| 4401 | Facebook BugBounty - Disclosing page members |
Information disclosure |
Meta / Facebook |
Nirmal Thapa / mpz (@tnirmalz) |
Bug Bounty | 2018-12-20 | 2023-06-13 |
| 4400 | Facebook BugBounty — Disclosing page members |
Information disclosure |
Meta / Facebook |
Nirmal Thapa (@tnirmalz) |
Bug Bounty | 2018-12-20 | 2023-06-13 |
| 4399 | XSS worm – A creative use of web application vulnerability |
XSS |
Swisscom |
Nicolas Heiniger (@NicolasHeiniger) |
Bug Bounty | 2018-12-21 | 2023-06-13 |
| 4398 | How I accidentally found a clickjacking “feature” in Facebook |
Clickjacking |
Meta / Facebook |
Lasq (@lasq88) |
Bug Bounty | 2018-12-21 | 2023-06-13 |
| 4397 | Client side validation strikes again: PIN code bypass ! |
Client-side enforcement of server-side security
Authentication bypass
Authorization flaw |
Netflix
Linxo |
Davy (@RandoriSec) |
Bug Bounty | 2018-12-22 | 2023-06-13 |
| 4396 | Server-side Request Forgery in OpenID support |
SSRF |
Liberapay |
Putra Adhari |
Bug Bounty | 2018-12-24 | 2023-06-13 |
| 4395 | Tokopedia Account Takeover Bug Worth 8 Million IDR |
Password reset
Account takeover |
Tokopedia |
Mukul Lohar (@ironfisto) |
Bug Bounty | 2018-12-24 | 2023-06-13 |
| 4394 | Unauthenticated user can upload an attachment at HackerOne |
Authorization flaw |
HackerOne |
Ahamed Morad (@Modam3r5) |
Bug Bounty | 2018-12-24 | 2023-06-13 |
| 4393 | RCE in nokia.com |
RCE |
Nokia |
Sampanna Chimoriya |
Bug Bounty | 2018-12-27 | 2023-06-13 |
| 4392 | From Hunting for a Laptop to Hunting down Remote Code Execution |
RCE
WebDAV |
Asus |
Anil Tom (mr_4nk) |
Bug Bounty | 2018-12-27 | 2023-06-13 |
| 4391 | Reflected XSS on ws-na.amazon-adsystem.com(Amazon) |
Reflected XSS |
Amazon |
ssid (@newp_th) |
Bug Bounty | 2018-12-27 | 2023-06-13 |
| 4390 | How I Was Able To Takeover All User Account And Admin Panel |
IDOR
Account takeover |
NA |
Dipak kumar Das (@d1pakdas) |
Bug Bounty | 2018-12-28 | 2023-06-13 |
| 4389 | How I Takeover Wordpress Admin fiiipay.my |
Account takeover
CMS default files |
FiiiPay |
Syahrul Akbar Rohmani (@sahruldotid) |
Bug Bounty | 2018-12-28 | 2023-06-13 |
| 4388 | Abusing ACL Permissions to Overwrite other User’s Uploaded Files/Videos on s3 Bucket |
Unrestricted file upload
Authorization flaw |
NA |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2018-12-30 | 2023-06-13 |
| 4387 | How I was able to delete Google Gallery Data [IDOR] |
IDOR |
Google |
Yogesh Tantak |
Bug Bounty | 2018-12-30 | 2023-06-13 |
| 4386 | Bypassing Access Control in a Program on Hackerone !! |
Authorization flaw |
HackerOne |
Sahil Tikoo (@viperbluff) |
Bug Bounty | 2018-12-30 | 2023-06-13 |
| 4385 | Tale of a Misconfiguration in Password Reset |
Password reset |
NA |
Shuaib Oladigbolu (@_sawzeeyy) |
Bug Bounty | 2018-12-30 | 2023-06-13 |
| 4384 | A Curious Case From Little To Complete Email Verification Bypass |
Email verification bypass
Authorization flaw |
NA |
Megaman (@N0_M3ga_Hacks) |
Bug Bounty | 2019-01-01 | 2023-06-13 |
| 4383 | How i found web shell on AntiHack.me and Awarded Gold Coin And SWAG |
RCE |
Rudra Sarkar (@rudr4_sarkar) |
AntiHack.me |
Bug Bounty | 2019-01-01 | 2023-06-13 |
| 4382 | How I was able to Harvest other Vine users IP address |
IDOR |
Vine |
Prial Islam Khan (@prial261) |
Bug Bounty | 2019-01-02 | 2023-06-13 |
| 4381 | A Tricky Open Redirect |
Open redirect |
NA |
Anas Mahmood (@AnasIsHere) |
Bug Bounty | 2019-01-03 | 2023-06-13 |
| 4380 | Yes I can see your OTP |
IDOR |
NA |
Vulnerables |
Bug Bounty | 2019-01-03 | 2023-06-13 |
| 4379 | Stealing Side-Channel Attack Tokens in Facebook Account Switcher |
Token leak |
Meta / Facebook |
Max Pasqua |
Bug Bounty | 2019-01-04 | 2023-06-13 |
| 4378 | How I stumbled upon a Stored XSS(My first bug bounty story). |
Stored XSS |
Edmodo |
Parth Shah |
Bug Bounty | 2019-01-04 | 2023-06-13 |
| 4377 | How I could have taken over any Pinterest account |
CSRF
Account takeover |
Pinterest |
Arnold Anthony (@armold9anthony) |
Bug Bounty | 2019-01-05 | 2023-06-13 |
