| 4175 | How to bypass a 2FA with a HTTP header |
MFA bypass |
NA |
Yumi |
Bug Bounty | 2019-04-26 | 2023-06-13 |
| 4174 | Denial of Service using Cookie Bombing |
DoS
Cookie bomb |
NA |
Ronak Patel (@ronak_9889) |
Bug Bounty | 2019-04-26 | 2023-06-13 |
| 4173 | "CI Knew There Would Be Bugs Here" — Exploring Continuous Integration Services as a Bug Bounty Hunter |
Information disclosure
CI/CD |
NA |
EdOverflow (@EdOverflow) |
Bug Bounty | 2019-04-26 | 2023-06-13 |
| 4172 | Broken Access: Posting to Google private groups through any user in the group |
Authorization flaw |
Google |
Elber Andre (@Elber333) |
Bug Bounty | 2019-04-27 | 2023-06-13 |
| 4170 | Don’t Follow The Masses: Bug Hunting in JavaScript Engines |
Buffer Overflow
Memory corruption |
Google |
Dimitri Fourny (@dimitrifourny) |
Bug Bounty | 2019-04-29 | 2023-06-13 |
| 4169 | From Reflected XSS to Account Takeover — Showing XSS Impact |
Reflected XSS
Account takeover |
NA |
A Bug’z Life (@abugzlife1) |
Bug Bounty | 2019-04-30 | 2023-06-13 |
| 4168 | Reply To Instagram Stories where privacy of who can reply is set to Nobody’. |
Authorization flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2019-04-30 | 2023-06-13 |
| 4167 | From NA to $3000 : Facebook’s URL spoofing vulnerability |
URL spoofing |
Meta / Facebook |
Rahul Kankrale (@RahulKankrale) |
Bug Bounty | 2019-04-30 | 2023-06-13 |
| 4166 | Remote code execution On Microsoft edge using URL Protocol |
RCE |
Microsoft |
Matt harr0ey (@harr0ey) |
Bug Bounty | 2019-05-01 | 2023-06-13 |
| 4165 | XSS attacks on Googlebot allow search index manipulation |
Logic flaw |
Google |
Tom Anthony (@TomAnthonySEO) |
Bug Bounty | 2019-05-01 | 2023-06-13 |
| 4164 | Why You Shouldn%27t Use a Password Manager For Your Linode Account |
Account takeover
Information disclosure |
Linode |
Utku Şen (@utkusen) |
Bug Bounty | 2019-05-02 | 2023-06-13 |
| 4163 | Tale of a Wormable Twitter XSS |
XSS |
Twitter |
Ahmed Elsobky |
Bug Bounty | 2019-05-02 | 2023-06-13 |
| 4162 | ESI Injection Part 2: Abusing specific implementations |
ESI injection
RCE
SSRF
HTTP header injection |
NA |
Philippe Arteau (@h3xstream) |
Bug Bounty | 2019-05-02 | 2023-06-13 |
| 4161 | Server Side Request Forgery(SSRF){port issue hidden approch } |
SSRF |
NA |
Deepak Holani (@w_hat_boy) |
Bug Bounty | 2019-05-03 | 2023-06-13 |
| 4160 | Subdomain takeover [Awarded $200] |
Subdomain takeover |
ownCloud |
Friendly (@SkeletorKeys) |
Bug Bounty | 2019-05-07 | 2023-06-13 |
| 4159 | SQL injection through User-Agent |
SQL injection |
NA |
fr0stNuLL |
Bug Bounty | 2019-05-08 | 2023-06-13 |
| 4158 | 4x CSRFs Chained For Company Account Takeover |
CSRF
Account takeover |
NA |
A Bug’z Life (@abugzlife1) |
Bug Bounty | 2019-05-08 | 2023-06-13 |
| 4157 | BLIND SSRF in *.stripe.com due to Sentry Misconfiguration |
Blind SSRF |
Stripe |
Oktavandi (@0ktavandi) |
Bug Bounty | 2019-05-09 | 2023-06-13 |
| 4156 | Stored XSS on Techprofile Microsoft |
Stored XSS |
Microsoft |
Mohammad Ali Syarief |
Bug Bounty | 2019-05-09 | 2023-06-13 |
| 4155 | Think Outside the Scope: Advanced CORS Exploitation Techniques |
CORS misconfiguration |
NA |
Ayoub (@sandh0t) |
Bug Bounty | 2019-05-14 | 2023-06-13 |
| 4154 | Is MIME Sniffing XSS a real thing? [The story of weird Google bug bounties] |
Stored XSS
MIME sniffing |
Google |
Komodo Security |
Bug Bounty | 2019-05-15 | 2023-06-13 |
| 4153 | You do not need to run 80 reconnaissance tools to get access to user accounts |
Open redirect |
NA |
Stefano Vettorazzi (@stefanohablando) |
Bug Bounty | 2019-05-15 | 2023-06-13 |
| 4152 | From parameter pollution to XSS |
HTTP parameter pollution
XSS |
NA |
Mo%27men Basel |
Bug Bounty | 2019-05-16 | 2023-06-13 |
| 4150 | Bypassing Instagram’s stories restriction |
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2019-05-17 | 2023-06-13 |
| 4149 | Stealing Downloads from Slack Users |
CSRF |
Slack |
David Wells |
Bug Bounty | 2019-05-17 | 2023-06-13 |
