| 4461 | XS-Searching Google’s bug tracker to find out vulnerable source code |
XS-Search
Information disclosure |
Google |
Luan Herrera (@lbherrera_) |
Bug Bounty | 2018-11-19 | 2023-06-13 |
| 4445 | Broken Authentication — Bug Bounty |
Session management issue |
NA |
Vulnerables |
Bug Bounty | 2018-11-28 | 2023-06-13 |
| 4431 | Facebook WhiteHat: Able to access group plan even after leaving the group |
Authorization flaw
Logic flaw |
Meta / Facebook |
Family guy |
Bug Bounty | 2018-12-06 | 2023-06-13 |
| 4429 | How I was Able To Bypass Email Verification |
Information disclosure |
NA |
Muzammil Kayani (@muzammilabbas2) |
Bug Bounty | 2018-12-08 | 2023-06-13 |
| 4424 | How I was able to generate Access Tokens for any Facebook user. |
IDOR
Information disclosure |
Meta / Facebook |
Youssef Sammouda (@samm0uda) |
Bug Bounty | 2018-12-11 | 2023-06-13 |
| 4421 | How i was able to pwned application by Bypassing Cloudflare WAF |
WAF bypass |
NA |
gujjuboy10x00 (@vis_hacker) |
Bug Bounty | 2018-12-12 | 2023-06-13 |
| 4414 | Unremovable Tags In Facebook Page Reviews |
Logic flaw |
Meta / Facebook |
Max Pasqua |
Bug Bounty | 2018-12-14 | 2023-06-13 |
| 4390 | How I Was Able To Takeover All User Account And Admin Panel |
IDOR
Account takeover |
NA |
Dipak kumar Das (@d1pakdas) |
Bug Bounty | 2018-12-28 | 2023-06-13 |
| 4387 | How I was able to delete Google Gallery Data [IDOR] |
IDOR |
Google |
Yogesh Tantak |
Bug Bounty | 2018-12-30 | 2023-06-13 |
| 4382 | How I was able to Harvest other Vine users IP address |
IDOR |
Vine |
Prial Islam Khan (@prial261) |
Bug Bounty | 2019-01-02 | 2023-06-13 |
| 4380 | Yes I can see your OTP |
IDOR |
NA |
Vulnerables |
Bug Bounty | 2019-01-03 | 2023-06-13 |
| 4378 | How I stumbled upon a Stored XSS(My first bug bounty story). |
Stored XSS |
Edmodo |
Parth Shah |
Bug Bounty | 2019-01-04 | 2023-06-13 |
| 4363 | Facebook Vulnerability: Unremovable facebook group admin |
Logic flaw |
Meta / Facebook |
Ritish Kumar Singh |
Bug Bounty | 2019-01-15 | 2023-06-13 |
| 4326 | How I was able to Extract Information of Other Users- Exploiting IDOR |
IDOR |
Knowyourmeds.com |
Rupika Luhach (@Rup_Ki_Rani) |
Bug Bounty | 2019-02-02 | 2023-06-13 |
| 4317 | How i was able to dump SqlDB | Simple bug |
Directory listing
SQL injection
Authentication bypass |
NA |
clever idi0t |
Bug Bounty | 2019-02-07 | 2023-06-13 |
| 4279 | SHAREit Multiple Vulnerabilities Enable Unrestricted Access to Adjacent Devices’ Files |
Android
Arbitrary file download
Authentication bypass |
SHAREit |
Abdulrahman Nour (@aboodnour) |
Bug Bounty | 2019-02-25 | 2023-06-13 |
| 4248 | How I was able to pwned 30000+ user’s webhook |
IDOR |
NA |
gujjuboy10x00 (@vis_hacker) |
Bug Bounty | 2019-03-14 | 2023-06-13 |
| 4230 | How I was able to turn self xss into reflected xss |
Reflected XSS |
NA |
Hein Thant Zin (@H3Lowr) |
Bug Bounty | 2019-03-31 | 2023-06-13 |
| 4226 | How I was able to get your facebook private friend list [Responsible Disclosure] |
Information disclosure |
Meta / Facebook |
Raja Sekar Durairaj |
Bug Bounty | 2019-04-01 | 2023-06-13 |
| 4223 | How I am able to hijack you. |
Logic flaw |
Google |
Terjanq (@terjanq) |
Bug Bounty | 2019-04-03 | 2023-06-13 |
| 4192 | Responsible disclosure: improper access control in Gitlab private project. |
Authorization flaw |
GitLab |
Riccardo Padovani (@rpadovani93) |
Bug Bounty | 2019-04-19 | 2023-06-13 |
| 4163 | Tale of a Wormable Twitter XSS |
XSS |
Twitter |
Ahmed Elsobky |
Bug Bounty | 2019-05-02 | 2023-06-13 |
| 4142 | Google Adwords(Privilege Escalation): Read-only user able to add YouTube channels via Linked accounts |
Privilege escalation
Authorization flaw |
Google |
Family guy |
Bug Bounty | 2019-05-21 | 2023-06-13 |
| 4118 | How I was able to get private ticket response panel and FortiGate web panel via blind XSS |
Blind XSS |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2019-06-06 | 2023-06-13 |
| 4114 | Facebook Vulnerability: Non-unfriendable user in /hacked workflow |
Logic flaw |
Meta / Facebook |
Ritish Kumar Singh |
Bug Bounty | 2019-06-11 | 2023-06-13 |
