2394 | Escalating Self-XSS To Stored XSS via Image injection + IDOR |
Self-XSS
Stored XSS
IDOR |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-07-21 | 2023-06-13 |
2392 | Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm |
Weak crypto |
NA |
Craig Hays (@craighays) |
Bug Bounty | 2021-07-22 | 2023-06-13 |
2390 | Story OF MY 3RD Bounty From Facebook |
Logic flaw |
NA |
Aashish Jung Kunwar (@WhoisAasis) |
Bug Bounty | 2021-07-23 | 2023-06-13 |
2385 | Easy Bounty With Exposed Buckets & Blobs |
Cloud storage misconfiguration |
NA |
mr.d0x (@mrd0x) |
Bug Bounty | 2021-07-26 | 2023-06-13 |
2384 | Bug Chain leads to Mass Account Takeover! |
Information disclosure
Password reset
Account takeover |
NA |
Shubhayu Majumdar (@shubhayu64) |
Bug Bounty | 2021-07-26 | 2023-06-13 |
2381 | XXE Case Studies |
XXE |
NA |
cinzinga (@cinzinga_) |
Bug Bounty | 2021-07-26 | 2023-06-13 |
2380 | You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures |
Password reset
Host header injection
CSRF
Account takeover |
NA |
Tommaso Innocenti (@innotommy) |
Bug Bounty | 2021-07-26 | 2023-06-13 |
2378 | Abusing JSON Web Token to steal accounts — 3000$ |
IDOR |
NA |
Filipe Azevedo (@filipaze_) |
Bug Bounty | 2021-07-27 | 2023-06-13 |
2377 | XSS-Special-Cases: XSS That Works only in mobile Devices |
XSS |
NA |
0xdln (@0xdln) |
Bug Bounty | 2021-07-27 | 2023-06-13 |
2376 | Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth |
RCE
PHP Object Injection |
Moodle |
Johannes Moritz |
Bug Bounty | 2021-07-27 | 2023-06-13 |
2375 | Information Disclosure to Account Takeover |
Information disclosure
OAuth
Account takeover
Authentication bypass |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-07-28 | 2023-06-13 |
2374 | How I earned $$$$ by Amazon S3 Bucket misconfigurations? |
AWS misconfiguration
Subdomain takeover |
NA |
Abdullah Mohamed (@3bodymo_) |
Bug Bounty | 2021-07-29 | 2023-06-13 |
2373 | Chaining Open Redirect with XSS to Account Takeover |
Open redirect
XSS
Account takeover |
NA |
Radian ID |
Bug Bounty | 2021-07-29 | 2023-06-13 |
2371 | How I found my first IDOR in HackerOne |
IDOR |
NA |
N1GHTMAR3 (@n1ghtmar3_2421) |
Bug Bounty | 2021-07-29 | 2023-06-13 |
2369 | Google Bug Bounty: $500 worth client-side DoS on Google Keep |
Application-level DoS |
Google |
Tommaso De Ponti (@heytdep) |
Bug Bounty | 2021-07-30 | 2023-06-13 |
2368 | Account takeover via stored xss |
Stored XSS |
NA |
vikram naidu (@ImVikram7msd) |
Bug Bounty | 2021-07-30 | 2023-06-13 |
2367 | XXE in Public Transport Ticketing Mobile APP |
XXE
RCE |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-07-30 | 2023-06-13 |
2365 | How I bypassed website using Akamai waf |
XSS |
NA |
Yusif Cəfərov (@yusifceferov_) |
Bug Bounty | 2021-07-31 | 2023-06-13 |
2364 | How I escalate my Self-Stored XSS to Account Takeover with the help of IDOR |
Self-XSS
IDOR
Account takeover |
HackerEarth |
Jefferson Gonzales (@gonzxph) |
Bug Bounty | 2021-07-31 | 2023-06-13 |
2363 | From Hobby to Hacking |
Unrestricted file upload
RCE
Missing authentication |
NA |
Muhammad Syahrul Haniawan (@b0x_in) |
Bug Bounty | 2021-07-31 | 2023-06-13 |
2362 | Bug Bounty Stories #1: Tale of CSP bypass in an electron app! |
CSP bypass |
NA |
SecurityGOAT (@RuntimeSecurity) |
Bug Bounty | 2021-07-31 | 2023-06-13 |
2359 | Multi Domain DOM Cross Site Scripting |
DOM XSS |
NA |
Sam Paredes (@caffeinevulns) |
Bug Bounty | 2021-08-01 | 2023-06-13 |
2358 | Blind XXE Leads to Internal Port Scanning Through SSRF |
XXE
SSRF |
NA |
Sam Paredes (@caffeinevulns) |
Bug Bounty | 2021-08-01 | 2023-06-13 |
2357 | Bug bounty - PHI/PII critical data exposure |
Information disclosure |
NA |
Molx32 |
Bug Bounty | 2021-08-01 | 2023-06-13 |
2356 | Tale of XSS in Angular |
Reflected XSS |
NA |
Sicksec (@OriginalSicksec) |
Bug Bounty | 2021-08-02 | 2023-06-13 |