| 411 | How I got into Nokia HOF in 5 Mins |
Information disclosure |
Nokia |
Abdelrhman Allam (@sl4x0) |
Bug Bounty | 2023-02-22 | 2023-06-13 |
| 368 | How a simple IDOR impacted the data of thousands of customers of an Indian automotive giant |
Account takeover
Information disclosure
IDOR |
NA |
Kushal Jain |
Bug Bounty | 2023-03-01 | 2023-06-13 |
| 362 | How I Earned $$$ for Excessive Data Exposure Through Directory Traversal Leads to Product Price Manipulation |
Path traversal
Information disclosure
Payment bypass |
NA |
Mohamed Shibil |
Bug Bounty | 2023-03-03 | 2023-06-13 |
| 352 | JS file enumeration for bug bounty hunters |
Information disclosure
IDOR |
NA |
Aadarsh Anand (@ScreamZoro) |
Bug Bounty | 2023-03-04 | 2023-06-13 |
| 342 | Remote Stealth Brute-force of Oracle Database Passwords |
Bruteforce
Information disclosure
Authentication bypass
Components with known vulnerabilities |
NA |
Viktor Markopoulos |
Bug Bounty | 2023-03-06 | 2023-06-13 |
| 333 | The story of becoming a Super Admin |
Hardcoded credentials
Account takeover
Information disclosure |
NA |
Ömer Kepenek (@omer_kepenek) |
Bug Bounty | 2023-03-08 | 2023-06-13 |
| 321 | Default Credentials on Sony- Swag Time |
Hardcoded credentials
Information disclosure |
Sony |
Arman (@M7arm4n) |
Bug Bounty | 2023-03-10 | 2023-06-13 |
| 283 | Exploiting aCropalypse: Recovering Truncated PNGs |
Privacy issue
Information disclosure
Android |
Google |
David Buchanan (@David3141593) |
Bug Bounty | 2023-03-18 | 2023-06-13 |
| 263 | Using an Undocumented Amplify API to Leak AWS Account IDs |
Cloud
Information disclosure |
AWS |
Nick Frichette (@frichette_n) |
Bug Bounty | 2023-03-27 | 2023-06-13 |
| 247 | How to avoid the aCropalypse |
Privacy issue
Information disclosure
Android |
Google
Microsoft |
Henrik Brodin |
Bug Bounty | 2023-03-30 | 2023-06-13 |
| 245 | From an Innocent api-key to PII data |
Information disclosure
Hardcoded API keys |
NA |
g30rgy th3 d4rk (@Crypt0g30rgy) |
Bug Bounty | 2023-03-30 | 2023-06-13 |
| 232 | Holiday Hunting With Aquatone |
SSRF
Missing authentication
Information disclosure |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2023-04-03 | 2023-06-13 |
| 213 | Account Take Over (Via an API) |
Account takeover
Information disclosure
Broken Access Control
Cryptographic issues |
NA |
Thabiso Mokoena |
Bug Bounty | 2023-04-10 | 2023-06-13 |
| 196 | From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR |
Debug mode enabled
IDOR
Information disclosure
JWT
Broken Access Control
Exposed registration page |
NA |
Aayush Vishnoi (@AayushVishnoi10) |
Bug Bounty | 2023-04-14 | 2023-06-13 |
| 190 | Multiple Critical Vulnerabilities In Strapi Versions <=4.7.1 |
Authentication bypass
SSTI
RCE
Amazon cognito misconfiguration
Information disclosure |
Strapi |
GhostCcamm (@GhostCcamm) |
Bug Bounty | 2023-04-17 | 2023-06-13 |
| 162 | Discord Rich Presence LeonardSSH.vscord |
Information disclosure |
vscord |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2023-04-23 | 2023-06-13 |
| 145 | How I Chained an Information Disclosure Bug with SQL Injection |
SQL injection
.git folder disclosure |
NA |
Mba-oji Chiagoziem (@g0ziem) |
Bug Bounty | 2023-04-30 | 2023-06-13 |
| 140 | Unauthorized access to the admin panel via leaked credentials on the WayBackMachine |
Information disclosure |
NA |
Arman (@M7arm4n) |
Bug Bounty | 2023-05-01 | 2023-06-13 |
| 137 | Placeholder for Dayzzz: Abusing placeholders to extract customer informations |
SSTI
Information disclosure |
GitHub |
Ophion Security (@OphionSecurity) |
Bug Bounty | 2023-05-01 | 2023-06-13 |
| 127 | The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component |
Out-of-bounds Read
Memory corruption |
Microsoft (Windows) |
Bing Sun |
Bug Bounty | 2023-05-03 | 2023-06-13 |
| 114 | How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain |
RCE
Unrestricted file upload
Stored XSS
Information disclosure
Directory listing |
NA |
Aayush Vishnoi (@AayushVishnoi10) |
Bug Bounty | 2023-05-07 | 2023-06-13 |
| 107 | Testing a new encrypted messaging app%27s extraordinary claims |
Android
Firebase
Cryptographic issues
Privacy issue
Information disclosure |
Converso |
Crnković |
Bug Bounty | 2023-05-10 | 2023-06-13 |
| 78 | A $1,000,000 bounty? The KuCoin User Information Leak |
Information disclosure
Zendesk
Authorization flaw
Security misconfiguration |
NA |
Corben Leo (@hacker_) |
Bug Bounty | 2023-05-18 | 2023-06-13 |
| 71 | Exposing iCloud user’s Name, phone numbers, and email addresses. |
Information disclosure |
Apple (iCloud) |
Renganathan (@IamRenganathan) |
Bug Bounty | 2023-05-20 | 2023-06-13 |
| 70 | Why You Should Always Check The Audit Log [Medium] — $500 |
Information disclosure |
NA |
Emanuel Beni Harijanto |
Bug Bounty | 2023-05-20 | 2023-06-13 |
