4947 | Accessing Localhost via Vhost |
vHost misconfiguration |
NA |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2017-11-04 | 2023-06-13 |
4945 | Non-persistent XSS at Microsoft -Adesh Kolte |
Reflected XSS |
Microsoft |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2017-11-05 | 2023-06-13 |
4944 | Multiple Intel Vulnerabilities-Adesh Kolte |
Open redirect
Directory listing |
Intel |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2017-11-05 | 2023-06-13 |
4943 | Get your Microsoft account hijacked by simply clicking connect button -Adesh Kolte |
Stored XSS |
Microsoft |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2017-11-06 | 2023-06-13 |
4942 | From SSRF to Local File Disclosure |
SSRF
Local file disclosure (LFD) |
NA |
Tung Pun |
Bug Bounty | 2017-11-08 | 2023-06-13 |
4941 | Local File Read via XSS in Dynamically Generated PDF |
XSS
LFI |
NA |
Rahul Maini (@iamnoooob) |
Bug Bounty | 2017-11-08 | 2023-06-13 |
4940 | How to delete all company progress by one "rm" command in AWS s3 Buckets |
AWS misconfiguration |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2017-11-09 | 2023-06-13 |
4938 | From Recon to DOM-Based XSS |
DOM XSS |
NA |
Abdelfattah Ibrahim |
Bug Bounty | 2017-11-11 | 2023-06-13 |
4937 | How I Pwned a company using IDOR & Blind XSS |
IDOR
Blind XSS |
NA |
Osama Ansari (@AnsariOsama10) |
Bug Bounty | 2017-11-15 | 2023-06-13 |
4936 | How signing up for an account with an @company.com email can have unexpected results |
Logic flaw |
NA |
Zseano (@zseano) |
Bug Bounty | 2017-11-15 | 2023-06-13 |
4935 | Bypassing Crossdomain Policy and Hit Hundreds of Top Alexa Sites |
CSRF |
NA |
Ak1T4 (@akita_zen) |
Bug Bounty | 2017-11-16 | 2023-06-13 |
4933 | SQL in everywhere. |
SQL injection |
NA |
Utkarsh Agrawal (@agrawalsmart7) |
Bug Bounty | 2017-11-16 | 2023-06-13 |
4932 | JWT Refresh Token Manipulation |
JWT
Authentication bypass
Account takeover |
NA |
Mikail Tunç (@emtunc) |
Bug Bounty | 2017-11-16 | 2023-06-13 |
4931 | Transforming a Domain into the Matrix (an open redirect story) |
Open redirect |
NA |
Ak1T4 (@akita_zen) |
Bug Bounty | 2017-11-17 | 2023-06-13 |
4925 | Story of bypassing Referer Header to make open redirect |
Open redirect |
NA |
Mohammed Eldeeb (@malcolmx0x) |
Bug Bounty | 2017-11-22 | 2023-06-13 |
4920 | DEV XSS Protection bypass made my quickest bounty ever!! |
XSS |
NA |
Yeasir Arafat |
Bug Bounty | 2017-12-03 | 2023-06-13 |
4919 | Getting a RCE — CTF Way |
RCE |
NA |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-12-05 | 2023-06-13 |
4912 | LFI to 10 servers pwn |
LFI
RCE |
NA |
Nirmal Dahal (@TheNittam) |
Bug Bounty | 2017-12-19 | 2023-06-13 |
4910 | P4 to P2 - The story of one blind SSRF |
Blind SSRF |
NA |
Mikhail Klyuchnikov (@__Mn1__) |
Bug Bounty | 2017-12-19 | 2023-06-13 |
4908 | Microsoft SharePoint%27s %27Follow%27 Feature XSS (CVE-2017–8514) -Adesh Kolte |
XSS |
Microsoft |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2017-12-21 | 2023-06-13 |
4907 | Jumping to the hell with 10 attempts to bypass devil%27s WAF |
XSS |
NA |
Ak1T4 (@akita_zen) |
Bug Bounty | 2017-12-27 | 2023-06-13 |
4902 | Content Injection in DuoLingo’s TinyCards App for Android [CVE-2017-16905] |
Content injection |
DuoLingo |
Nightwatch Cybersecurity (@nightwatchcyber) |
Bug Bounty | 2018-01-04 | 2023-06-13 |
4901 | "F**k you Thomas" - ToyTalk bug bounty writeup |
Authentication bypass
HTML injection |
ToyTalk |
Jahmel Harris |
Bug Bounty | 2018-01-04 | 2023-06-13 |
4900 | Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1) |
IDOR |
NA |
Mohammed Abdul Raheem (@mohdaltaf163) |
Bug Bounty | 2018-01-04 | 2023-06-13 |
4898 | #BugBounty — How I was able to read chat of users in an Online travel portal |
IDOR |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-01-10 | 2023-06-13 |