| 3104 | Weak Password Setting function on practo.com |
Authorization flaw |
Practo |
dark-haxor |
Bug Bounty | 2020-10-09 | 2023-06-13 |
| 3103 | JS is l0ve ❤️. |
Information disclosure
API key leakage |
NA |
Shivam Kamboj Dattana (@sechunt3r) |
Bug Bounty | 2020-10-09 | 2023-06-13 |
| 3102 | Leveraging XSS to Read Internal Files |
XSS
LFI |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2020-10-09 | 2023-06-13 |
| 3101 | Unauthorized access to all the user’s account. |
Account takeover
Authentication bypass
JWT |
NA |
Rahul Naidu |
Bug Bounty | 2020-10-12 | 2023-06-13 |
| 3098 | How I find my first P1 level Bug. $$$ |
XSS |
NA |
Harsh |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 3097 | Blind SSRF - The Hide & Seek Game |
Blind SSRF |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 3096 | I had fun with this XSS |
XSS |
NA |
yappare (@yappare) |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 3095 | MS Enterprise app management service RCE. CVE-2022-35841 |
RCE
Local Privilege Escalation
Windows |
Microsoft |
Ceri Coburn (@_ethicalchaos_) |
Bug Bounty | 2020-10-13 | 2023-06-13 |
| 3094 | Weaponizing XSS For Fun & Profit |
XSS
CSRF |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2020-10-14 | 2023-06-13 |
| 3092 | GitHub - RCE via git option injection (almost) - $20,000 Bounty |
RCE |
GitHub |
William Bowling / vakzz (@wcbowling) |
Bug Bounty | 2020-10-18 | 2023-06-13 |
| 3091 | GitHub Gist - Account takeover via open redirect - $10,000 Bounty |
Open redirect
Account takeover |
GitHub |
William Bowling / vakzz (@wcbowling) |
Bug Bounty | 2020-10-19 | 2023-06-13 |
| 3090 | Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers |
Authentication bypass
JWT
Android |
NHS COVID-19 App |
James Sanderson (@zofrex) |
Bug Bounty | 2020-10-20 | 2023-06-13 |
| 3088 | Back to 2019: Disclosure Employers PII and Credentials |
Information disclosure |
NA |
Wh11teW0lf (@wh11tew0lf) |
Bug Bounty | 2020-10-20 | 2023-06-13 |
| 3087 | GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty |
RCE
Path traversal |
GitHub |
William Bowling / vakzz (@wcbowling) |
Bug Bounty | 2020-10-20 | 2023-06-13 |
| 3084 | IBM Datapower Exploit CVE-2020-5014 |
SSRF
HTTP Request Smuggling |
IBM |
Thomas Cope |
Bug Bounty | 2020-10-21 | 2023-06-13 |
| 3083 | 300$ P3 Easy Bug in 30 Seconds |
Missing authentication
Broken Access Control |
NA |
Omar Hamdy (@seaman00o) |
Bug Bounty | 2020-10-22 | 2023-06-13 |
| 3082 | Samsung S20 - RCE via Samsung Galaxy Store App |
RCE |
Samsung |
F-Secure |
Bug Bounty | 2020-10-23 | 2023-06-13 |
| 3081 | Accidental Observation to Critical IDOR |
IDOR |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-10-24 | 2023-06-13 |
| 3074 | Automating xss identification with Dalfox & Paramspider |
Reflected XSS |
NA |
Paras Arora (@parasarora06) |
Bug Bounty | 2020-10-27 | 2023-06-13 |
| 3073 | Error-Based SQL Injection on a WordPress website and extract more than 150k user details |
SQL injection |
NA |
Ynoof Alassiri |
Bug Bounty | 2020-10-27 | 2023-06-13 |
| 3072 | Story of an interesting bug. |
Lack of rate limiting
DoS |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2020-10-28 | 2023-06-13 |
| 3071 | Weblogic RCE by only one GET request — CVE-2020–14882 Analysis |
RCE
Authentication bypass
Security code review |
Oracle (WebLogic) |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2020-10-28 | 2023-06-13 |
| 3070 | Manual broken link monitoring |
Broken link hijacking |
NA |
GrumpinouT (@RVerwilghen) |
Bug Bounty | 2020-10-29 | 2023-06-13 |
| 3069 | Rate Limit Bypassing Allowing Identity Spoofing |
Rate limiting bypass
OTP bypass |
NA |
Mohamed Talaat (@T4144t) |
Bug Bounty | 2020-10-29 | 2023-06-13 |
| 3065 | Beyond the wall: command injection still alive. |
OS command injection |
NA |
Ahmed Constant (@a_Constant_) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
