3019 | Tale of 3 vulnerabilities to account takeover! |
SSRF
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2020-11-17 | 2023-06-13 |
3018 | Server Side Misconfigurartion - A Funny Fix |
Information disclosure |
Basecamp |
Jerry Shah (@Jerry) |
Bug Bounty | 2020-11-18 | 2023-06-13 |
3016 | Out of Band XXE in an E-commerce IOS app |
XXE |
NA |
Gaurang Bhatnagar (@0xgaurang) |
Bug Bounty | 2020-11-19 | 2023-06-13 |
3014 | Bypassing the Redirect filters with 7 ways |
Open redirect
OAuth |
NA |
ElMahdi Mrhassel (@ElMrhassel) |
Bug Bounty | 2020-11-19 | 2023-06-13 |
3013 | Exploiting dynamic rendering engines to take control of web apps |
SSRF
Open redirect |
NA |
Vasilii Ermilov (@ermil0v) |
Bug Bounty | 2020-11-19 | 2023-06-13 |
3012 | Turning Blind Error Based SQL Injection into Exploitable Boolean One |
SQL injection |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2020-11-21 | 2023-06-13 |
3010 | Weird (im)possible XSS on error page |
Reflected XSS |
NA |
Rody Shahnazarian (@Komradz86) |
Bug Bounty | 2020-11-21 | 2023-06-13 |
3009 | Escalating XSS to Account Takeover |
Reflected XSS
Account takeover |
NA |
Aditya Verma (@0cirius0) |
Bug Bounty | 2020-11-22 | 2023-06-13 |
3007 | SD-PWN — Part 3 — Cisco vManage — Another Day, Another Network Takeover |
RCE
SSRF
Arbitrary file write
Path traversal
OS command injection
Local Privilege Escalation |
Cisco |
Realmode Labs (@RealmodeLabs) |
Bug Bounty | 2020-11-23 | 2023-06-13 |
3006 | Reflected Cross Site Scripting on REDACTED Program (Bounty: 750$) |
Reflected XSS |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2020-11-23 | 2023-06-13 |
3004 | SD-PWN Part 4 — VMware VeloCloud — The Last Takeover |
RCE
Authentication bypass
Default credentials
SQL injection
Path traversal
LFI |
VMware |
Realmode Labs (@RealmodeLabs) |
Bug Bounty | 2020-11-26 | 2023-06-13 |
3003 | Pre-Account Takeover using OAuth Misconfiguration |
OAuth |
NA |
the_unluck_guy (@7he_unlucky_guy) |
Bug Bounty | 2020-11-26 | 2023-06-13 |
3002 | How i got easy $$$ for SQL Injection Bug |
SQL injection |
NA |
Rafi Andhika Galuh |
Bug Bounty | 2020-11-26 | 2023-06-13 |
3001 | The Story of my first critical bug |
SQL injection |
NA |
Shellbr3ak (@0xShellbr3ak) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
3000 | Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB |
Information disclosure
Account takeover |
NA |
DarkLotus (@darklotuskdb) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
2999 | Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities |
Rate limiting bypass |
NA |
Ahmad Halabi (@Ahmad_Halabi_) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
2998 | WonderCMS 3.1.3 - Authenticated RCE & Blind SSRF Vulnerability |
Blind SSRF
RCE |
WonderCMS |
Mas Zet (@zetc0de) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
2996 | Exploiting Blind Postgresql Injection And Exfiltrating Data In Psycopg2 |
SQL injection |
NA |
Shawar Khan (@ShawarkOFFICIAL) |
Bug Bounty | 2020-11-30 | 2023-06-13 |
2995 | Chaining vulnerabilities lead to account takeover |
Account takeover
Password reset
Open redirect
Lack of rate limiting |
NA |
Ahmed (@ahzsec) |
Bug Bounty | 2020-12-01 | 2023-06-13 |
2994 | An iOS zero-click radio proximity exploit odyssey |
iOS
Memory corruption
Buffer Overflow |
Apple |
Ian Beer (@i41nbeer) |
Bug Bounty | 2020-12-01 | 2023-06-13 |
2992 | SSTI to Local File Read |
SSTI
LFI |
NA |
Demon (@R29k_) |
Bug Bounty | 2020-12-02 | 2023-06-13 |
2989 | Cross Site Scripting (XSS) Reflected in one of the subdomains of “General Motors”(Bugbounty) |
Reflected XSS |
General Motors |
- |
Bug Bounty | 2020-12-03 | 2023-06-13 |
2988 | Leaking Credit card Activity in logs? Yes Sir! |
Information disclosure |
NA |
Rody Shahnazarian (@Komradz86) |
Bug Bounty | 2020-12-03 | 2023-06-13 |
2984 | RCE via LFI Log Poisoning - The Death Potion |
RCE
LFI
Log poisoning |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2020-12-06 | 2023-06-13 |
2983 | [CVE-2019-17674 & CVE-2020-11025] Stored XSS through navigation menu item edited in Customizer in Wordpress (Write Up) |
Stored XSS |
WordPress |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2020-12-06 | 2023-06-13 |