2502 | 403 Forbidden Bypass |
OTP bypass
Exposed registration page
XSS |
NA |
th3.d1p4k (@DipakPanchal05) |
Bug Bounty | 2021-06-04 | 2023-06-13 |
2501 | Executing CSRF With Phone Validation |
CSRF |
NA |
Greg Gibson |
Bug Bounty | 2021-06-04 | 2023-06-13 |
2500 | Pop-Ups in a good-world |
XSS |
Imgur |
Guilherme Keerok (@k33r0k) |
Bug Bounty | 2021-06-04 | 2023-06-13 |
2499 | Shopify Multipass Misconfiguration |
Authentication flaw
Logic flaw |
NA |
Ahmed A. Sherif |
Bug Bounty | 2021-06-05 | 2023-06-13 |
2498 | How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-06-06 | 2023-06-13 |
2496 | Story of my first cash bounty on hackerone. |
SSRF
XSS |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2021-06-07 | 2023-06-13 |
2495 | Joomla Password Reset Vulnerability And A Stored XSS For Full Compromise |
Password reset
Stored XSS
Privilege escalation
RCE
Security code review |
NA |
Adrian Tiron (@Adrian__T) |
Bug Bounty | 2021-06-07 | 2023-06-13 |
2492 | Unexpected IDOR Vulnerability in [REDACTED] - [redacted].net (Write Up) |
IDOR |
NA |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2021-06-10 | 2023-06-13 |
2491 | Second Order Race Condition |
Race condition |
NA |
Prasoon Gupta (@0xdekster) |
Bug Bounty | 2021-06-10 | 2023-06-13 |
2489 | Bypassing 2FA using OpenID Misconfiguration |
MFA bypass
Authentication flaw |
NA |
Youstin (@iustinBB) |
Bug Bounty | 2021-06-11 | 2023-06-13 |
2488 | How I was able to bypass the admin panel without the credentials. |
Information disclosure |
NA |
Pratikkhalane (@KhalanePratik) |
Bug Bounty | 2021-06-12 | 2023-06-13 |
2487 | How I found the silliest logical vulnerability for $750 that no one found for 3 years |
Logic flaw |
NA |
Sina Kheirkhah (@SinSinology) |
Bug Bounty | 2021-06-12 | 2023-06-13 |
2486 | Story of Account Takeover : Using Social Login with Mass Assignment Vulnerability to hack accounts ! |
Mass assignment
Account takeover |
NA |
Mohammad Kaif |
Bug Bounty | 2021-06-13 | 2023-06-13 |
2483 | An exciting journey to find SSRF , Bypass Cloudflare , and extract AWS metadata ! |
SSRF |
NA |
hosein vita (@HoseinVita) |
Bug Bounty | 2021-06-13 | 2023-06-13 |
2482 | Blind Command Injection - It hurts |
Command injection
RCE |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-06-14 | 2023-06-13 |
2480 | Exploiting outdated Apache Airflow instances |
Session management issue |
NA |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2021-06-14 | 2023-06-13 |
2479 | Importance of burp history analysis to bypass 403 |
403 bypass |
NA |
Vuk Ivanovic |
Bug Bounty | 2021-06-15 | 2023-06-13 |
2478 | This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them |
IDOR
GraphQL |
NA |
Mayur Fartade (@mayurfartade) |
Bug Bounty | 2021-06-15 | 2023-06-13 |
2477 | How We Are Able To Hack Any Company By Sending Message – $20,000 Bounty [CVE-2021–34506] |
Universal XSS |
Microsoft |
Shivam Kumar Singh (@MrRajputHacker) |
Bug Bounty | 2021-06-15 | 2023-06-13 |
2476 | Authentication Bypass | Easy P1 in 10 minutes |
Authentication bypass
Forced browsing |
NA |
Anirudh Makkar (@anirudhmakkar) |
Bug Bounty | 2021-06-16 | 2023-06-13 |
2475 | One-click DOS via Response Manipulation |
Logic flaw |
NA |
Akhil |
Bug Bounty | 2021-06-16 | 2023-06-13 |
2473 | Part-1 Dive into Zoom Applications |
CSRF
Payment bypass
Logic flaw
Account takeover
Privilege escalation |
Zoom |
Rakesh Thodupunoori (@rakesh_3895) |
Bug Bounty | 2021-06-16 | 2023-06-13 |
2471 | Crashing your LinkedIn app with a connection request. |
Application-level DoS |
LinkedIn |
Renganathan (@IamRenganathan) |
Bug Bounty | 2021-06-17 | 2023-06-13 |
2469 | Certified Pre-Owned |
Active Directory Privilege Escalation
ADCS
Windows |
Microsoft |
Will Schroeder (@harmj0y) |
Bug Bounty | 2021-06-17 | 2023-06-13 |
2468 | How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506] |
Universal XSS |
Microsoft |
Vansh Devgan (@Th3Pr0xyB0y) |
Bug Bounty | 2021-06-18 | 2023-06-13 |