2355 | Privilege Escalation | stealing user’s point | Bugcrowd |
IDOR
Privilege escalation |
NA |
Abhind Abhi |
Bug Bounty | 2021-08-02 | 2023-06-13 |
2354 | ~/BugBounty/IDOR/”How I was able to exfiltrate any user’s credit coupons” |
IDOR |
NA |
Jai Sharma (@ja1sharma) |
Bug Bounty | 2021-08-02 | 2023-06-13 |
2350 | How I Scored 1K Bounty Using Waybackurls |
Information disclosure |
NA |
Sicksec (@OriginalSicksec) |
Bug Bounty | 2021-08-02 | 2023-06-13 |
2349 | How the use of hidden form fields lead to Email verification bypass |
Email verification bypass
Client-side enforcement of server-side security |
NA |
Yash Swarup (@wazirsec) |
Bug Bounty | 2021-08-03 | 2023-06-13 |
2348 | PostMessage Xss vulnerability on private program |
XSS
postMessage |
NA |
Youghourta Ghannei (@YoughartaG) |
Bug Bounty | 2021-08-03 | 2023-06-13 |
2346 | Account Takeover (User + Admin) Via Password Reset |
Account takeover
Password reset
Logic flaw |
NA |
Hemant Patidar (@HemantSolo) |
Bug Bounty | 2021-08-05 | 2023-06-13 |
2345 | Do you like to read? I can take over your Kindle with an e-book |
Memory corruption
RCE
Local Privilege Escalation |
Amazon |
Slava Makkaveev |
Bug Bounty | 2021-08-06 | 2023-06-13 |
2340 | Size Matters — CVE-2021–0485 (High) |
Local Privilege Escalation
Android |
Google |
Dimitrios Valsamaras (@Ch0pin) |
Bug Bounty | 2021-08-07 | 2023-06-13 |
2339 | CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation Of Privilege (EOP) |
Local Privilege Escalation |
Intel |
bohops (@bohops) |
Bug Bounty | 2021-08-07 | 2023-06-13 |
2338 | CVE-2021-25738 |
RCE |
Kubernetes |
Jordy Versmissen / J0VSEC (@j0v0x0) |
Bug Bounty | 2021-08-07 | 2023-06-13 |
2337 | What is BOLA? 3-digit bounty from Topcoder ($$$) |
IDOR |
Topcoder |
can1337 (@canmustdie) |
Bug Bounty | 2021-08-09 | 2023-06-13 |
2336 | Fuzzing + IDOR = Admin TakeOver |
IDOR
Account takeover |
NA |
Gonzalo Carrasco (@0xCGonzalo) |
Bug Bounty | 2021-08-09 | 2023-06-13 |
2335 | Multiple Vulnerabilities In cPanel/WHM |
XXE
Stored XSS
Privilege escalation
CSRF
Cross-Site WebSocket Hijacking (CSWH) |
cPanel |
Adrian Tiron (@adrian__t) |
Bug Bounty | 2021-08-10 | 2023-06-13 |
2334 | OVE-20210809-0001 Visual Studio Code .ipynb Jupyter Notebook XSS (Arbitrary File Read) |
XSS
Arbitrary file read |
Microsoft |
Justin Steven (@justinsteven) |
Bug Bounty | 2021-08-11 | 2023-06-13 |
2333 | How I Bought a £240.00 Annual Subscription for Bargain £0.01 |
Payment tampering
Logic flaw |
NA |
Craig Hays (@craighays) |
Bug Bounty | 2021-08-11 | 2023-06-13 |
2331 | Taking Over Employee Accounts by Managers with Zero Employee Interaction |
HTML injection |
NA |
Chaitanya Rajhans (@Chaitanya_024) |
Bug Bounty | 2021-08-12 | 2023-06-13 |
2330 | Blind SSRF in URL Validator |
Blind SSRF |
NA |
Yash Kandekar (@Neutron__) |
Bug Bounty | 2021-08-12 | 2023-06-13 |
2329 | How I found read/write access to the personal data of 3 million users of an E-commerce website? |
IDOR |
NA |
Prashant Singh / SecGeek_one0one |
Bug Bounty | 2021-08-13 | 2023-06-13 |
2328 | How we was able to takeover whole organization via Privilege Escalation |
Privilege escalation
Authorization flaw |
NA |
Yasser Mohammed (@boomneroli) |
Bug Bounty | 2021-08-13 | 2023-06-13 |
2326 | Bypass Google Captcha+Parameter Pollution Leads to send email to any user on behalf of “Organization” with any desired content |
HTTP parameter pollution
Captcha bypass |
NA |
viral bhatt (@viralbhatt100) |
Bug Bounty | 2021-08-14 | 2023-06-13 |
2325 | Finding multiple SSRF with aws metadata access on A BANK system |
SSRF |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-08-14 | 2023-06-13 |
2324 | Simple HTML Injection to $250 |
Account takeover
Mass assignment |
NA |
Ahmad Halabi (@Ahmad_Halabi_) |
Bug Bounty | 2021-08-14 | 2023-06-13 |
2323 | 1st Bug Bounty WriteUp: Open Redirect To XSS on Login Page |
Open redirect
XSS |
NA |
Nassim Chami (@nvccim) |
Bug Bounty | 2021-08-15 | 2023-06-13 |
2321 | Why u should use burp to test Path Traversal Vulnerability and also get RXSS |
Path traversal
XSS
CSRF
Account takeover |
NA |
Yasser Mohammed (@boomneroli) |
Bug Bounty | 2021-08-16 | 2023-06-13 |
2320 | A Bug%27s Life: CVE-2021-21225 |
Browser hacking |
Google |
Brendon Tiszka (@btiszka) |
Bug Bounty | 2021-08-16 | 2023-06-13 |