| 4338 | Misconfiguration-Whatsapp Messenger |
Logic flaw |
Meta / Facebook |
Pratheesh P Narayanan |
Bug Bounty | 2019-01-26 | 2023-06-13 |
| 4337 | Chaining Tricky OAuth Exploitation To Stored XSS |
Stored XSS
OAuth |
NA |
Rohan aggarwal (@nahoragg) |
Bug Bounty | 2019-01-27 | 2023-06-13 |
| 4336 | A short tale of Account verification bypass |
Email verification bypass
Authorization flaw |
NA |
Satyendra Kumar |
Bug Bounty | 2019-01-27 | 2023-06-13 |
| 4335 | Hijacking accounts by retrieving JWT tokens via unvalidated redirects |
Open redirect
Token leak |
NA |
Shawar Khan (@ShawarkOFFICIAL) |
Bug Bounty | 2019-01-27 | 2023-06-13 |
| 4334 | Unsecured access to personal data of a million Leo Express users |
Authorization flaw
XSS |
Leo Express |
Thomas Orlita (@ThomasOrlita) |
Bug Bounty | 2019-01-29 | 2023-06-13 |
| 4333 | Protonmail XSS — Stored |
Stored XSS
Bruteforce |
ProtonMail |
Chand Singh (@Chand_42) |
Bug Bounty | 2019-01-29 | 2023-06-13 |
| 4332 | Guest blog: Eray Mitrani - Hacking isn’t an exact science |
Authorization flaw |
NA |
Eray Mitrani (@ErayMitrani) |
Bug Bounty | 2019-01-29 | 2023-06-13 |
| 4331 | Publish tweets by any other user |
IDOR |
Twitter |
Kedrisec (@kedrisec) |
Bug Bounty | 2019-01-30 | 2023-06-13 |
| 4330 | How I hacked a website integrated w/ Facebook having 1.1 mil. users under 45 seconds. |
Information disclosure |
WeeQuizz |
Piyush Raj (@0x48piraj) |
Bug Bounty | 2019-01-30 | 2023-06-13 |
| 4329 | $7.5k Google Cloud Platform organization issue |
Logic flaw |
Google |
Ezequiel Pereira (@epereiralopez) |
Bug Bounty | 2019-01-30 | 2023-06-13 |
| 4328 | How I found a simple bug in Facebook without any Test |
Authorization flaw |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2019-01-31 | 2023-06-13 |
| 4327 | LFI in Apigee portals |
LFI |
Google |
wtm@offensi.com (@wtm_offensi) |
Bug Bounty | 2019-01-31 | 2023-06-13 |
| 4326 | How I was able to Extract Information of Other Users- Exploiting IDOR |
IDOR |
Knowyourmeds.com |
Rupika Luhach (@Rup_Ki_Rani) |
Bug Bounty | 2019-02-02 | 2023-06-13 |
| 4325 | A Unique XSS Scenario in SmartSheet || $1000 bounty |
Stored XSS |
Smartsheet |
Rohan Chavan (@rohanchavan1918) |
Bug Bounty | 2019-02-03 | 2023-06-13 |
| 4324 | Reverse RDP Attack: Code Execution on RDP Clients |
Path traversal |
Microsoft |
Eyal Itkin |
Bug Bounty | 2019-02-05 | 2023-06-13 |
| 4323 | Detecting and exploiting mass-assignments in order to manipulate user columns and read private messages |
Mass assignment |
NA |
Paul (@padannewitz) |
Bug Bounty | 2019-02-05 | 2023-06-13 |
| 4322 | How I hacked 40,000 user accounts of Microsoft using 2FA bypass(outlook.live.com) |
MFA bypass |
Microsoft |
Vartul Goyal (@hackvartul) |
Bug Bounty | 2019-02-05 | 2023-06-13 |
| 4321 | Jumping Over The Fence |
Open redirect |
NA |
Shahar Albeck |
Bug Bounty | 2019-02-05 | 2023-06-13 |
| 4320 | Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard |
Path traversal
RCE |
Microsoft |
Lee Christensen (@tifkin_) |
Bug Bounty | 2019-02-06 | 2023-06-13 |
| 4319 | Cache Deception: How I discovered a vulnerability in Medium and helped them fix it |
Web cache deception |
Medium |
Yuval Shprinz |
Bug Bounty | 2019-02-06 | 2023-06-13 |
| 4317 | How i was able to dump SqlDB | Simple bug |
Directory listing
SQL injection
Authentication bypass |
NA |
clever idi0t |
Bug Bounty | 2019-02-07 | 2023-06-13 |
| 4314 | Setting Up Gitrob and using it to find Leaking Repository of an Employee in a hackerone private program. |
Information disclosure |
NA |
Sahil Tikoo (@viperbluff) |
Bug Bounty | 2019-02-09 | 2023-06-13 |
| 4313 | How I hacked ASUS? |
Unrestricted file upload
RCE |
Asus |
Mustafa Kemal Can (@muskecan) |
Bug Bounty | 2019-02-09 | 2023-06-13 |
| 4312 | Csrf Bypass Using Cross Frame Scripting |
CSRF |
NA |
Mr.Hacker (@mr_hacker0007) |
Bug Bounty | 2019-02-10 | 2023-06-13 |
| 4311 | I Found Clickjacking on Google CSE. Is This Important? |
Clickjacking |
Google |
Mukhammad Akbar (@abaykandotcom) |
Bug Bounty | 2019-02-10 | 2023-06-13 |
