| 3012 | Turning Blind Error Based SQL Injection into Exploitable Boolean One |
SQL injection |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2020-11-21 | 2023-06-13 |
| 3010 | Weird (im)possible XSS on error page |
Reflected XSS |
NA |
Rody Shahnazarian (@Komradz86) |
Bug Bounty | 2020-11-21 | 2023-06-13 |
| 2981 | "Important, Spoofing" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams |
RCE
Stored XSS
CSP bypass
CSTI |
Microsoft |
Oskars Vegeris |
Bug Bounty | 2020-12-07 | 2023-06-13 |
| 2979 | How I Was Able To Take Over One Of Dell’s Subdomains |
Subdomain takeover |
Dell |
Taha Bıyıklı (@tahabykl) |
Bug Bounty | 2020-12-08 | 2023-06-13 |
| 2974 | Hiding from a custom list is possible on who sees our post is possible making victim not remove them from the list. |
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2020-12-11 | 2023-06-13 |
| 2954 | This is how I was able to view anyone’s private email and birthday on Instagram |
Information disclosure
Logic flaw |
Meta / Facebook |
Saugat Pokharel (@saugatpk5) |
Bug Bounty | 2020-12-20 | 2023-06-13 |
| 2949 | Hiding from custom story privacy list is possible in FBlite making the victim unable to remove you from the list. |
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2020-12-24 | 2023-06-13 |
| 2938 | Event Creator Is Not Able To Block The Attacker During Event Livestream |
Logic flaw |
Meta / Facebook |
Prakash Panta (@prakashpanta268) |
Bug Bounty | 2020-12-30 | 2023-06-13 |
| 2937 | Group Admin Can’t Able To Moderate Comments When Posted Through Page : Facebook Bug Bounty 2020 |
Logic flaw |
Meta / Facebook |
Prakash Panta (@prakashpanta268) |
Bug Bounty | 2020-12-30 | 2023-06-13 |
| 2934 | Facebook bug bounty (500 USD) : A blocked fundraiser organizer would be unable to view or remove themselves from the fundraiser. |
DoS
Logic flaw |
Meta / Facebook |
Vivek ps (@vivekps143) |
Bug Bounty | 2020-12-31 | 2023-06-13 |
| 2924 | Achieving Remote Code Execution By Exploiting Variable Check Feature |
RCE |
NA |
Shawar Khan (@ShawarkOFFICIAL) |
Bug Bounty | 2021-01-06 | 2023-06-13 |
| 2912 | A %27Novel%27 Way to Bypass Executable Signature Checks with Electron |
Local Privilege Escalation |
NA |
Parsia Hackerman (@cryptogangsta) |
Bug Bounty | 2021-01-08 | 2023-06-13 |
| 2911 | How I was able to Regain access to account deleted by Admin leading to $$$ |
Logic flaw
Authorization flaw |
NA |
Rajesh Ranjan (@_rajesh_ranjan_) |
Bug Bounty | 2021-01-10 | 2023-06-13 |
| 2897 | Irremovable Facebook group album photos and entire album under certain circumstances (Bounty: 1000 USD) |
Logic flaw |
Meta / Facebook |
Shubham Bhamare (@theshubh77) |
Bug Bounty | 2021-01-14 | 2023-06-13 |
| 2840 | How I was able to Turn a XSS into a Account Takeover |
Web cache poisoning
Stored XSS
Account takeover
OAuth
Logic flaw |
NA |
Josh Fam (@Pullerze) |
Bug Bounty | 2021-02-03 | 2023-06-13 |
| 2816 | How I was able to get extra coins |
Logic flaw
Android |
NA |
Saddam Hussain (@wisdomfreak1) |
Bug Bounty | 2021-02-12 | 2023-06-13 |
| 2799 | SHAREit Flaw Could Lead to Remote Code Execution |
Android
RCE
MiTM
Man-in-the-Disk attack
Insecure intent
Vulnerable Android content provider |
SHAREit |
Echo Duan |
Bug Bounty | 2021-02-15 | 2023-06-13 |
| 2778 | Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli |
Race condition
Lack of rate limiting
OTP bypass
SQL injection |
NA |
Yasser Mohammed (@boomneroli) |
Bug Bounty | 2021-02-20 | 2023-06-13 |
| 2744 | The Invincible Kid |
Logic flaw |
Meta / Facebook |
Samip Aryal (@samiparyal_) |
Bug Bounty | 2021-03-03 | 2023-06-13 |
| 2741 | Low hanging fruits on Facebook Group Room. Unable to remove post on group when post room add with event ($500) |
Logic flaw |
Meta / Facebook |
Randy Arios |
Bug Bounty | 2021-03-04 | 2023-06-13 |
| 2733 | Partially disable Cybereason EDR as low privileges user on Windows |
EDR bypass
Local Privilege Escalation |
Cybereason |
Mehdi Alouache |
Bug Bounty | 2022-10-28 | 2023-06-13 |
| 2690 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #2 |
Broken Access Control
IDOR |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-03-26 | 2023-06-13 |
| 2687 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #1 |
Broken Access Control
IDOR |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-03-28 | 2023-06-13 |
| 2647 | Exploiting Struts RCE on 2.5.26 |
RCE
Double OGNL evaluation |
Apache Struts |
Chris (@mc_0wn) |
Bug Bounty | 2021-04-12 | 2023-06-13 |
| 2620 | How I was able to inject XSS payload into any user%27s mailbox |
XSS |
NA |
Gaurav Popalghat (@N008x) |
Bug Bounty | 2021-04-21 | 2023-06-13 |
