3147 | Cross-tenant Cloud Function compromise via storage bucket squatting |
Cross-tenant vulnerability |
Google |
Anthony Weems |
Bug Bounty | 2020-09-20 | 2023-06-13 |
3146 | How I By-pass the login page and 2FA authentication….. |
Authentication bypass
OTP bypass
MFA bypass |
NA |
Harsh |
Bug Bounty | 2020-09-20 | 2023-06-13 |
3144 | How I earned $500 from Google - Flaw in Authentication |
Authentication flaw |
Google |
Hemant Patidar (@HemantSolo) |
Bug Bounty | 2020-09-20 | 2023-06-13 |
3143 | Unauthenticated File upload Vulnerability on Synology Sub-domain |
Unrestricted file upload |
Synology |
Touhid Shaikh |
Bug Bounty | 2020-09-20 | 2023-06-13 |
3142 | suPHP - The vulnerable ghost in your shell |
Local Privilege Escalation |
NA |
Maxime (@punkeel) |
Bug Bounty | 2020-09-21 | 2023-06-13 |
3141 | suPHP - The vulnerable ghost in your shell🎯Business Logic Flaw in Google Acquisition! (Hall Of Fame)🎯 |
Logic flaw |
Google |
Ritesh Gohil (@RiteshG37659480) |
Bug Bounty | 2020-09-21 | 2023-06-13 |
3140 | Fun with Header and Forget Password |
HTTP header injection |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-09-22 | 2023-06-13 |
3139 | #Bugbounty- “How I was able to see other users Payments in a travel application” — IDOR #800$ |
IDOR
Information disclosure |
NA |
ganiganesh (@ganiganeshss79) |
Bug Bounty | 2020-09-22 | 2023-06-13 |
3137 | Dangling DNS: AWS EC2 |
Dangling DNS records
Subdomain takeover |
NA |
Mohamed Elbadry (@_melbadry9) |
Bug Bounty | 2020-09-24 | 2023-06-13 |
3136 | PII Leakage via IDOR + Weak PasswordReset = Full Account Takeover |
IDOR
Information disclosure |
NA |
Pradeep Kumar (@Killer007p) |
Bug Bounty | 2020-09-25 | 2023-06-13 |
3134 | Parameter Tampering ₹→$ |
Parameter tampering |
NA |
SuneetSingh |
Bug Bounty | 2020-09-26 | 2023-06-13 |
3133 | Hacking the Medium partner program |
Logic flaw |
Medium |
Mohammad-Ali Bandzar |
Bug Bounty | 2020-09-26 | 2023-06-13 |
3132 | Chains on Chains: Chaining multiple low-level vulns into a Critical. |
Blind XSS
CSP bypass
Lack of rate limiting
Exposed JWT generation endpoint
JWT |
NA |
Daniel Marte (@Masonhck3571) |
Bug Bounty | 2020-09-26 | 2023-06-13 |
3131 | 5 Ways to do Account Takeover in a Single Website |
Account takeover
Lack of rate limiting
OTP bypass
IDOR
OAuth
JWT |
NA |
letmeslidein (@VasuYadaav) |
Bug Bounty | 2020-09-27 | 2023-06-13 |
3130 | P1: Critical - Discovering and Foiling a Threat Actor |
Information disclosure |
NA |
Jackson Henry (@JacksonHHax) |
Bug Bounty | 2020-09-27 | 2023-06-13 |
3129 | Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call |
Account takeover |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2020-09-28 | 2023-06-13 |
3126 | RCE on Spip and Root-Me |
RCE
SQL injection
XSS
Open redirect
Reflected file download |
SPIP |
Laluka (@TheLaluka) |
Bug Bounty | 2020-09-29 | 2023-06-13 |
3123 | The Powerful HTTP Request Smuggling 💪 |
HTTP Request Smuggling |
NA |
Ricardo Iramar dos Santos (@ricardo_iramar) |
Bug Bounty | 2020-10-01 | 2023-06-13 |
3120 | Exploiting Payment Gateways |
Payment tampering |
NA |
letmeslidein (@VasuYadaav) |
Bug Bounty | 2020-10-03 | 2023-06-13 |
3119 | Spend more time doing recon, you’ll find more BUGS. |
Reflected XSS
Information disclosure |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2020-10-03 | 2023-06-13 |
3118 | Leveraging LFI to RCE in a website with +20000 users |
LFI
RCE |
NA |
Kleiton Kurti (@kleiton0x7e) |
Bug Bounty | 2020-10-04 | 2023-06-13 |
3116 | Watch your requests! Open redirect to a complete account takeover |
Path traversal
Open redirect
SSRF
Account takeover |
NA |
Suraj Disoja (@ninetyn1ne_) |
Bug Bounty | 2020-10-05 | 2023-06-13 |
3107 | ATO via Host Header Poisoning |
Host header injection
Account takeover
Password reset |
NA |
Shivam Kamboj Dattana (@sechunt3r) |
Bug Bounty | 2020-10-08 | 2023-06-13 |
3106 | Exploiting Admin Panel Like a Boss |
Authorization bypass
Weak credentials |
NA |
Shivam Kamboj Dattana (@sechunt3r) |
Bug Bounty | 2020-10-08 | 2023-06-13 |
3105 | CVE-2018–5230 | JIRA Cross Site Scripting |
Reflected XSS |
NA |
Paras Arora (@parasarora06) |
Bug Bounty | 2020-10-09 | 2023-06-13 |