| 4118 | How I was able to get private ticket response panel and FortiGate web panel via blind XSS |
Blind XSS |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2019-06-06 | 2023-06-13 |
| 4117 | Don’t underestimates the Errors They can provide good $$$ Bounty! |
Information disclosure
Internal path disclosure |
Mamba |
Aditya Sharma (@Assass1nmarcos) |
Bug Bounty | 2019-06-07 | 2023-06-13 |
| 4116 | IDOR Leads To Project Takeover |
IDOR |
NA |
Hariharan.s (@DJHARIZ1) |
Bug Bounty | 2019-06-09 | 2023-06-13 |
| 4115 | Account takeover using IDOR and the misleading case of error 403. |
IDOR |
NA |
Plenum (@plenumlab) |
Bug Bounty | 2019-06-11 | 2023-06-13 |
| 4114 | Facebook Vulnerability: Non-unfriendable user in /hacked workflow |
Logic flaw |
Meta / Facebook |
Ritish Kumar Singh |
Bug Bounty | 2019-06-11 | 2023-06-13 |
| 4113 | Reflected XSS on Error Page |
Reflected XSS |
NA |
Tomi (@noobe_io) |
Bug Bounty | 2019-06-11 | 2023-06-13 |
| 4112 | Redstrom Denial Of Service — Write Up |
DoS |
NA |
Zerb0a |
Bug Bounty | 2019-06-12 | 2023-06-13 |
| 4111 | Chaining Improper Authorization To Race Condition To Harvest Credit Card Details : A Bug Bounty Story |
Authorization flaw
Race condition |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2019-06-13 | 2023-06-13 |
| 4110 | How spending our Saturday hacking earned us 20k |
IDOR |
NA |
Matti Bijnens (@MattiBijnens) |
Bug Bounty | 2019-06-14 | 2023-06-13 |
| 4109 | IDOR — Account Takeover |
IDOR |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-14 | 2023-06-13 |
| 4108 | v1 Instance Metadata Service protections bypass |
SSRF |
Google |
Anthony Weems |
Bug Bounty | 2019-06-14 | 2023-06-13 |
| 4107 | Admin Account total Information Disclosure |
Source code disclosure
Information disclosure |
NA |
Nishant Saurav (@inishantsinha) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 4106 | XSSing Google Employees — Blind XSS on googleplex.com |
Blind XSS |
Google |
Thomas Orlita (@ThomasOrlita) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 4105 | Fullscreen API Attack’s Revisited and the FaceBook NA Story |
Phishing |
Meta / Facebook |
Circle Ninja (@circleninja) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 4104 | Complete Web Server Access |
Unrestricted file upload
RCE |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 4103 | Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion |
WAF bypass
LFI
Information disclosure |
NA |
Λявєη (@spenkkkkk) |
Bug Bounty | 2019-06-15 | 2023-06-13 |
| 4102 | Stealing Cookies to Login in any Account |
Cookie theft |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-16 | 2023-06-13 |
| 4101 | Account Takeover Worth $900 |
Account takeover
CSRF |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-16 | 2023-06-13 |
| 4100 | How I earned $1,500 in just 15 mins due to Amazon S3 bucket misconfiguration? |
AWS misconfiguration |
Dropbox |
Muhammad Asim Shahzad (@protector47) |
Bug Bounty | 2019-06-16 | 2023-06-13 |
| 4099 | Password Bypass and Something Else… |
Authentication bypass |
NA |
Vibhurushi Chotaliya (@_Vibhurushi_) |
Bug Bounty | 2019-06-16 | 2023-06-13 |
| 4098 | Bypassing XSS filter and Stealing User Payment Data |
XSS |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
| 4097 | SQl Injection |
SQL injection |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
| 4096 | Parameter Pollution issue in API resulting $XXX |
HTTP parameter pollution |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
| 4095 | Using Burp Suite match and replace settings to escalate your user privileges and find hidden features |
Client-side enforcement of server-side security |
New Relic |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
| 4094 | Reflected XSS in Tokopedia Train Ticket |
Reflected XSS |
New Relic |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
