2363 | From Hobby to Hacking |
Unrestricted file upload
RCE
Missing authentication |
NA |
Muhammad Syahrul Haniawan (@b0x_in) |
Bug Bounty | 2021-07-31 | 2023-06-13 |
2252 | Bypassed! and uploaded a sweet reverse shell |
Unrestricted file upload |
NA |
Ajay Sharma (@security_donut) |
Bug Bounty | 2021-09-05 | 2023-06-13 |
2142 | Independently Secure, Together Not So Much – A Story Of 2 WP Plugins |
RCE
Race condition
Unrestricted file upload
Security code review |
NA |
Adrian Tiron (@Adrian__T) |
Bug Bounty | 2021-10-17 | 2023-06-13 |
2089 | Unrestricted File Upload Leads to SSRF and RCE |
ImageTragick
Unrestricted file upload
SSRF
RCE |
NA |
Muhammad Adel (@ItsFadinG_) |
Bug Bounty | 2021-11-11 | 2023-06-13 |
2073 | Diving into Open-source LMS Codebases |
Insecure file upload
Insecure deserialization
RCE
CSRF
SQL injection
Reflected XSS |
Moodle
Chamilo LMS |
Poh Jia Hao (@Chocologicall) |
Bug Bounty | 2021-11-16 | 2023-06-13 |
2009 | File Upload to RCE |
Unrestricted file upload |
NA |
Ahmed Magdy (@8Ahmed88Magdy8) |
Bug Bounty | 2021-12-09 | 2023-06-13 |
1988 | Stored XSS by bypassing signature |
XSS
Unrestricted file upload |
NA |
Abdulrahman Makki (@AMakki1337) |
Bug Bounty | 2021-12-20 | 2023-06-13 |
1969 | XSS via file upload |
XSS
Unrestricted file upload |
NA |
Jay Sharma |
Bug Bounty | 2021-12-27 | 2023-06-13 |
1942 | SQL Injection - The File Upload Playground |
Unrestricted file upload
SQL injection |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-01-04 | 2023-06-13 |
1872 | Remote Code Execution in .tgz File Upload |
RCE
Unrestricted file upload |
NA |
Nick Berrie (@machevalia) |
Bug Bounty | 2022-01-30 | 2023-06-13 |
1809 | Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN) |
RCE
Unrestricted file upload
OS command injection |
Cisco |
Quentin Kaiser (@QKaiser) |
Bug Bounty | 2022-02-17 | 2023-06-13 |
1735 | Achieving Remote Code Execution via Unrestricted File Upload |
Unrestricted file upload
RCE |
NA |
Haroon Hameed (@HaroonHameed40) |
Bug Bounty | 2022-03-14 | 2023-06-13 |
1644 | XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain |
XSS
HTML injection |
Huawei |
Ahmed Hassan |
Bug Bounty | 2022-04-10 | 2023-06-13 |
1608 | Exploiting a File Upload Vulnerability — A Directory Traversal Attack |
Unrestricted file upload
Path traversal |
NA |
Kwadwo Amoako |
Bug Bounty | 2022-04-20 | 2023-06-13 |
1582 | Hacking a Bank by Finding a 0day in DotCMS |
Directory traversal
Unrestricted file upload
RCE |
NA |
Shubham Shah (@infosec_au) |
Bug Bounty | 2022-05-03 | 2023-06-13 |
1575 | Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) |
XSS
CSRF
Account takeover |
NA |
Zulfi Al-Farizi |
Bug Bounty | 2022-05-06 | 2023-06-13 |
1567 | How I Paid For My Holiday With Bug Bounty |
XSS
Broken Access Control
IDOR
Unrestricted file upload |
NA |
Tobydavenn |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1566 | Can analyzing javascript files lead to remote code execution? |
Unrestricted file upload
RCE |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2022-05-08 | 2023-06-13 |
1286 | How I earned 500$ by uploading a file: write-up of one of my first bug bounty |
Unrestricted file upload |
Semrush |
Riccardo Malatesta (@seeu_inspace) |
Bug Bounty | 2022-08-02 | 2023-06-13 |
1242 | File Upload Bypass to RCE == $$$$ |
Unrestricted file upload
RCE |
NA |
Sagar Sajeev (@Sagar__Sajeev) |
Bug Bounty | 2022-08-12 | 2023-06-13 |
1210 | RCE on Spip and Root-Me, v2! |
RCE
SSTI
DNS rebinding
XSS
Code injection
Unrestricted file upload |
SPIP |
Laluka (@TheLaluka) |
Bug Bounty | 2022-08-16 | 2023-06-13 |
1100 | Riding The Inforail To Exploit Ivanti Avalanche Part 2 |
RCE
Insecure deserialization
Path traversal
Authentication bypass
Unrestricted file upload
Arbitrary file write
Arbitrary file read |
Ivanti |
Piotr Bazydło (@chudyPB) |
Bug Bounty | 2021-09-08 | 2023-06-13 |
1081 | How I abused the file upload function to get a high severity vulnerability in Bug Bounty |
Unrestricted file upload
Information disclosure |
NA |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-09-14 | 2023-06-13 |
984 | Persistent PHP Payloads In PNGs: How To Inject PHP Code In An Image – And Keep It There ! |
Unrestricted file upload
Code injection
RCE |
NA |
Quentin Roland (@ROLANDQuentin2) |
Bug Bounty | 2022-10-10 | 2023-06-13 |
930 | 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite |
JWT
Authentication bypass
Arbitrary file write
Unrestricted file upload |
NA |
Souhaib Naceri (@h4x0r_dz) |
Bug Bounty | 2022-10-19 | 2023-06-13 |