| 4309 | Hacking YouTube for #fun and #profit |
IDOR |
Google |
Alexandru Coltuneac (@dekeeu) |
Bug Bounty | 2019-02-12 | 2023-06-13 |
| 4307 | Disclose private attachments in Facebook Messenger Infrastructure - 15,000$ |
IDOR |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2019-02-13 | 2023-06-13 |
| 4306 | [SSRF] Server Side Request Forgery in a private Program developers.example.com |
SSRF |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-02-14 | 2023-06-13 |
| 4305 | Third Party Android App Storing Facebook Data Insecurely (Facebook Data Abuse Program) |
Information disclosure
Missing authentication |
Meta / Facebook |
Nightwatch Cybersecurity (@nightwatchcyber) |
Bug Bounty | 2019-02-14 | 2023-06-13 |
| 4303 | Souq.com Subdomain Takeover via jazzhr.com service |
Subdomain takeover |
Souq.com |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-02-15 | 2023-06-13 |
| 4302 | Subdomain Takeover via HubSpot |
Subdomain takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-02-15 | 2023-06-13 |
| 4301 | Bypassing rate limit abusing misconfiguration rules |
Rate limiting bypass |
NA |
Daniel V. (@d4niel_v) |
Bug Bounty | 2019-02-15 | 2023-06-13 |
| 4300 | Open Redirect in SLACK |
Open redirect |
Slack |
Mukhammad Akbar (@abaykandotcom) |
Bug Bounty | 2019-02-16 | 2023-06-13 |
| 4299 | Subdomain Takeover via Wufoo Service in a Private Program |
Subdomain takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-02-16 | 2023-06-13 |
| 4298 | Facebook/Workplace Bug Exposed Offsite Employee Events, Sensitive emails Putting Employees at Risk |
Information disclosure |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-02-16 | 2023-06-13 |
| 4296 | $1.000 SSRF in Slack |
SSRF |
Slack |
Elber Andre (@Elber333) |
Bug Bounty | 2019-02-17 | 2023-06-13 |
| 4295 | Stored XSS on Edmodo |
Stored XSS |
Edmodo |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-02-18 | 2023-06-13 |
| 4294 | 2 Subdomains Takeover via Unbounce in a Private Program |
Subdomain takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-02-18 | 2023-06-13 |
| 4293 | DoS on WAF Protected Sites by Abusing Cookie |
DoS |
Upwork |
Anas Mahmood (@AnasIsHere) |
Bug Bounty | 2019-02-18 | 2023-06-13 |
| 4292 | Using URI to pop shells via the Discord Client |
URI abuse
Social engineering |
Discord |
RagSec (@rag_sec) |
Bug Bounty | 2019-02-18 | 2023-06-13 |
| 4291 | Multiple Stored XSS On Tokopedia |
Stored XSS
Blind XSS |
Tokopedia |
apapedulimu / Nosa Shandy (@LocalHost31337) |
Bug Bounty | 2019-02-19 | 2023-06-13 |
| 4290 | Leakage of Client Secret, Server tokens of all Uber developer applications |
Information disclosure |
Uber |
Anand Prakash (@anandpraka_sh) |
Bug Bounty | 2019-02-19 | 2023-06-13 |
| 4289 | Bug Writeup: FBCTF IDOR |
IDOR |
Meta / Facebook |
George Osterweil |
Bug Bounty | 2019-02-20 | 2023-06-13 |
| 4288 | How I Registered Multiple Accounts in PrivateInternetAccess VPN Service for FREE |
Logic flaw |
PrivateInternetAccess VPN |
Spade |
Bug Bounty | 2019-02-20 | 2023-06-13 |
| 4287 | Reflected XSS at https://photos.shopify.com |
Reflected XSS |
Shopify |
Ahamed Morad (@Modam3r5) |
Bug Bounty | 2019-02-21 | 2023-06-13 |
| 4286 | Abusing autoresponders and email bounces |
Information disclosure
Logic flaw |
Google
Intigriti |
Inti De Ceukelaire (@securinti) |
Bug Bounty | 2019-02-21 | 2023-06-13 |
| 4285 | Swiss_E-Voting_Publications |
XSS
XXE
RCE
Missing authentication
Authentication flaw
Hardcoded credentials |
Swiss E-Voting |
setuid0 (@_setuid0_) |
Bug Bounty | 2019-02-21 | 2023-06-13 |
| 4284 | Exploiting Google Calendars |
Authorization flaw
Information disclosure |
Uber
Shopify
Netflix |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2019-02-22 | 2023-06-13 |
| 4283 | Subdomain Misconfiguration lead to AWS S3 Buckets Reader |
Subdomain takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-02-22 | 2023-06-13 |
| 4282 | Download any organisation Data — S3 amazonaws Misconfiguration |
Authorization flaw |
NA |
Chand Singh (@Chand_42) |
Bug Bounty | 2019-02-22 | 2023-06-13 |
