3064 | Abusing %27Report Abuse%27 |
Logic flaw
Authorization flaw |
NA |
Aseem Shrey (@AseemShrey) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
3063 | How i got 7000$ in Bug-Bounty for my Critical Finding. |
Information disclosure |
NA |
Kishan Kumar / Noobie BoY (@hst_kishan) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
3062 | An often overlooked Oauth misconfiguration. |
OAuth |
NA |
VipItHunter (@VipItHunter1) |
Bug Bounty | 2020-11-01 | 2023-06-13 |
3061 | Leaked .git folder leads to RCE |
.git folder disclosure
RCE |
NA |
James Clee (@jtcsec) |
Bug Bounty | 2020-11-01 | 2023-06-13 |
3060 | Subdomain Takeover in Azure: making a PoC |
Subdomain takeover |
NA |
Diego Bernal Adelantado (@secfaults) |
Bug Bounty | 2020-11-01 | 2023-06-13 |
3059 | CVE-2020-13294 |
Authentication flaw
OpenID Connect
OAuth |
GitLab |
Lauritz Holtmann (@_lauritz_) |
Bug Bounty | 2020-11-01 | 2023-06-13 |
3057 | Forcing for a bounty$$ |
Authorization flaw |
NA |
Rafi Ahamed (Leonidas D. Ace) |
Bug Bounty | 2020-11-03 | 2023-06-13 |
3056 | From a 500 error to Django admin takeover |
Authorization bypass
Account takeover |
NA |
Shashank (@cyberboyIndia) |
Bug Bounty | 2020-11-03 | 2023-06-13 |
3054 | How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day |
Information disclosure |
Brave Software |
sickcodes (@sickcodes) |
Bug Bounty | 2020-11-05 | 2023-06-13 |
3052 | Story of a Pre-Account Takeover |
Account takeover
OAuth |
NA |
Kushal Dhakal (@dhakal0kushal) |
Bug Bounty | 2020-11-06 | 2023-06-13 |
3046 | Firefox for Android: LAN-Based Intent Triggering |
Insecure intent
Android |
Mozilla |
initstring (@init_string) |
Bug Bounty | 2020-11-10 | 2023-06-13 |
3045 | Chaining password reset link poisoning, IDOR, and information leakage to achieve account takeover at api.redacted.com |
HTTP header injection |
NA |
Jadek Mark (@mase289) |
Bug Bounty | 2020-11-10 | 2023-06-13 |
3040 | Evernote: Universal-XSS, theft of all cookies from all sites, and more |
Universal XSS |
Evernote |
Oversecured (@OversecuredInc) |
Bug Bounty | 2020-11-12 | 2023-06-13 |
3039 | Evading Filters to perform the Arbitrary URL Redirection Attack |
Open redirect |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-11-12 | 2023-06-13 |
3036 | Interesting case of SQLi |
SQL injection |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2020-11-13 | 2023-06-13 |
3034 | Smuggling an (Un)exploitable XSS |
HTTP Request Smuggling
XSS |
NA |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2020-11-13 | 2023-06-13 |
3032 | Theoretically Possible To Practical Account Takeover |
IDOR
Account takeover |
NA |
Mukul Lohar (@ironfisto) |
Bug Bounty | 2020-11-14 | 2023-06-13 |
3031 | Account takeover through password reset |
Account takeover
Password reset |
NA |
Omar Hamdy (@seaman00o) |
Bug Bounty | 2020-11-14 | 2023-06-13 |
3030 | SD-PWN Part 2 — Citrix SD-WAN Center — Another Network Takeover |
RCE
Authentication bypass
Path traversal
OS command injection
Local Privilege Escalation |
Citrix Systems |
Realmode Labs (@RealmodeLabs) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
3029 | Exploiting API with AuthToken |
Token leak
Information disclosure |
NA |
Rafi Ahamed (Leonidas D. Ace) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
3028 | Weak Cryptography to Account Takeover’s |
Cryptographic issues
Account takeover
IDOR |
NA |
letmeslidein (@VasuYadaav) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
3026 | Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data |
Information disclosure
Broken access control
IDOR
SQL injection |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
3025 | RCE via Server-Side Template Injection |
SSTI
RCE |
NA |
Gaurav Mishra (@gmishra010) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
3024 | Pentest-Story: Empirum password decryption |
Weak crypto
Reverse engineering |
Matrix42 |
evait security GmbH (@evait_security) |
Bug Bounty | 2020-11-16 | 2023-06-13 |
3023 | Stealing User’s PII info by visiting API endpoint directly |
Information disclosure
Logic flaw |
NA |
Kunal pandey (@kunalp94) |
Bug Bounty | 2020-11-16 | 2023-06-13 |