| 3657 | A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell |
XXE
RCE
Directory Traversal |
NA |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2020-02-18 | 2023-06-13 |
| 3656 | Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC |
Information disclosure
Hardcoded credentials |
NA |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2020-02-19 | 2023-06-13 |
| 3655 | Exploiting Jira for Host Discovery |
CSRF |
Atlassian |
Alex Peña |
Bug Bounty | 2020-02-20 | 2023-06-13 |
| 3654 | Hunting Tesla Model Y Secrets in the Parts Catalog |
Authorization flaw |
Tesla |
Evan Connelly (@Evan_Connelly) |
Bug Bounty | 2020-02-22 | 2023-06-13 |
| 3653 | Tale of Account Takeovers (Part-1) |
Account takeover
HTTP parameter pollution
Password reset
OTP bypass |
NA |
Vijaysimha Reddy Bathini (@fatratfatrat) |
Bug Bounty | 2020-02-22 | 2023-06-13 |
| 3652 | Reflected XSS In AT&T |
Reflected XSS |
AT&T |
Myo Min Thu (@myominthu1337) |
Bug Bounty | 2020-02-23 | 2023-06-13 |
| 3651 | Blind XSS against a Googler |
Blind XSS |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2020-02-23 | 2023-06-13 |
| 3650 | Discord DoS with a single message |
DoS |
Discord |
DarkMatterMatt |
Bug Bounty | 2020-02-24 | 2023-06-13 |
| 3649 | Stored-XSS-on-groups-google-com |
Stored XSS |
Google |
Alessandro Rumampuk (@Rando02355205) |
Bug Bounty | 2020-02-25 | 2023-06-13 |
| 3648 | Mail.Ru Ext.B Scope Account Takeover [ $1500 ] |
Account takeover
OAuth |
Mail.ru |
Myo Min Thu (@myominthu1337) |
Bug Bounty | 2020-02-25 | 2023-06-13 |
| 3647 | How i found 3 SSRF in one day on different bug bounty targets |
SSRF |
NA |
- |
Bug Bounty | 2020-02-25 | 2023-06-13 |
| 3646 | How I Get my first P1 (Sensitive Information Disclosure) using WPScan |
Information disclosure |
NA |
Harrmahar (@harrmahar) |
Bug Bounty | 2020-02-26 | 2023-06-13 |
| 3645 | Long String DoS |
DoS |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-02-26 | 2023-06-13 |
| 3644 | Write-up: AWS Document Signing Security Control Bypass |
AWS misconfiguration |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2020-02-26 | 2023-06-13 |
| 3643 | RCE via Apache Struts2 - Still out there. |
RCE |
NA |
Abhishek (@abhishake100) |
Bug Bounty | 2020-02-27 | 2023-06-13 |
| 3641 | The Tricky XSS |
XSS |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2020-02-28 | 2023-06-13 |
| 3640 | Page Admin Disclosure via an Upgraded Page Post |
Authorization flaw
Information disclosure |
Meta / Facebook |
Dan Fabro (@0x61_) |
Bug Bounty | 2020-02-28 | 2023-06-13 |
| 3639 | Account Hijack using Authorization bypass $$$$ |
Account takeover
Authorization flaw |
NA |
Bhavesh Thakur (@Bhavesh_Thakur_) |
Bug Bounty | 2020-02-28 | 2023-06-13 |
| 3638 | A mysterious bug in the firmware of Google%27s Titan M chip (CVE-2019-9465) |
Cryptographic issues |
Google |
Alexander Bakker |
Bug Bounty | 2020-02-29 | 2023-06-13 |
| 3636 | Discord embed spoofing |
Phishing |
Discord |
DarkMatterMatt |
Bug Bounty | 2020-03-02 | 2023-06-13 |
| 3635 | SSRF on PDF generator. |
SSRF |
NA |
John Michael (@michan2514) |
Bug Bounty | 2020-03-02 | 2023-06-13 |
| 3634 | SQL Injection Via Stopping the redirection to a login page |
SQL injection
Authorization flaw |
NA |
Abde Ouabala (@4mgh0z) |
Bug Bounty | 2020-03-03 | 2023-06-13 |
| 3633 | How I CSRF’d My First Bounty! |
CSRF |
NA |
Rajesh Ranjan (@rajesh_ranjan4) |
Bug Bounty | 2020-03-03 | 2023-06-13 |
| 3632 | ManageEngine ServiceDesk Plus: Arbitrary File Upload |
Arbitrary file upload
RCE |
NA |
Duc Anh Bui |
Bug Bounty | 2020-03-03 | 2023-06-13 |
| 3631 | Exploiting an SSRF: Trials and Tribulations |
SSRF |
NA |
A Bug’z Life (@abugzlife1) |
Bug Bounty | 2020-03-03 | 2023-06-13 |
