2811 | Changing other users Episode title & description - IDOR Vulnerability in [REDACTED] (Write Up) |
IDOR |
NA |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2021-02-13 | 2023-06-13 |
2810 | How I Hacked Everyone’s Resume/CV’s and Got €€€ |
IDOR
Authorization flaw
Information disclosure |
NA |
Vishal Bharad |
Bug Bounty | 2021-02-14 | 2023-06-13 |
2809 | IDOR via Websockets allow me to takeover any users account |
IDOR |
NA |
Mohsin Khan (@tabaahi_) |
Bug Bounty | 2021-02-14 | 2023-06-13 |
2808 | My first bounty (stored-xss) |
Stored XSS |
NA |
Karan sharma (@karansh491) |
Bug Bounty | 2021-02-14 | 2023-06-13 |
2807 | Stored XSS in icloud.com — $5000 |
Stored XSS |
NA |
Vishal Bharad |
Bug Bounty | 2021-02-14 | 2023-06-13 |
2802 | Full account takeover worth $1000 Think out of the box |
Account takeover
CSRF
IDOR |
NA |
Mohsin Khan (@tabaahi_) |
Bug Bounty | 2021-02-15 | 2023-06-13 |
2799 | SHAREit Flaw Could Lead to Remote Code Execution |
Android
RCE
MiTM
Man-in-the-Disk attack
Insecure intent
Vulnerable Android content provider |
SHAREit |
Echo Duan |
Bug Bounty | 2021-02-15 | 2023-06-13 |
2798 | Sub-domain Takeover on api.techprep.fb.com (AWS Elastic Beanstalk)! |
Subdomain takeover |
Meta / Facebook |
Binit Ghimire (@WHOISbinit) |
Bug Bounty | 2021-02-16 | 2023-06-13 |
2796 | Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story) |
Configuration file injection
RCE |
Google |
Imre Rad (@ImreRad) |
Bug Bounty | 2021-02-16 | 2023-06-13 |
2795 | From AWS S3 Misconfiguration to Sensitive Data Exposure |
AWS misconfiguration |
NA |
Jadek Mark (@mase289) |
Bug Bounty | 2021-02-17 | 2023-06-13 |
2794 | Story of a very lethal IDOR. |
XSS
IDOR
Account takeover |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2021-02-17 | 2023-06-13 |
2782 | Account Take Over by Response Manipulation |
Authentication bypass
Account takeover |
NA |
Naveen J (@thevillagehackr) |
Bug Bounty | 2021-02-17 | 2023-06-13 |
2779 | Account Takeover via Response Manipulation worth 1800$.. |
Authentication bypass
OTP bypass
Account takeover |
NA |
Ashutosh mishra (@ashutoshmish_ra) |
Bug Bounty | 2021-02-20 | 2023-06-13 |
2778 | Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli |
Race condition
Lack of rate limiting
OTP bypass
SQL injection |
NA |
Yasser Mohammed (@boomneroli) |
Bug Bounty | 2021-02-20 | 2023-06-13 |
2777 | RCE On A Laravel Private Program |
RCE |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2021-02-20 | 2023-06-13 |
2776 | Let’s know How I have explored the buried secrets in Xamarin application |
Hardcoded API keys
Information disclosure |
NA |
secureITmania (@secureitmania) |
Bug Bounty | 2021-02-21 | 2023-06-13 |
2775 | Web Cache Poisoning to Account Takeover |
Web cache poisoning
Account takeover |
NA |
Josh Fam (@Pullerze) |
Bug Bounty | 2021-02-21 | 2023-06-13 |
2773 | CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux |
Unencrypted storage |
Keybase |
John Jackson (@johnjhacking) |
Bug Bounty | 2021-02-22 | 2023-06-13 |
2772 | Security and Privacy of Social Logins (II): PostMessage Security in Single Sign-On |
DOM XSS
postMessage
DOM XSS |
SAP
The New York Times
CNET |
Louis Jannett (@iphoneintosh) |
Bug Bounty | 2021-02-22 | 2023-06-13 |
2771 | CSRF through URL with # tag parameter |
CSRF |
NA |
Tommysuriel |
Bug Bounty | 2021-02-25 | 2023-06-13 |
2769 | Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough |
Web cache poisoning
Stored XSS |
NA |
Gal Nagli (@naglinagli) |
Bug Bounty | 2021-02-25 | 2023-06-13 |
2768 | Stealing user passwords through a VPN’s SSO |
Open redirect
SSTI |
NA |
Alain Mowat (@plopz0r) |
Bug Bounty | 2021-02-25 | 2023-06-13 |
2767 | Password Reset Token Leak via X-Forwarded-Host |
Host header injection
Account takeover
Password reset |
NA |
Saajan Bhujel (@saajanbhujel) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
2766 | Account Takeover - Smoking with null’ |
Account takeover
Authentication flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
2764 | IDOR which allowed me to view Personal Email Addresses of More than 50K Users! |
IDOR
Password reset |
NA |
Savir Suda (@savxiety) |
Bug Bounty | 2021-02-26 | 2023-06-13 |