| 3844 | My First SSRF Using DNS Rebinding |
SSRF
DNS rebinding |
NA |
Marek Geleta (@marek_geleta) |
Bug Bounty | 2019-11-11 | 2023-06-13 |
| 3843 | Keylogging users via Slack themes |
CSS injection |
Slack |
Matt Langlois (@fletchto99) |
Bug Bounty | 2019-11-11 | 2023-06-13 |
| 3842 | How i Bought VPS, Hosting, Domain only $0.01 |
Payment tampering |
NA |
Zerb0a |
Bug Bounty | 2019-11-12 | 2023-06-13 |
| 3841 | Bug Bounty: Broken API Authorization |
Authorization flaw |
NA |
Th3hidd3nmist (@th3_hidd3n_mist) |
Bug Bounty | 2019-11-12 | 2023-06-13 |
| 3840 | How I accidentally took down GitHub Actions |
DoS
Commit Hash Collisions |
GitHub |
Teddy Katz (@not_aardvark) |
Bug Bounty | 2019-11-12 | 2023-06-13 |
| 3839 | Mass XS-Search using Cache Attack |
XS-Search |
Google |
Terjanq (@terjanq) |
Bug Bounty | 2019-11-12 | 2023-06-13 |
| 3838 | Command Injection Through BLH |
Broken link hijacking |
Meta / Facebook |
Shankar R (@trapp3r_hat) |
Bug Bounty | 2019-11-14 | 2023-06-13 |
| 3837 | [Server Side Request Forgery] Blind SSRF due to Sentry Misconfiguration |
SSRF |
NA |
Kent Bayron (@bayronkentoy) |
Bug Bounty | 2019-11-14 | 2023-06-13 |
| 3836 | Taking over Facebook Page Tabs |
Broken link hijacking |
Meta / Facebook |
Taking over Facebook Page Tabs |
Bug Bounty | 2019-11-14 | 2023-06-13 |
| 3835 | Chains on Chains!! Chaining several IDOR’s into Account Takeover(PART ONE) |
IDOR |
NA |
Daniel Marte (@DanielM59720745) |
Bug Bounty | 2019-11-15 | 2023-06-13 |
| 3834 | Authenticated CORS with Access-Control-Allow-Origin: * |
Caching issue
Browser hacking |
Google (Chromium) |
BitK (@BitK_) |
Bug Bounty | 2019-11-15 | 2023-06-13 |
| 3833 | [Writeup][Bug Bounty][Tokopedia] Manipulation of Likes in Product Reviews [EN] |
IDOR |
Tokopedia |
Muhammad Thomas Fadhila Yahya (@fadhilthomas) |
Bug Bounty | 2019-11-15 | 2023-06-13 |
| 3831 | LDAP Admin Account Bypassed :) |
LDAP injection
Authentication bypass |
NA |
Himanshu Pdy (@himanshu_pdy) |
Bug Bounty | 2019-11-16 | 2023-06-13 |
| 3830 | Privilege Escalation with simple recon |
Privilege escalation
Blind XSS |
NA |
Mayur Gupta (@RisingHunter_) |
Bug Bounty | 2019-11-16 | 2023-06-13 |
| 3829 | Bypassing the patch for my previous Instagram bug. |
Authorization flaw
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3828 | My First Bug ($500) |
No valid SPF records |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3827 | This is How I was able to hunt a rare bug in a private program |
Missing authentication
Privilege escalation |
NA |
Abida Fahd |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3826 | XSS in GMail’s AMP4Email via DOM Clobbering |
XSS
DOM Clobbering |
Google |
Michał Bentkowski (@SecurityMB) |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3825 | Million Users PII Leak Data Leak |
Information disclosure
Blind XSS |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3823 | Broken session management leads to bypass 2FA and Permanent access to Facebook user’s |
Authentication bypass |
Meta / Facebook |
Mahmoud Barakat (@0xBarakat) |
Bug Bounty | 2019-11-19 | 2023-06-13 |
| 3822 | How I could delete Facebook Ask for Recommendations post’s place objects in comments |
IDOR |
Meta / Facebook |
Raja Sudhakar (@Rajasudhakar) |
Bug Bounty | 2019-11-20 | 2023-06-13 |
| 3821 | Subdomain Takeover via Campaignmonitor.com |
Subdomain takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-11-20 | 2023-06-13 |
| 3820 | How I paid 2$ for a 1054$ XSS bug + 20 chars blind XSS payloads |
XSS |
NA |
Mohamed Daher (@DaherMohamed4) |
Bug Bounty | 2019-11-20 | 2023-06-13 |
| 3819 | Cracking reCAPTCHA, Turbo Intruder style |
Captcha bypass
Race condition |
Google |
James Kettle (@albinowax) |
Bug Bounty | 2019-11-20 | 2023-06-13 |
| 3818 | Reply To Instagram Stories where privacy of who can reply is set to Nobody’. (Part 2) |
Authorization flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2019-11-21 | 2023-06-13 |
