2856 | Analysing Crash Messages To Achieve Blind Root Command Injection |
OS command injection |
NA |
Shawar Khan (@ShawarkOFFICIAL) |
Bug Bounty | 2021-01-28 | 2023-06-13 |
2855 | Launching Internal & Non-Exported Deeplinks On Facebook |
CSRF |
Meta / Facebook |
Ashley King (@AshleyKingUK) |
Bug Bounty | 2021-01-28 | 2023-06-13 |
2854 | Destroying Armies and Villages through Cross-Site Scripting - Bug Bounty Write-up |
Stored XSS |
InnoGames |
Fábio Freitas (@0xfabiof) |
Bug Bounty | 2021-01-29 | 2023-06-13 |
2853 | Broken Access Control & Stored XSS - Easy Hunt |
Stored XSS
IDOR |
NA |
Kabeer (@iTheKabeer) |
Bug Bounty | 2021-01-29 | 2023-06-13 |
2852 | How I chained P4 To P2 [Open Redirection To Full Account Takeover] |
Open redirect
Account takeover |
NA |
Bishal Shrestha (@bishal0x01) |
Bug Bounty | 2021-01-30 | 2023-06-13 |
2851 | Android apk leaks access token to takeover the whole infrastructure |
Information disclosure
Hardcoded credentials
Android |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-01-30 | 2023-06-13 |
2850 | An Interesting Account Takeover Vulnerability |
IDOR
Account takeover |
NA |
Avanish Pathak (@avanish46) |
Bug Bounty | 2021-01-30 | 2023-06-13 |
2849 | An unexpected bug |
Bruteforce |
NA |
Nitin yadav (@Nitinydv14) |
Bug Bounty | 2021-01-31 | 2023-06-13 |
2848 | An Account Takeover Vulnerability Due to Response Manipulation. |
Authentication bypass
Account takeover |
NA |
Avanish Pathak (@avanish46) |
Bug Bounty | 2021-01-31 | 2023-06-13 |
2842 | Stealing Chat session ID with CORS and execute CSRF attack |
CSRF
CORS misconfiguration |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-02-02 | 2023-06-13 |
2841 | CVE-2020-9759 - Getting root on webOS |
Local Privilege Escalation
Browser hacking |
LG |
Andreas Lindh (@addelindh) |
Bug Bounty | 2021-02-03 | 2023-06-13 |
2840 | How I was able to Turn a XSS into a Account Takeover |
Web cache poisoning
Stored XSS
Account takeover
OAuth
Logic flaw |
NA |
Josh Fam (@Pullerze) |
Bug Bounty | 2021-02-03 | 2023-06-13 |
2838 | Open Redirect vulnerability found using link parameter |
Open redirect |
NA |
Muhammad Aamir (@Muhammad__Aamir) |
Bug Bounty | 2021-02-04 | 2023-06-13 |
2836 | Redwood Report2Web XSS and Frame injection |
Reflected XSS
Frame injection |
NA |
vict0ni (@vict0ni) |
Bug Bounty | 2021-02-04 | 2023-06-13 |
2832 | Escalating SSRF to RCE |
SSRF
RCE |
NA |
Sander Wind (@SanderWind) |
Bug Bounty | 2021-02-06 | 2023-06-13 |
2831 | How I Gain Access to the Server Administration of a Million-Dollar Company |
Privilege escalation
Mass assignment |
NA |
Marx Chryz Del Mundo |
Bug Bounty | 2021-02-08 | 2023-06-13 |
2830 | Reflected XSS on a Public Program |
Reflected XSS |
NA |
Naveen J (@thevillagehackr) |
Bug Bounty | 2021-02-08 | 2023-06-13 |
2829 | Bigbasket Bug Bounty Writeup |
Insecure data storage
Android |
NA |
Lohith Gowda M (@lohi_gowda_) |
Bug Bounty | 2021-02-08 | 2023-06-13 |
2828 | Duplicate Registration - The Twinning Twins |
Account takeover
Authentication flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-02-08 | 2023-06-13 |
2827 | Abusing URI Parsers for fun and profit |
URL validation bypass |
NA |
Mohammad Owais (@_mohammadowais) |
Bug Bounty | 2021-02-08 | 2023-06-13 |
2825 | Self-XSS to rXSS via Uploaded File Name |
Self-XSS
Reflected XSS |
NA |
P4nda (@InfoSecP4nda) |
Bug Bounty | 2021-02-09 | 2023-06-13 |
2821 | Fastest Subdomain Take Over & DNS Misconfiguration Hunt. |
Subdomain takeover
DNS zone transfer |
NA |
Kabeer (@iTheKabeer) |
Bug Bounty | 2021-02-10 | 2023-06-13 |
2816 | How I was able to get extra coins |
Logic flaw
Android |
NA |
Saddam Hussain (@wisdomfreak1) |
Bug Bounty | 2021-02-12 | 2023-06-13 |
2815 | [GITLAB] — Denial of service via “Login Panel” functionality. |
Application-level DoS |
GitLab |
Lyubomir Tsirkov (@lyubo_tsirkov) |
Bug Bounty | 2021-02-12 | 2023-06-13 |
2814 | OAuth Misconfiguration Leads to Full Account takeover |
OAuth
Clickjacking
CSRF
Account takeover |
NA |
Yasser Mohammed (@boomneroli) |
Bug Bounty | 2021-02-13 | 2023-06-13 |