
Bug Bounty | 2018-06-20 | 2023-06-13 |
| 4708 | This popular Facebook app publicly exposed your data for years |
Information disclosure
Authorization flaw |
Meta / Facebook
Nametests.com |
Inti De Ceukelaire (@securinti) |
Bug Bounty | 2018-06-28 | 2023-06-13 |
| 4689 | Bypass Admin approval, Mute Member and Posting Permissions for Only admins in Facebook groups |
Authorization flaw
Logic flaw |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2018-07-18 | 2023-06-13 |
| 4655 | Unauth meetings access |
Authorization flaw
Logic flaw |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-08-06 | 2023-06-13 |
| 4654 | FakesApp: A Vulnerability in WhatsApp |
Content spoofing
Authorization flaw
Privacy issue |
Meta / Facebook |
Dikla Barda |
Bug Bounty | 2018-08-07 | 2023-06-13 |
| 4643 | [Twitter Bug Bounty] Misconfigured JSON endpoint on ads.twitter.com lead to Access control issue and Information Disclosure of role privileged users. |
Authorization flaw
Information disclosure |
Twitter |
Peerzada Fawaz Ahmad Qureshi |
Bug Bounty | 2018-08-10 | 2023-06-13 |
| 4638 | Distorted and Undeletable Posts in Facebook Group |
Authorization flaw
Logic flaw |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2018-08-12 | 2023-06-13 |
| 4630 | https://www.updatelap.com/2018/08/privileged-escalation-in-facebook-rooms.html |
Authorization flaw
Privilege escalation |
Meta / Facebook |
Jafar Abo Nada (@Jafar_Abo_Nada) |
Bug Bounty | 2018-08-18 | 2023-06-13 |
| 4610 | Facebook Bug Bounty! {Permission Bug} |
Authorization flaw
Logic flaw |
Meta / Facebook |
Ali Tütüncü (@alicanact60) |
Bug Bounty | 2018-09-05 | 2023-06-13 |
| 4575 | Shopify Athena Bug |
Authorization flaw
Information disclosure |
Shopify |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-09-20 | 2023-06-13 |
| 4570 | Responsible disclosure: retrieving a user%27s private Facebook friends. |
Logic flaw
Authorization flaw
Information disclosure |
Meta / Facebook |
Riccardo Padovani (@rpadovani93) |
Bug Bounty | 2018-09-23 | 2023-06-13 |
| 4560 | Hacking the Subway Android app |
Logic flaw
Authorization flaw |
Subway |
Wesley Gahr (@wesley_gahr) |
Bug Bounty | 2018-09-28 | 2023-06-13 |
| 4541 | Make any Unit in Facebook Groups Undeletable |
Logic flaw
IDOR
Authorization flaw |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2018-10-09 | 2023-06-13 |
