| 3905 | [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE |
Information disclosure
SQL injection
Authentication bypass
Unrestricted file upload
RCE
XSS |
NA |
Tomi (@noobe_io) |
Bug Bounty | 2019-09-22 | 2023-06-13 |
| 3881 | Finding SQL injections fast with white-box analysis — a recent bug example |
SQL injection |
Zoho |
Florian Hauser (@frycos) |
Bug Bounty | 2019-10-13 | 2023-06-13 |
| 3760 | How we hacked one of the worlds largest Cryptocurrency Website |
SQL injection
RCE |
NA |
Strynx (@Strynx_Security) |
Bug Bounty | 2019-12-24 | 2023-06-13 |
| 3634 | SQL Injection Via Stopping the redirection to a login page |
SQL injection
Authorization flaw |
NA |
Abde Ouabala (@4mgh0z) |
Bug Bounty | 2020-03-03 | 2023-06-13 |
| 3597 | Where is my Train : Tracking to Hacking ! |
Reflected XSS
SQL injection |
Google |
Anil Tom (mr_4nk) |
Bug Bounty | 2020-03-17 | 2023-06-13 |
| 3573 | Hacking makes me forget my pain |
SQL injection |
NA |
Abida Fahd |
Bug Bounty | 2020-03-31 | 2023-06-13 |
| 3572 | Akamai Web Application Firewall Bypass Journey: Exploiting “Google BigQuery” SQL Injection Vulnerability |
SQL injection |
NA |
Duc Nguyen (@ducnt_) |
Bug Bounty | 2020-03-31 | 2023-06-13 |
| 3546 | Tricky Oracle SQL Injection Situation |
SQL injection |
NA |
yappare (@yappare) |
Bug Bounty | 2020-04-16 | 2023-06-13 |
| 3515 | [Bug Bounty Writeups] Exploiting SQL Injection Vulnerability |
SQL injection |
NA |
Ahmed ElTijani |
Bug Bounty | 2020-04-30 | 2023-06-13 |
| 3486 | Lucky Bug Which Let Me Change Name of Every Accounts at a Single Click |
SQL injection |
NA |
Merbin Russel (e_23_e) |
Bug Bounty | 2020-05-13 | 2023-06-13 |
| 3420 | Story of Blind SQL with a typo error. |
SQL injection |
NA |
Amyrahm (@Amyrahm11) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3406 | Utilizing Lockdown: Blind Sqli leads to Account Takeover & Data Extraction |
Blind SQL injection
Account takeover |
NA |
Shakti Mohanty (@3ncryptSaan) |
Bug Bounty | 2020-06-10 | 2023-06-13 |
| 3402 | HUNT for SQL Injection- The Smart Way! |
SQL injection |
NA |
Mudassir Sharief |
Bug Bounty | 2020-06-11 | 2023-06-13 |
| 3366 | Bug Bounty in Lockdown (SQLi and Business Logic) |
SQL injection
Logic flaw |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2020-06-24 | 2023-06-13 |
| 3356 | Patched Zoom Exploit: Altering Camera Settings via Remote SQL Injection |
SQL injection |
Zoom |
Keegan Ryan (@inf_0_) |
Bug Bounty | 2020-06-29 | 2023-06-13 |
| 3334 | From Host Header injection to SQL injection |
Host header injection
SQL injection |
NA |
Daoud Youssef / smacker dodi (@daoud_youssef) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3243 | Blind SQL Injection at fasteditor.hema.com |
SQL injection |
Hema |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3227 | How I made $2000 with URL REDIRECTION? |
Open redirect
SQL injection |
NA |
Simran Singh |
Bug Bounty | 2020-08-12 | 2023-06-13 |
| 3213 | How I got 450$ just in one Google search (SQLi + RXSS)? |
XSS
SQL injection |
NA |
Zhenwar Hawlery |
Bug Bounty | 2020-08-16 | 2023-06-13 |
| 3206 | From SQL Injection to Hall Of Fame |
SQL injection |
NA |
Jadek Mark (@mase289) |
Bug Bounty | 2020-08-18 | 2023-06-13 |
| 3204 | How to contact Google SRE: Dropping a shell in cloud SQL |
SQL injection
Privilege escalation
Parameter injection
RCE |
Google |
wtm@offensi.com (@wtm_offensi) |
Bug Bounty | 2020-08-18 | 2023-06-13 |
| 3187 | Accessing the website directly through its IP address, a case of a poorly hidden sql injection |
SQL injection |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-27 | 2023-06-13 |
| 3162 | SQL Injection & Remote Code Execution - Double P1 |
SQL injection
RCE |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-09-13 | 2023-06-13 |
| 3150 | Emoji error handling |
SQL injection |
NA |
shesha sai_c (@Cyb3r_4ss4s1n) |
Bug Bounty | 2020-09-19 | 2023-06-13 |
| 3126 | RCE on Spip and Root-Me |
RCE
SQL injection
XSS
Open redirect
Reflected file download |
SPIP |
Laluka (@TheLaluka) |
Bug Bounty | 2020-09-29 | 2023-06-13 |
