| 4016 | How I found the most critical bug in live bug bounty event? |
Password reset
Account takeover |
NA |
Lakshay (@inn0c3ntd3v1L) |
Bug Bounty | 2019-07-24 | 2023-06-13 |
| 4014 | Full Account Takeover via Changing Email And Password of any User through API Parameters |
IDOR
Password reset
Account takeover |
NA |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2019-07-26 | 2023-06-13 |
| 4010 | Chaining Cache Poisoning To Stored XSS |
Web cache poisoning
Stored XSS |
NA |
Rohan aggarwal (@nahoragg) |
Bug Bounty | 2019-07-28 | 2023-06-13 |
| 4009 | Old GitHub Profile Takeover! |
Github account takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-07-28 | 2023-06-13 |
| 4008 | Story of an IDOR via Email |
IDOR |
NA |
Shuaib Oladigbolu (@_sawzeeyy) |
Bug Bounty | 2019-07-29 | 2023-06-13 |
| 4007 | 1st Bounty Story | Rewarded 300$ (IDOR) |
IDOR |
NA |
Md Hridoy |
Bug Bounty | 2019-07-29 | 2023-06-13 |
| 4006 | SQL Injection in private-site.com/login.php |
SQL injection |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-07-30 | 2023-06-13 |
| 4005 | Paypal bug $10K - All Secondary users account takeover leads to unauthorized money transfer from paypal business accounts |
IDOR |
Paypal |
Mohd haji (@mohdhaji24) |
Bug Bounty | 2019-07-30 | 2023-06-13 |
| 4002 | RCE in Ruby using Mustache Templates |
RCE |
NA |
Rhys Elsmore (@rhyselsmore) |
Bug Bounty | 2019-08-01 | 2023-06-13 |
| 4001 | Bypassing CORS |
CORS misconfiguration |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-08-01 | 2023-06-13 |
| 3996 | One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies! |
Information disclosure |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-08-02 | 2023-06-13 |
| 3995 | From Sub domain Takeover to Open-Redirect |
Subdomain takeover
Open redirect |
NA |
Anil Tom (mr_4nk) |
Bug Bounty | 2019-08-02 | 2023-06-13 |
| 3994 | No Rate limiting eligible for bounty ? |
Lack of rate limiting |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2019-08-03 | 2023-06-13 |
| 3993 | How I Found XSS By Searching In Shodan |
Reflected XSS |
NA |
D1vy4n5hu 5hukl4 (@justm0rph3u5) |
Bug Bounty | 2019-08-04 | 2023-06-13 |
| 3992 | Leveraging AngularJS-based XSS to Privilege Escalation |
XSS
Privilege escalation |
NA |
Shawar Khan (@ShawarkOFFICIAL) |
Bug Bounty | 2019-08-04 | 2023-06-13 |
| 3990 | BugBounty WriteUp — Creative thinking is our everything (Race Condition + Business Logic Error) |
Race condition
Logic flaw |
NA |
Oleksandr Opanasiuk (@Lekssik2) |
Bug Bounty | 2019-08-05 | 2023-06-13 |
| 3989 | Exploiting Out Of Band XXE using internal network and php wrappers |
XXE |
NA |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2019-08-06 | 2023-06-13 |
| 3988 | self XSS to stored XSS [ think out the box] |
Self-XSS
Stored XSS |
TIBCO |
Abdelhak Kharroubi |
Bug Bounty | 2019-08-06 | 2023-06-13 |
| 3985 | LAN-Based Blind SSRF Attack Primitive for Windows Systems (switcheroo) |
SSRF |
Microsoft |
initstring (@init_string) |
Bug Bounty | 2019-08-09 | 2023-06-13 |
| 3983 | Privilege Escalation using Api endpoint |
Privilege escalation |
NA |
Ronak Patel (@ronak_9889) |
Bug Bounty | 2019-08-09 | 2023-06-13 |
| 3982 | Read other user support tickets in https://support..com (Write Up) |
IDOR |
NA |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2019-08-09 | 2023-06-13 |
| 3980 | Application Level Denial of Service [DoS] using SVG file in https://[REDACTED].com (Write Up) |
Application-level DoS |
NA |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2019-08-10 | 2023-06-13 |
| 3978 | Reporting - Amazon 1 click device XSS |
XSS |
Amazon |
Sneakerhax (@sneakerhax) |
Bug Bounty | 2019-08-12 | 2023-06-13 |
| 3977 | SSRF Vulnerability in https://app.[REDACTED].com |
SSRF |
NA |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2019-08-13 | 2023-06-13 |
| 3975 | BugBounty WriteUp — take attention and get Stored XSS |
Stored XSS |
NA |
Oleksandr Opanasiuk (@Lekssik2) |
Bug Bounty | 2019-08-14 | 2023-06-13 |
