| 4560 | Hacking the Subway Android app |
Logic flaw
Authorization flaw |
Subway |
Wesley Gahr (@wesley_gahr) |
Bug Bounty | 2018-09-28 | 2023-06-13 |
| 4559 | How I was able to takeover account%27s of an Earning App |
Information disclosure |
NA |
Abbas Wafa |
Bug Bounty | 2018-10-01 | 2023-06-13 |
| 4558 | Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com ) with Steps |
Subdomain takeover |
Shopify |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2018-10-01 | 2023-06-13 |
| 4557 | Collecting Shells by the Sea of NAS Vulnerabilities |
OS command injection
XSS
CSRF |
Lenovo |
Rick Ramgattie (@RRamgattie) |
Bug Bounty | 2018-10-01 | 2023-06-13 |
| 4556 | How i found Stored xss on your-domain.redacted.com |
XSS |
NA |
Rudra Sarkar (@rudr4_sarkar) |
Bug Bounty | 2018-10-02 | 2023-06-13 |
| 4555 | Applying a small bypass to steal Facebook Session tokens in Uber |
XSS
CSP bypass
OAuth |
Uber |
Samuel (@saamux) |
Bug Bounty | 2018-10-02 | 2023-06-13 |
| 4554 | AWS takeover through SSRF in JavaScript |
SSRF |
NA |
Gwendal Le Coguic (@gwendallecoguic) |
Bug Bounty | 2018-10-02 | 2023-06-13 |
| 4553 | Facebook Bug Bounty: Email Id, Phone Number Can be exposed Through Business Manager |
Logic flaw
Information disclosure |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2018-10-03 | 2023-06-13 |
| 4552 | Exploiting an unknown vulnerability |
Logic flaw
Payment tampering |
NA |
Abhishek Bundela (@abhibundela) |
Bug Bounty | 2018-10-03 | 2023-06-13 |
| 4551 | Persistent XSS (Unvalidated oEmbed) at Medium.com |
Stored XSS |
Medium |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2018-10-04 | 2023-06-13 |
| 4550 | An interesting Google vulnerability that got me 3133.7 reward. |
CSRF |
Google |
Ebrahem Hegazy (@Zigoo0) |
Bug Bounty | 2018-10-04 | 2023-06-13 |
| 4549 | GoogleMeetRoulette: Joining random meetings |
Bruteforce
Logic flaw |
Google |
Martin Vigo (@martin_vigo) |
Bug Bounty | 2018-10-04 | 2023-06-13 |
| 4548 | Apache Struts double evaluation RCE lottery |
RCE
Double OGNL evaluation |
Apache Struts |
Man Yue Mo (@mmolgtm) |
Bug Bounty | 2018-10-04 | 2023-06-13 |
| 4547 | Clickjacking in Google Docs and Voice typing feature. |
Clickjacking |
Google |
Raushan Raj (@raushan_rajj) |
Bug Bounty | 2018-10-05 | 2023-06-13 |
| 4546 | Blind XML External Entities Out-Of-Band Channel Vulnerability : PayPal Case Study |
Blind XXE |
Paypal |
Abdelmoughite Eljoaydi |
Bug Bounty | 2018-10-05 | 2023-06-13 |
| 4545 | Bypassing Web Cache Poisoning Countermeasures |
Web cache poisoning |
Cloudflare |
James Kettle (@albinowax) |
Bug Bounty | 2018-10-05 | 2023-06-13 |
| 4544 | My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY |
Reflected XSS
CSP bypass |
NA |
Ali Tütüncü(@alicanact60) |
Bug Bounty | 2018-10-07 | 2023-06-13 |
| 4543 | Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com |
Stored XSS |
LinkedIn |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2018-10-07 | 2023-06-13 |
| 4542 | [Critical] Bypass CSRF protection on IBM |
CSRF |
IBM |
Mohamed Sayed (@FlEx0Geek) |
Bug Bounty | 2018-10-09 | 2023-06-13 |
| 4541 | Make any Unit in Facebook Groups Undeletable |
Logic flaw
IDOR
Authorization flaw |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2018-10-09 | 2023-06-13 |
| 4540 | DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More |
DOM XSS |
Tinder |
VPN Mentor (@vpnmentor) |
Bug Bounty | 2018-10-09 | 2023-06-13 |
| 4539 | Get as image function pulls any Insights/NRQL data from any New Relic account (IDOR) |
IDOR |
New Relic |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2018-10-09 | 2023-06-13 |
| 4537 | Payment bypass |
Payment bypass
Logic flaw |
NA |
Pratik Yadav (@PratikY9967) |
Bug Bounty | 2018-10-09 | 2023-06-13 |
| 4536 | Symantec Messaging Gateway authentication bypass |
Authentication bypass |
Symantec |
Artem Kondratenko (@artkond) |
Bug Bounty | 2018-10-10 | 2023-06-13 |
| 4535 | Access to staging environment via User-Agent string |
Authentication bypass |
NA |
Yasser Gersy (@yassergersy) |
Bug Bounty | 2018-10-10 | 2023-06-13 |
