| 4147 | A base64 encoded parameter. |
HTML injection |
NA |
Navneet (@na5n33t) |
Bug Bounty | 2019-05-19 | 2023-06-13 |
| 4146 | Open-redirect to Account Takeover. |
Open redirect
Account takeover |
NA |
Rishabh (@____cypher____) |
Bug Bounty | 2019-05-19 | 2023-06-13 |
| 4145 | WRITE UP – GOOGLE BUG BOUNTY: LFI ON PRODUCTION SERVERS in “springboard.google.com” – $13,337 USD |
LFI |
Google |
Omar Espino (@omespino) |
Bug Bounty | 2019-05-21 | 2023-06-13 |
| 4144 | Leaking OpenID tokens with “ — the bug right infront of you |
OpenID Connect
Open redirect
Token leak |
NA |
Zseano (@zseano) |
Bug Bounty | 2019-05-21 | 2023-06-13 |
| 4143 | Local File Inclusion in peering.google.com |
LFI |
Google |
Jafar Abo Nada (@Jafar_Abo_Nada) |
Bug Bounty | 2019-05-21 | 2023-06-13 |
| 4142 | Google Adwords(Privilege Escalation): Read-only user able to add YouTube channels via Linked accounts |
Privilege escalation
Authorization flaw |
Google |
Family guy |
Bug Bounty | 2019-05-21 | 2023-06-13 |
| 4140 | Escalating subdomain takeovers to steal cookies by abusing document.domain |
Subdomain takeover |
Postmates |
Ameya (@iamTakeMyHand) |
Bug Bounty | 2019-05-23 | 2023-06-13 |
| 4139 | How I acquired $XXX bounty by investing 99 cents |
Logic flaw |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 4137 | Security assessment on the staging domains |
Missing authentication |
NA |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 4136 | From file upload to email:pass |
Unrestricted file upload |
NA |
fr0stNuLL |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 4135 | Multiple API issues due to Fixed Authorization token. |
Authorization flaw |
NA |
Mustafa Khan (@by6153) |
Bug Bounty | 2019-05-24 | 2023-06-13 |
| 4133 | How did I bypass a Custom Brute Force protection and why that solution is not a good idea? |
Bruteforce
Authentication flaw |
NA |
dortz |
Bug Bounty | 2019-05-25 | 2023-06-13 |
| 4132 | An unexploited CORS misconfiguration reflecting further issues. |
CORS misconfiguration |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2019-05-27 | 2023-06-13 |
| 4131 | Stored XSS on Edmodo |
Stored XSS |
Edmodo |
Rohit Verma (@rv0x00) |
Bug Bounty | 2019-05-28 | 2023-06-13 |
| 4130 | Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS #bugbounty |
Stored XSS
MIME sniffing |
NA |
HackerOn2Wheels (@HackerOn2Wheels) |
Bug Bounty | 2019-05-30 | 2023-06-13 |
| 4129 | My First CSRF to Account Takeover worth $750 |
CSRF
Account takeover |
NA |
Nishant Saurav (@inishantsinha) |
Bug Bounty | 2019-05-30 | 2023-06-13 |
| 4128 | Edmodo Account Deactivation Vulnerability |
CORS misconfiguration |
Edmodo |
Shankar R |
Bug Bounty | 2019-06-01 | 2023-06-13 |
| 4127 | Story of a uri based xss with some simple google dorking |
XSS |
NA |
Jatin Aesthetic (@techyfreakk) |
Bug Bounty | 2019-06-02 | 2023-06-13 |
| 4126 | The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise |
SSRF
RFI |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-06-02 | 2023-06-13 |
| 4125 | Missing access control at play store |
Authorization flaw |
Google |
Vishwaraj Bhattrai (@vishwaraj101) |
Bug Bounty | 2019-06-03 | 2023-06-13 |
| 4124 | Simple PathTraversal bypass |
Path traversal |
NA |
fr0stNuLL |
Bug Bounty | 2019-06-03 | 2023-06-13 |
| 4123 | Chaining multiple low-impact bugs to arbitrary file read in GitLab |
Path traversal |
GitLab |
Li Rongxi (@nyan_gawa) |
Bug Bounty | 2019-06-04 | 2023-06-13 |
| 4122 | REMOTE CODE EXECUTION ! 😜 Recon Wins |
RCE |
NA |
Vishnuraj |
Bug Bounty | 2019-06-04 | 2023-06-13 |
| 4121 | Bypassing CSP with policy injection |
CSP bypass |
Paypal |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2019-06-05 | 2023-06-13 |
| 4120 | Unicode vs WAF — XSS WAF Bypass |
XSS |
NA |
Prial Islam Khan (@prial261) |
Bug Bounty | 2019-06-05 | 2023-06-13 |
