2888 | Strange Admin Panel Bypass Story | | Bug Bounty |
Authentication bypass
Account takeover |
NA |
Ranjeet Kumar Singh (@geekboyranjeet) |
Bug Bounty | 2021-01-17 | 2023-06-13 |
2887 | ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792 |
Insecure deeplink
Information disclosure
Android |
Google
Apple |
Ashley King (@AshleyKingUK) |
Bug Bounty | 2021-01-17 | 2023-06-13 |
2886 | Let’s know How I have explored the buried secrets in React Native application |
Information disclosure
Hardcoded credentials |
NA |
secureITmania (@secureitmania) |
Bug Bounty | 2021-01-18 | 2023-06-13 |
2885 | How I was rewarded a $1000 bounty after abusing File Upload functionality to Stored XSS Vulnerability leading to credential theft of a vistor in a website. |
Unrestricted file upload
Stored XSS |
NA |
Kunal Khubchandani (@iamkun4l) |
Bug Bounty | 2021-01-18 | 2023-06-13 |
2883 | Simple & Sweet: Bypass email update restriction to change emails of team members |
Logic flaw
Authorization flaw |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-01-19 | 2023-06-13 |
2882 | Open-redirect [in email] |
Open redirect |
NA |
Akhil |
Bug Bounty | 2021-01-19 | 2023-06-13 |
2881 | [Bug Bounty] 600$ Info Disclosure: obtain any user’s backup data |
Information disclosure
IDOR |
NA |
Tommaso De Ponti |
Bug Bounty | 2021-01-19 | 2023-06-13 |
2880 | SSRF Exploitation in Libreoffice Spreadsheet File Converter |
SSRF |
NA |
R4id3n (@R4id3n__) |
Bug Bounty | 2021-01-21 | 2023-06-13 |
2879 | Story Behind Sweet SSRF. |
SSRF
XSS |
NA |
Rohit Soni (@streetofhacker) |
Bug Bounty | 2021-01-21 | 2023-06-13 |
2878 | KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card |
RCE |
Amazon |
Yogev Bar-On |
Bug Bounty | 2021-01-21 | 2023-06-13 |
2877 | Staff Information Disclosure on Support Ticketing System ($x,xxx) |
Information disclosure |
NA |
Ph.Hitachi |
Bug Bounty | 2021-01-22 | 2023-06-13 |
2874 | The Secret Parameter, LFR, and Potential RCE in NodeJS Apps |
Local File Read
RCE |
NA |
CaptainFreak (@0xCaptainFreak) |
Bug Bounty | 2021-01-23 | 2023-06-13 |
2872 | Sql Injection via hidden parameter |
SQL injection |
NA |
Rutvik Hajare (@HajareRutvik) |
Bug Bounty | 2021-01-24 | 2023-06-13 |
2871 | Bypassing WAF with incorrect proxy settings for Hunting Bugs. |
URL validation bypass |
NA |
Shaurya Sharma (@ShauryaSharma05) |
Bug Bounty | 2021-01-25 | 2023-06-13 |
2870 | IDOR Revealing Images CDN Links |
IDOR |
NA |
susan wagle |
Bug Bounty | 2021-01-25 | 2023-06-13 |
2869 | Chaining a self XSS to Account Takeover |
Self-XSS
Reflected XSS
Account takeover |
NA |
Arman Sameer (@ArmanSameer95) |
Bug Bounty | 2021-01-25 | 2023-06-13 |
2868 | Get paid by smuggling, the legal way |
HTTP Request Smuggling |
NA |
James Ling (@James_puppykok) |
Bug Bounty | 2021-01-25 | 2023-06-13 |
2867 | Leaking issues from linked Jira – Atlassian Confluence Server |
XS-Search |
Atlassian |
yeuchimse (@yeuchimse) |
Bug Bounty | 2021-01-25 | 2023-06-13 |
2865 | Finding SSRF BY Full Automation |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-01-27 | 2023-06-13 |
2864 | $500 For No Rate Limit On Forgot Password Page |
Lack of rate limiting
Password reset |
NA |
BBHC (@community_bug) |
Bug Bounty | 2021-01-27 | 2023-06-13 |
2862 | Bragging Rights(Part 1): Short story of a bug wave |
IDOR
Stored XSS
SSRF
Subdomain takeover
Hardcoded credentials |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2021-01-27 | 2023-06-13 |
2861 | Weird functionality leads to Account Takeover (Millions of Users affected) |
Account takeover
Authentication flaw |
NA |
Sahil Mehra (@nullr3x) |
Bug Bounty | 2021-01-27 | 2023-06-13 |
2859 | Business Logic Error Methodology (easy way) + PoC-s |
Logic flaw |
NA |
Vuk Ivanovic |
Bug Bounty | 2021-01-28 | 2023-06-13 |
2858 | OTP Bypass Account Takeover to Admin Panel — Ft. Header Injection |
OTP bypass
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2021-01-28 | 2023-06-13 |
2857 | Remote Code Execution – LimeSurvey (CVE-2018-7556) |
RCE |
NA |
yeuchimse (@yeuchimse) |
Bug Bounty | 2021-01-28 | 2023-06-13 |