2932 | API based IDOR to leaking Private IP address of 6000 businesses |
IDOR |
NA |
Rafi Ahamed (Leonidas D. Ace) |
Bug Bounty | 2021-01-01 | 2023-06-13 |
2928 | Exploiting Max. Character Limitation |
Logic flaw
DoS |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-01-05 | 2023-06-13 |
2927 | Privilege Escalation: From being a normal user to admin |
Privilege escalation
Broken Access Control |
NA |
Akshar Tank |
Bug Bounty | 2021-01-05 | 2023-06-13 |
2926 | Each and every request make sense… |
Privilege escalation
Exposed JWT generation endpoint
JWT |
NA |
Akshar Tank |
Bug Bounty | 2021-01-05 | 2023-06-13 |
2925 | Incident Response during Christmas |
Subdomain takeover |
NA |
TMO |
Bug Bounty | 2021-01-05 | 2023-06-13 |
2924 | Achieving Remote Code Execution By Exploiting Variable Check Feature |
RCE |
NA |
Shawar Khan (@ShawarkOFFICIAL) |
Bug Bounty | 2021-01-06 | 2023-06-13 |
2921 | Subdomain Take Over Worth 100£ |
Subdomain takeover |
NA |
c0d3x27 (@c0d3x27) |
Bug Bounty | 2021-01-07 | 2023-06-13 |
2920 | Stored XSS on Product Description [HIGH] — $400 |
Stored XSS |
NA |
Emanuel Beni Harijanto |
Bug Bounty | 2021-01-07 | 2023-06-13 |
2918 | $10,000 for a vulnerability that doesn’t exist |
Path traversal |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2021-01-07 | 2023-06-13 |
2916 | Information Disclosure through Signup Endpoint |
Information disclosure |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-01-08 | 2023-06-13 |
2914 | Exploiting Application-Level Profile Semantics (APLS) |
APLS misconfiguration
API misconfiguration |
NA |
Niemand (@niemand_sec) |
Bug Bounty | 2021-01-08 | 2023-06-13 |
2912 | A %27Novel%27 Way to Bypass Executable Signature Checks with Electron |
Local Privilege Escalation |
NA |
Parsia Hackerman (@cryptogangsta) |
Bug Bounty | 2021-01-08 | 2023-06-13 |
2911 | How I was able to Regain access to account deleted by Admin leading to $$$ |
Logic flaw
Authorization flaw |
NA |
Rajesh Ranjan (@_rajesh_ranjan_) |
Bug Bounty | 2021-01-10 | 2023-06-13 |
2909 | Weblogic Remote Code Execution (Exploiting CVE-2019-2725) |
RCE |
NA |
Mahmoud Gamal (@Zombiehelp54) |
Bug Bounty | 2021-01-10 | 2023-06-13 |
2906 | Guest Blog Post: Leaking silhouettes of cross-origin images |
Side-channel information leakage
Browser hacking |
Mozilla
Google (Chrome) |
Aleksejs Popovs (@aleksejspopovs) |
Bug Bounty | 2021-01-11 | 2023-06-13 |
2905 | Unrestricted File Upload |
Unrestricted file upload |
NA |
Binamra Pandey |
Bug Bounty | 2021-01-12 | 2023-06-13 |
2904 | CSRF with IDOR - A Deadly Combo |
CSRF
IDOR |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-01-12 | 2023-06-13 |
2903 | Stealing User Information Via XSS Via Parameter Pollution |
Open redirect
XSS |
NA |
Hamza Avvan (@hamzaavvan) |
Bug Bounty | 2021-01-12 | 2023-06-13 |
2900 | Story of a really cool SSRF bug. |
SSRF |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2021-01-13 | 2023-06-13 |
2899 | How I managed to trigger a Stored-XSS in an online store with the help of Cache Poisoning |
Web cache poisoning
Stored XSS |
NA |
Schizo! |
Bug Bounty | 2021-01-14 | 2023-06-13 |
2896 | Insertion Of Malicious Links For Execution In Profile Picture - Unvalidated User Input In MS Sharepoint 2019 (CVE-2020-1456) |
XSS |
Microsoft |
David (@slashcrypto) |
Bug Bounty | 2021-01-15 | 2023-06-13 |
2895 | How I hijacked the top-level domain of a sovereign state |
Domain takeover |
Internet Bug Bounty |
Fredrik N. Almroth (@Almroot) |
Bug Bounty | 2021-01-15 | 2023-06-13 |
2892 | Hacking naked Akamai ARL at scale |
Akamai ARL attack |
NA |
Randy Gingeleski (@gingeleski) |
Bug Bounty | 2021-01-15 | 2023-06-13 |
2891 | Weaponizing Apify for mass bug bounty $$$ |
Akamai ARL attack |
NA |
Randy Gingeleski (@gingeleski) |
Bug Bounty | 2021-01-16 | 2023-06-13 |
2889 | My first and last crit of 2020 on Hackerone |
Lack of rate limiting
Bruteforce
IDOR
Password reset
Account takeover |
NA |
Takester (@dhiraj_ramteke) |
Bug Bounty | 2021-01-16 | 2023-06-13 |