2722 | Account Takeover Via Reset Password Worth 2000$ |
Password reset
Account takeover |
NA |
Ashutosh mishra (@ashutoshmish_ra) |
Bug Bounty | 2021-03-12 | 2023-06-13 |
2719 | IDOR Vulenebility with empty response still exposing sensitive details of customers! |
IDOR |
NA |
Rahul Varale |
Bug Bounty | 2021-03-14 | 2023-06-13 |
2717 | De-anonymize the members of a private Facebook Group as a non-member. |
GraphQL
Information disclosure |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2021-03-15 | 2023-06-13 |
2716 | API Misconfiguration which leads to unauthorized access to servicedesk tickets |
Information disclosure |
NA |
Gaurav Popalghat (@N008x) |
Bug Bounty | 2021-03-16 | 2023-06-13 |
2714 | An Interesting Account Takeover!! |
IDOR
Account takeover
Weak encryption
Password reset |
NA |
Mayank Pandey (@mayank_pandey01) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2713 | An unknown Linux secret that turned SSRF to OS Command injection |
SSRF
Command injection |
NA |
secureITmania (@secureitmania) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2712 | CVE-2021-27076: A Replay-style Deserialization Attack Against Sharepoint |
Insecure deserialization
RCE |
Microsoft |
Simon Zuckerbraun (@HexKitchen) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2711 | Abusing Data Protection Laws For D0xing & Account Takeovers |
SSTI
Account takeover |
NA |
Hx01 (@Hxzeroone) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2710 | Dangling DNS: Worksites.net |
Dangling DNS records
Subdomain takeover |
NA |
Mohamed Elbadry (@_melbadry9) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
2708 | Chaining bugs for the greater good |
Blind XSS
CSRF |
NA |
mohamad mahmoudi (@Lotus_619) |
Bug Bounty | 2021-03-18 | 2023-06-13 |
2706 | TikTok for Android 1-Click RCE |
RCE
XSS
Insecure intent
Android |
TikTok |
Sayed Abdelhafiz (@dPhoeniixx) |
Bug Bounty | 2021-03-18 | 2023-06-13 |
2705 | H2C Smuggling in the Wild |
HTTP request smuggling |
NA |
Sean Yeoh (@seanyeoh) |
Bug Bounty | 2021-03-18 | 2023-06-13 |
2703 | A short story about an XSS in chat.mozilla.org (CVE-2021-21320) |
XSS |
Mozilla |
Guilherme Keerok (@k33r0k) |
Bug Bounty | 2021-03-19 | 2023-06-13 |
2702 | Subdomain Takeover in AWS: making a PoC |
Subdomain takeover |
NA |
Diego Bernal Adelantado (@secfaults) |
Bug Bounty | 2021-03-20 | 2023-06-13 |
2701 | OAuth Misconfiguration found in small time-window of attack |
OAuth |
NA |
Muhammad Aamir (@Muhammad__Aamir) |
Bug Bounty | 2021-03-20 | 2023-06-13 |
2700 | Cross Site Port Attack - A Stranger’s Call |
XSPA |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-03-21 | 2023-06-13 |
2699 | OTP brute-force via rate limit bypass |
Bruteforce
Lack of rate limiting
OTP bypass |
NA |
Bilal Muqeet (@blmqt) |
Bug Bounty | 2021-03-21 | 2023-06-13 |
2698 | Finding My First Critical Vulnerability |
Information disclosure |
NA |
Thexssrat (@theXSSrat) |
Bug Bounty | 2021-03-21 | 2023-06-13 |
2693 | How I leveraged XSS to make Privilege Escalation to be Super Admin! |
XSS
Privilege escalation |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2021-03-25 | 2023-06-13 |
2692 | PoC: The easiest 125 Euro’s I Ever made |
Logic flaw |
NA |
Thexssrat (@theXSSrat) |
Bug Bounty | 2021-03-25 | 2023-06-13 |
2691 | Encrypted Payload -> Decrypted Execution ($600) : Stored XSS |
Stored XSS |
NA |
Shrirang Diwakar |
Bug Bounty | 2021-03-25 | 2023-06-13 |
2689 | Increasing impact of Information Disclosure — Full Account Takeover ! |
Information disclosure
Password reset |
NA |
Abhisek R (@abh1sek_r) |
Bug Bounty | 2021-03-26 | 2023-06-13 |
2685 | PHP fopen() function to local file inclusion |
LFI |
NA |
أنس روبي (@xhzeem) |
Bug Bounty | 2021-03-28 | 2023-06-13 |
2684 | CSRF to Full Account Takeover |
CSRF
Account takeover |
NA |
Ashraf Harb (@ashrafharb97) |
Bug Bounty | 2021-03-29 | 2023-06-13 |
2683 | A weird XSS |
Reflected XSS |
NA |
gato the wizard |
Bug Bounty | 2021-03-30 | 2023-06-13 |