| 4457 | Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read! |
SSRF
LFI |
NA |
Zain Sabahat (@Zain_Sabahat) |
Bug Bounty | 2018-11-22 | 2023-06-13 |
| 4456 | Bypassing Scratch Cards On Google Pay |
Logic flaw |
Google |
Pratheesh P Narayanan |
Bug Bounty | 2018-11-22 | 2023-06-13 |
| 4455 | Stored XSS Vulnerability in Jotform and H1C Private Site |
Stored XSS |
NA |
Anas Mahmood (@AnasIsHere) |
Bug Bounty | 2018-11-23 | 2023-06-13 |
| 4454 | My Journey To The Google Hall Of Fame |
Open redirect
XSS |
Google |
Abartan Dhakal (@imhaxormad) |
Bug Bounty | 2018-11-25 | 2023-06-13 |
| 4453 | From CTFs to Bug Bounty Booty |
Information disclosure |
Tailor Store |
Benji Tobias |
Bug Bounty | 2018-11-26 | 2023-06-13 |
| 4448 | Instagram Multi-factor authentication Bypass |
MFA bypass |
Meta / Facebook |
Vishnuraj |
Bug Bounty | 2018-11-27 | 2023-06-13 |
| 4447 | Pwning eBay - How I Dumped eBay Japan%27s Website Source Code |
.git folder disclosure
Source code disclosure |
Ebay |
David (@slashcrypto) |
Bug Bounty | 2018-11-28 | 2023-06-13 |
| 4446 | IRCTC — Millions of Passenger Details left at huge risk! |
Information disclosure
Lack of rate limiting |
IRCTC |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-11-28 | 2023-06-13 |
| 4445 | Broken Authentication — Bug Bounty |
Session management issue |
NA |
Vulnerables |
Bug Bounty | 2018-11-28 | 2023-06-13 |
| 4444 | Story of Stored Xss |
XSS |
NA |
Walid Hossain (@NoobWalid) |
Bug Bounty | 2018-11-28 | 2023-06-13 |
| 4443 | Exploiting post message to steal and replace user’s cookies |
postMessage |
NA |
Yasser Gersy (@yassergersy) |
Bug Bounty | 2018-11-30 | 2023-06-13 |
| 4442 | Story about my first bug bounty |
XSS |
Alibaba |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2018-11-30 | 2023-06-13 |
| 4441 | Love Story Of A Account Takeover (Chaining Host Header Injection To Takeover Someones Account) |
Host header injection |
NA |
Logical Bimboo |
Bug Bounty | 2018-11-30 | 2023-06-13 |
| 4440 | Remotely Hijacking Zoom Clients |
Logic flaw |
Zoom |
David Wells |
Bug Bounty | 2018-12-03 | 2023-06-13 |
| 4439 | [BBP系列三] Hijack the JS File of Uber%27s Website |
JS file hijacking |
Uber |
Chaobin Zhang |
Bug Bounty | 2018-12-03 | 2023-06-13 |
| 4438 | Digging in to SCP Command Injection |
OS command injection |
JSch |
Dylan Katz (@Plazmaz) |
Bug Bounty | 2018-12-03 | 2023-06-13 |
| 4437 | GitHub Desktop RCE (OSX) |
RCE |
GitHub |
André Baptista (@0xacb) |
Bug Bounty | 2018-12-04 | 2023-06-13 |
| 4436 | How to accidentally find a XSS in ProtonMail iOS app |
XSS |
ProtonMail |
SecuNinja (@secuninja) |
Bug Bounty | 2018-12-04 | 2023-06-13 |
| 4435 | Taking over Google calendar of a company |
Subdomain takeover |
NA |
Daniel V. (@d4niel_v) |
Bug Bounty | 2018-12-04 | 2023-06-13 |
| 4433 | XSS to XXE in Prince v10 and below (CVE-2018-19858) |
XSS
XXE |
NA |
Corben Leo (@hacker_) |
Bug Bounty | 2018-12-05 | 2023-06-13 |
| 4432 | Billion Laugh Attack in https://sites.google.com |
Billion laugh attack
DoS |
Google |
Antonio Sanso (@asanso) |
Bug Bounty | 2018-12-05 | 2023-06-13 |
| 4431 | Facebook WhiteHat: Able to access group plan even after leaving the group |
Authorization flaw
Logic flaw |
Meta / Facebook |
Family guy |
Bug Bounty | 2018-12-06 | 2023-06-13 |
| 4430 | RCE in Hubspot with EL injection in HubL |
RCE |
HubSpot |
Fyoorer (@ƒyoorer) |
Bug Bounty | 2018-12-07 | 2023-06-13 |
| 4429 | How I was Able To Bypass Email Verification |
Information disclosure |
NA |
Muzammil Kayani (@muzammilabbas2) |
Bug Bounty | 2018-12-08 | 2023-06-13 |
| 4428 | Proof Of Concept Nokia Cross Site Scripting |
XSS |
Nokia |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2018-12-09 | 2023-06-13 |
