2682 | I felt like there were no more bugs left after winning € 2000 … But an email worth €750 changed my mind |
Broken Access Control
IDOR |
NA |
Thexssrat (@theXSSrat) |
Bug Bounty | 2021-03-31 | 2023-06-13 |
2681 | Missing CORS leads to Complete Account Takeover |
Missing CORS
CSRF
Account takeover |
NA |
Niraj Modi (@nirajmodi51) |
Bug Bounty | 2021-03-30 | 2023-06-13 |
2673 | Play a game, get Subscribed to my channel - YouTube Clickjacking Bug | #GoogleVRP |
Clickjacking |
Google |
Sriram Kesavan (@sriramoffcl) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
2672 | XSS in Large Messenger and Payment App - a Shout Out to Parameter Guessing |
XSS
HTML injection |
NA |
Lauritz Holtmann (@_lauritz_) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
2671 | Bragging Rights: Let’s head back to bug bucket |
XSS
IDOR
MFA bypass |
NA |
Manas Harsh (@ManasH4rsh) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
2670 | This Man Thought Opening A TXT File Is Fine, He Thought Wrong. MacOS CVE-2019-8761 |
MacOS
HTML injection |
Apple |
Paulos Yibelo (@PaulosYibelo) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
2669 | Automate Cache Poisoning Vulnerability - Nuclei |
Web cache poisoning
Stored XSS |
NA |
Mohamed Elbadry (@_melbadry9) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
2667 | Code execution as root via AT commands on the Quectel EG25-G modem |
OS command injection
RCE |
Quectel |
nns |
Bug Bounty | 2021-04-03 | 2023-06-13 |
2665 | Journeys in Quoteless and Multi Reflection XSS |
XSS |
NA |
Bend Theory (@bendtheory) |
Bug Bounty | 2021-04-04 | 2023-06-13 |
2664 | Remote code execution through unsafe unserialize in PHP |
Insecure deserialization
RCE |
NA |
Sjoerd Langkemper |
Bug Bounty | 2021-04-04 | 2023-06-13 |
2661 | Intro to Open-source Bug Bounty |
Path traversal |
Mailtrain |
Arjun Shibu (@0xsegf) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
2660 | Weird and very easy authentication bypass found with Google dorking |
Authentication bypass |
NA |
GrumpinouT (@RVerwilghen) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
2659 | Cloud Based Storage Misconfigurations -> Critical Bounties |
Cloud storage misconfiguration |
NA |
Mikey (@mikey96_bh) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
2658 | Apple TV for Fire OS code execution |
RCE
Insecure storage
Man-in-the-Disk attack |
Apple |
Razvan Sima (@0xraaz) |
Bug Bounty | 2021-04-05 | 2023-06-13 |
2656 | Chaining an Blind SSRF bug to Get an RCE |
Blind SSRF
RCE |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-04-07 | 2023-06-13 |
2655 | What if you could deposit money into your Betting account for free? Oh wait where has this 25k came from… |
Logic flaw |
NA |
Mikey (@mikey96_bh) |
Bug Bounty | 2021-04-07 | 2023-06-13 |
2650 | Unauthenticated Account Takeover Through Forget Password |
Password reset
Account takeover
Information disclosure |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-04-12 | 2023-06-13 |
2649 | ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 |
RCE
Browser hacking |
Tesla
Google |
Chris Williams (@HawaiiFive0day) |
Bug Bounty | 2021-04-12 | 2023-06-13 |
2646 | Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion |
LFI
Information disclosure |
NA |
Arben Shala (@arbennsh) |
Bug Bounty | 2021-04-13 | 2023-06-13 |
2642 | Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027) |
Man-in-the-Disk attack |
Meta / Facebook |
CENSUS |
Bug Bounty | 2021-04-14 | 2023-06-13 |
2639 | Fun sql injection — mod_security bypass |
SQL injection |
NA |
_Y000_ (@_Y000_) |
Bug Bounty | 2021-04-16 | 2023-06-13 |
2638 | How I earned $$$$ through Stored XSS |
Stored XSS
CSTI |
NA |
Harish |
Bug Bounty | 2021-04-16 | 2023-06-13 |
2636 | Lets Learn English - Hacking 10M+ Users |
AWS misconfiguration
Insecure Firebase database
OTP bypass
Account takeover
Logic flaw |
NA |
Aseem Shrey (@AseemShrey) |
Bug Bounty | 2021-04-17 | 2023-06-13 |
2633 | XSS via Exif Data - The P2 Elevator |
Stored XSS |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2632 | Misconfiguration in Change-password Functionality Leads to Account Takeover |
IDOR
Logic flaw
Password reset
Account takeover |
NA |
Mahmoud Radwan (@0x___2m) |
Bug Bounty | 2021-04-18 | 2023-06-13 |