| 4059 | Account Takeover Using CSRF(json-based) |
CSRF
Account takeover |
NA |
shub rathore (@shub66452) |
Bug Bounty | 2019-07-04 | 2023-06-13 |
| 4058 | Facebook Vulnerability: Unremovable Co-Host in facebook page events |
Logic flaw
DoS |
Meta / Facebook |
Ritish Kumar Singh |
Bug Bounty | 2019-07-04 | 2023-06-13 |
| 4056 | Blind (time-based) SQLi - Bug Bounty |
SQL injection |
NA |
jspin (@jespinhara) |
Bug Bounty | 2019-07-05 | 2023-06-13 |
| 4055 | Cleartext password in LocalStorage (Writeup) |
Violation of secure design principles |
NA |
ruvlol |
Bug Bounty | 2019-07-07 | 2023-06-13 |
| 4054 | Information Disclosure via Misconfigured AWS to AWS Bucket Takeover |
AWS misconfiguration |
NA |
Pratyush Anjan Sarangi |
Bug Bounty | 2019-07-08 | 2023-06-13 |
| 4052 | OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect |
Open redirect
Token leak
Account takeover |
Airbnb |
Evgeniy Yakovchuk (@h1_sp1d3r) |
Bug Bounty | 2019-07-10 | 2023-06-13 |
| 4051 | Tale of account takeover — Sensitive info Disclosure + Broken Access Control |
IDOR
Account takeover |
NA |
Md Saqib (@sakyb7) |
Bug Bounty | 2019-07-10 | 2023-06-13 |
| 4050 | SQL Injection Bug Bounty POC! |
SQL injection |
NA |
Arif-ITSEC111 |
Bug Bounty | 2019-07-11 | 2023-06-13 |
| 4049 | Story of my Biggest Bounty ever : Command Execution on Jenkins |
RCE
Exposed Jenkins instance |
NA |
Jay Jani (@JayJani007) |
Bug Bounty | 2019-07-11 | 2023-06-13 |
| 4046 | Account takeover on Airbnb acquisition | An Unusual Bug Part-2 🐛 |
IDOR
Account takeover |
Airbnb |
PRince CHaddha (@princechaddha) |
Bug Bounty | 2019-07-13 | 2023-06-13 |
| 4042 | [TOKOPEDIA] Site-wide CSRF through GraphQL request |
CSRF |
Tokopedia |
Rafie Muhammad (@rafiem777) |
Bug Bounty | 2019-07-15 | 2023-06-13 |
| 4039 | The Bugs Are Out There, Hiding in Plain Sight |
IDOR
SSRF
Information disclosure
CORS misconfiguration |
NA |
A Bug’z Life (@abugzlife1) |
Bug Bounty | 2019-07-15 | 2023-06-13 |
| 4037 | What do Netcat, SMTP and self XSS have in common? Stored XSS |
Stored XSS |
NA |
Plenum (@plenumlab) |
Bug Bounty | 2019-07-16 | 2023-06-13 |
| 4036 | Bypass CSRF With ClickJacking Worth $1250 |
CSRF
Clickjacking |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-07-16 | 2023-06-13 |
| 4035 | CSRF Email Confirmation Vulnerability for Gmail & G-Suite in Facebook |
CSRF |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2019-07-16 | 2023-06-13 |
| 4032 | Account Takeover Vulnerability :) |
Password reset
Account takeover |
NA |
Sumit Jain (@sumit_cfe) |
Bug Bounty | 2019-07-17 | 2023-06-13 |
| 4031 | Сookie-based XSS exploitation | $2300 Bug Bounty story |
XSS |
NA |
Max (@iSecMax) |
Bug Bounty | 2019-07-17 | 2023-06-13 |
| 4029 | SQL Injection in Forget Password Function |
SQL injection |
NA |
Khaled Gaber |
Bug Bounty | 2019-07-18 | 2023-06-13 |
| 4028 | Microsoft Office 365 - Outlook XSS |
XSS |
Microsoft |
Abdulrahman Alqabandi (@Qab) |
Bug Bounty | 2019-07-19 | 2023-06-13 |
| 4025 | Exploiting a Tricky Blind SQL Injection inside LIMIT clause |
SQL injection |
NA |
Rahul Maini (@iamnoooob) |
Bug Bounty | 2019-07-21 | 2023-06-13 |
| 4024 | Shopping Products For Free- Parameter Tampering Vulnerability |
Parameter tampering
Payment tampering |
NA |
D1vy4n5hu 5hukl4 (@justm0rph3u5) |
Bug Bounty | 2019-07-21 | 2023-06-13 |
| 4022 | Not a fancy bug, just HTML Injection in Clause - clause.io (Write Up) |
HTML injection |
Clause |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2019-07-21 | 2023-06-13 |
| 4020 | XSS On Twitter [Worth 1120$] |
XSS |
NA |
Bywalks (@bywalkss) |
Bug Bounty | 2019-07-22 | 2023-06-13 |
| 4019 | Pwning child company to get access to ParentCompany%27s Slack Team |
SQL injection
Default credentials |
NA |
Parth Malhotra (@Parth_Malhotra)< |
Bug Bounty | 2019-07-23 | 2023-06-13 |
| 4017 | Disclose any main and 3rd party contributors email address and movie local path thru XML file in Plex TV - plex.tv (Write Up) |
Information disclosure
Internal path disclosure |
Plex |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2019-07-24 | 2023-06-13 |
