| 3238 | Reflected XSS in Facebook’s mirror websites |
Reflected XSS |
Meta / Facebook |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3237 | Bug Hunting with Param Miner: Cache poisoning with XSS, a peculiar case |
XSS
Web cache poisoning |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3213 | How I got 450$ just in one Google search (SQLi + RXSS)? |
XSS
SQL injection |
NA |
Zhenwar Hawlery |
Bug Bounty | 2020-08-16 | 2023-06-13 |
| 3210 | Stealing your data using XSS |
XSS |
NA |
Viren Pawar (@VirenPawar_) |
Bug Bounty | 2020-08-17 | 2023-06-13 |
| 3198 | (Shopify.com) Blind Stored XSS Via Staff Name $$$$ |
Stored XSS |
Shopify |
Rio Mulyadi (@riomulyadi_) |
Bug Bounty | 2020-08-19 | 2023-06-13 |
| 3197 | How I Found My First Bug Stored Xss and Earned My First Bounty 1000$ |
Stored XSS |
Badoo |
Nazmul Haque (@0xnazmul) |
Bug Bounty | 2020-08-21 | 2023-06-13 |
| 3184 | The Importance of keeping up to date, or how I found an interesting bug thanks to a tweet |
Stored XSS |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-29 | 2023-06-13 |
| 3181 | Stop scratching the surface, and hack the dependencies |
Stored XSS |
NA |
Rotem Reiss (@rotem_reiss) |
Bug Bounty | 2020-08-31 | 2023-06-13 |
| 3177 | My Story With XSS |
XSS |
NA |
Soufiane Habti (@wld_basha) |
Bug Bounty | 2020-09-03 | 2023-06-13 |
| 3174 | XSS that can pay your Bills :) |
Reflected XSS |
NA |
Smile Hacker (@_smile_hacker_) |
Bug Bounty | 2020-09-05 | 2023-06-13 |
| 3173 | Never Give Up, The Story Behind a Dupe-To-Triaged |
XSS
OAuth
Account takeover |
NA |
Alan Brian (@soyelmago) |
Bug Bounty | 2020-09-06 | 2023-06-13 |
| 3169 | XSS->Fix->Bypass: 10000$ bounty in Google Maps |
XSS |
Google |
Zohar Shachar |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3165 | Universal XSS in Android WebView (CVE-2020-6506) |
Universal XSS |
Google
Microsoft
Twitter |
Alesandro Ortiz (@AlesandroOrtizR) |
Bug Bounty | 2020-09-10 | 2023-06-13 |
| 3157 | Exploiting a "Useless" Cookie-Based XSS and Making it Useful |
XSS |
NA |
Daniel Thatcher (@_danielthatcher) |
Bug Bounty | 2020-09-16 | 2023-06-13 |
| 3153 | Reflected XSS via a hidden parameter on Dutch Gov. website |
Reflected XSS |
Dutch Government |
Supras (@LdrTom) |
Bug Bounty | 2020-09-19 | 2023-06-13 |
| 3145 | $25K Instagram Almost XSS Filter Link — Facebook Bug Bounty |
Stored XSS |
Meta / Facebook |
Andres Alonso (@al0nnso) |
Bug Bounty | 2020-09-20 | 2023-06-13 |
| 3132 | Chains on Chains: Chaining multiple low-level vulns into a Critical. |
Blind XSS
CSP bypass
Lack of rate limiting
Exposed JWT generation endpoint
JWT |
NA |
Daniel Marte (@Masonhck3571) |
Bug Bounty | 2020-09-26 | 2023-06-13 |
| 3126 | RCE on Spip and Root-Me |
RCE
SQL injection
XSS
Open redirect
Reflected file download |
SPIP |
Laluka (@TheLaluka) |
Bug Bounty | 2020-09-29 | 2023-06-13 |
| 3124 | Write Up – Google Bug Bounty: XSS To Cloud Shell Instance Takeover (Rce As Root) – $5,000 USD |
XSS
RCE |
Google |
Omar Espino (@omespino) |
Bug Bounty | 2020-10-01 | 2023-06-13 |
| 3119 | Spend more time doing recon, you’ll find more BUGS. |
Reflected XSS
Information disclosure |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2020-10-03 | 2023-06-13 |
| 3109 | We Hacked Apple for 3 Months: Here’s What We Found |
RCE
Authentication bypass
Authorization bypass
SSRF
XXE
Blind XSS
IDOR
OS command injection
SQL injection |
Apple |
Sam Curry (@samwcyo) |
Bug Bounty | 2020-10-07 | 2023-06-13 |
| 3105 | CVE-2018–5230 | JIRA Cross Site Scripting |
Reflected XSS |
NA |
Paras Arora (@parasarora06) |
Bug Bounty | 2020-10-09 | 2023-06-13 |
| 3102 | Leveraging XSS to Read Internal Files |
XSS
LFI |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2020-10-09 | 2023-06-13 |
| 3098 | How I find my first P1 level Bug. $$$ |
XSS |
NA |
Harsh |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 3096 | I had fun with this XSS |
XSS |
NA |
yappare (@yappare) |
Bug Bounty | 2020-10-13 | 2023-06-13 |
