| 5013 | How i found massive information disclosure of 1500 famous people |
Information disclosure |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2017-07-31 | 2023-06-13 |
| 5011 | XSS Because of wrong Content-type Header |
XSS |
Internshala |
Noman Shaikh (@nomanali181) |
Bug Bounty | 2017-08-04 | 2023-06-13 |
| 5008 | Getting access to 25k employees details |
Exposed registration page |
NA |
Sahil Ahamad (@ehsahil) |
Bug Bounty | 2017-08-11 | 2023-06-13 |
| 5004 | Accidentally typo to bypass administration access |
Authentication bypass |
NA |
yappare (@yappare) |
Bug Bounty | 2017-08-13 | 2023-06-13 |
| 5003 | Password Not Provided - Compromising Any Flurry User%27s Account [Yahoo Bug Bounty] |
Authentication flaw
Account takeover |
Yahoo! / Verizon Media |
Jack Cable (@jackhcable) |
Bug Bounty | 2017-08-15 | 2023-06-13 |
| 5000 | Pre-domain wildcard CORS Exploitation |
CORS misconfiguration |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-08-26 | 2023-06-13 |
| 4999 | Upgrade from LFI to RCE via PHP Sessions |
LFI
RCE |
NA |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2017-08-28 | 2023-06-13 |
| 4998 | Bypassing Rate Limit Protection by spoofing originating IP |
Bruteforce |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-08-30 | 2023-06-13 |
| 4997 | Improper Storage of Private Project’s Files |
IDOR |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-08-30 | 2023-06-13 |
| 4992 | Stealing 0Auth Token (MITM) |
OAuth |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-09-01 | 2023-06-13 |
| 4991 | My write up about UBER Cross-site scripting by help of KNOXSS |
Reflected XSS |
Uber |
Emad Shanab (@Alra3ees) |
Bug Bounty | 2017-09-02 | 2023-06-13 |
| 4986 | Phishing with history.back() open redirect |
Open redirect |
NA |
Brian Hyde (@0xHyde) |
Bug Bounty | 2017-09-09 | 2023-06-13 |
| 4982 | Stored XSS] with arbitrary cookie installation |
XSS |
NA |
Arbaz Hussain (@ArbazKiraak) |
Bug Bounty | 2017-09-17 | 2023-06-13 |
| 4981 | Chaining Self XSS with UI Redressing is Leading to Session Hijacking (PWN users like a boss) |
Self-XSS
Clickjacking |
NA |
Armaan Pathan (@armaancrockroax) |
Bug Bounty | 2017-09-18 | 2023-06-13 |
| 4980 | Story of a Parameter Specific XSS! |
XSS |
NA |
Rahul Maini (@iamnoooob) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4979 | Exploiting a Single Request for Multiple Vulnerabilities |
Stored XSS
Reflected XSS
SSRF
OS command injection |
NA |
Osama Ansari (@AnsariOsama10) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4978 | First bounty, time to step up my game |
Same Origin Method Execution |
NA |
Roderick Schaefer (@kciredor_) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4977 | Multiple vulnerabilities in Oracle EBS |
SQL injection
XXE
XSS |
NA |
Shubham Gupta (@hackerspider1) |
Bug Bounty | 2017-09-19 | 2023-06-13 |
| 4968 | Device Authorization Bypass! |
Authorization flaw |
NA |
Hassan Khan Yusufzai |
Bug Bounty | 2017-09-25 | 2023-06-13 |
| 4959 | How I was Able to see someone’s all private files with a single file share link through Atom feed & Never Give Up #togetherwehitharder HackerOne |
Information disclosure |
NA |
Yogendra Jaiswal (@vulnh0lic) |
Bug Bounty | 2017-10-13 | 2023-06-13 |
| 4957 | Reading Internal Files using SSRF vulnerability |
SSRF |
NA |
Neeraj Sonaniya (@neeraj_sonaniya) |
Bug Bounty | 2017-10-16 | 2023-06-13 |
| 4956 | How I hacked all the [REDACT] Agents accounts |
Default credentials |
NA |
Neeraj Sonaniya (@neeraj_sonaniya) |
Bug Bounty | 2017-10-17 | 2023-06-13 |
| 4955 | Sensitive data exposure by requesting a resource with a different content type |
Information disclosure |
NA |
Yogendra Jaiswal (@vulnh0lic) |
Bug Bounty | 2017-10-17 | 2023-06-13 |
| 4949 | App Maker and Colaboratory: a stored Google XSS double-bill |
Stored XSS |
Google |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-11-01 | 2023-06-13 |
| 4948 | Senstive Information Leak Lead To join any Organisation |
Information disclosure |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2017-11-04 | 2023-06-13 |
