4099 | Password Bypass and Something Else… |
Authentication bypass |
NA |
Vibhurushi Chotaliya (@_Vibhurushi_) |
Bug Bounty | 2019-06-16 | 2023-06-13 |
4098 | Bypassing XSS filter and Stealing User Payment Data |
XSS |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
4097 | SQl Injection |
SQL injection |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
4096 | Parameter Pollution issue in API resulting $XXX |
HTTP parameter pollution |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
4095 | Using Burp Suite match and replace settings to escalate your user privileges and find hidden features |
Client-side enforcement of server-side security |
New Relic |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
4092 | XSS Filter Evasion |
XSS |
NA |
m0z (@LooseSecurity) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
4091 | Account Takeover with Clickjacking |
Clickjacking |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-19 | 2023-06-13 |
4090 | Facebook Vulnerability: Unremovable Co-Host in facebook group events |
Logic flaw |
Meta / Facebook |
Ritish Kumar Singh |
Bug Bounty | 2019-06-19 | 2023-06-13 |
4089 | How a classical XSS can lead to persistent ATO Vulnerability? |
XSS
Account takeover |
NA |
Milind Purswani (@MilindPurswani) |
Bug Bounty | 2019-06-19 | 2023-06-13 |
4087 | Self XSS To Evil XSS |
XSS |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-20 | 2023-06-13 |
4086 | IDOR: Payment Fraud |
IDOR
Payment tampering |
NA |
Vibhurushi Chotaliya (@_Vibhurushi_) |
Bug Bounty | 2019-06-20 | 2023-06-13 |
4084 | $1800 worth Clickjacking |
Clickjacking |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-21 | 2023-06-13 |
4083 | Catching support emails from my internet service provider |
Logic flaw |
T-Mobile |
Sander Lentink |
Bug Bounty | 2019-06-21 | 2023-06-13 |
4082 | How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105 |
XSS |
Microsoft |
Bryan Appleby (@bryapp)< |
Bug Bounty | 2019-06-21 | 2023-06-13 |
4080 | Password Reset Vulnerability — Full Account takeover (Insecure Direct Object Reference) |
Password reset
IDOR
Account takeover |
NA |
Muhammad Asim Shahzad (@protector47) |
Bug Bounty | 2019-06-22 | 2023-06-13 |
4079 | CSV injection at Comment Section. |
CSV injection |
NA |
Navneet (@na5n33t) |
Bug Bounty | 2019-06-24 | 2023-06-13 |
4077 | F5 Networks Endpoint Inspector – Browser-to-RCE? |
RCE |
F5 |
Dave U. Ramdon |
Bug Bounty | 2019-06-26 | 2023-06-13 |
4074 | CORS To CSRF Attack |
CORS misconfiguration
CSRF |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-27 | 2023-06-13 |
4073 | 1-Click Account Takeover in Virgool.io — a Nice Case Study |
Account takeover
Open redirect |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2019-06-27 | 2023-06-13 |
4068 | One more Parameter manipulation bug (🤑) |
Parameter tampering |
NA |
Kanchan Singh Yadav (@KanchanSingh0) |
Bug Bounty | 2019-06-28 | 2023-06-13 |
4066 | Accidental IDOR |
IDOR |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-07-01 | 2023-06-13 |
4065 | How I escalated RFI into LFI |
RFI
LFI |
NA |
Hassan Khan Yusufzai (@Splint3r7) |
Bug Bounty | 2019-07-01 | 2023-06-13 |
4062 | Yeah! I got P2 in 1 minute - Stored XSS via Markdown Editor |
Stored XSS |
NA |
Schopath |
Bug Bounty | 2019-07-02 | 2023-06-13 |
4061 | Finding hidden gems vol. 4: Rakefile a.k.a. how to get AWS keys again |
Information disclosure |
NA |
Mateusz Olejarka (@molejarka) |
Bug Bounty | 2019-07-03 | 2023-06-13 |
4060 | Story of a stored xss to full account takeover vulnerability(N/A to accepted) |
Stored XSS |
NA |
Jatin Aesthetic (@techyfreakk) |
Bug Bounty | 2019-07-04 | 2023-06-13 |