2631 | Pwning your assignments: Stored XSS via GraphQL endpoint |
Stored XSS
GraphQL |
NA |
Kartik Sharma (@dominat0r98) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2630 | Exploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty program |
Unrestricted file upload
RCE |
NA |
Jadek Mark (@mase289) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2628 | Unauthorized access to admin setpassword page BY bypassing 403 Forbidden |
Authorization flaw |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
2627 | Blind SSRF to Port Scanning through response time |
SSRF |
NA |
Harish |
Bug Bounty | 2021-04-19 | 2023-06-13 |
2626 | Harvesting Active Directory credentials via HTTP Request Smuggling |
HTTP request smuggling |
NA |
Tijme Gommers (@tijme) |
Bug Bounty | 2021-04-19 | 2023-06-13 |
2623 | Playing With iframes: Bypassing Content-Security-Policy |
CSP bypass
Open redirect
HTML injection |
NA |
JM Sanchez / 0xEchidonut (@jmrcsnchz) |
Bug Bounty | 2021-04-20 | 2023-06-13 |
2622 | CVE-2021-30481: Source engine remote code execution via game invites |
RCE
Integer underflow |
Valve |
floesen (@floesen_) |
Bug Bounty | 2021-04-20 | 2023-06-13 |
2621 | DMCA.COM Hack, Full Disclosure (With Proof-of-Concept) |
Privilege escalation
Client-side enforcement of server-side security
Stored XSS
Broken Access Control |
DMCA |
Joël Aviad Ossi |
Bug Bounty | 2021-04-21 | 2023-06-13 |
2620 | How I was able to inject XSS payload into any user%27s mailbox |
XSS |
NA |
Gaurav Popalghat (@N008x) |
Bug Bounty | 2021-04-21 | 2023-06-13 |
2615 | Telegram bug bounties: XSS, privacy issues, official bot exploitation and more… |
XSS
Authorization flaw
DoS |
NA |
Davide |
Bug Bounty | 2021-04-22 | 2023-06-13 |
2612 | AWS internal metadata accessed through SSRF by Chaining an Open Redirect bug |
SSRF
Open redirect |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-04-24 | 2023-06-13 |
2611 | RCE via Internal Access to Adminer Database Management (Critical) |
RCE |
NA |
Ahmad Halabi (@Ahmad_Halabi_) |
Bug Bounty | 2021-04-24 | 2023-06-13 |
2610 | From Wayback Machine To Account Takeover |
Account takeover
Password reset
Open redirect |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-04-25 | 2023-06-13 |
2607 | From Wayback Machine To Account Takeover |
Open redirect
Account takeover |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-04-25 | 2023-06-13 |
2605 | CVE-2021-22204 - Recreating a critical bug in ExifTool, no Perl smarts required. |
RCE |
Exiftool |
- |
Bug Bounty | 2021-04-26 | 2023-06-13 |
2601 | Reflected DOM-based XSS on DomaiNesia |
XSS |
DomaiNesia |
N45HT |
Bug Bounty | 2021-04-27 | 2023-06-13 |
2600 | How did I earn €€€€ by breaking the back-end logic of the server |
Logic flaw
Information disclosure |
NA |
Dewanand Vishal (@dewcode91) |
Bug Bounty | 2021-04-28 | 2023-06-13 |
2598 | De-anonymising Anonymous Animals in Google Workspace |
Privacy issue
Information disclosure |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-04-29 | 2023-06-13 |
2597 | A tale of Html to Pdf converter ssrf and various bypasses |
SSRF |
NA |
Jatin Aesthetic (@techyfreakk) |
Bug Bounty | 2021-04-29 | 2023-06-13 |
2594 | How I was able to Retrieve your Personal Documents using the Wayback Machine! |
Privacy issue
Information disclosure |
NA |
Savir Suda (@savxiety) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
2593 | My first OOB XXE exploitation |
XXE |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
2591 | Password reset code brute-force vulnerability in AWS Cognito |
Password reset
Bruteforce
Rate limiting bypass
Account takeover |
AWS |
Pentagrid (@pentagridsec) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
2590 | How I got $400 for my first SSRF bug? |
SSRF |
NA |
Usama Varikkottil (@usama_dev) |
Bug Bounty | 2021-05-01 | 2023-06-13 |
2589 | How I found my first RCE? |
RCE |
NA |
ipanda (@ipanda915) |
Bug Bounty | 2021-05-01 | 2023-06-13 |
2588 | SSRF Through PDF Generation |
SSRF |
NA |
Joshua Martinelle (@J0_mart) |
Bug Bounty | 2021-05-01 | 2023-06-13 |