2282 | Information disclosure via api misconfiguration |
Information disclosure |
NA |
Rizwan_siddiqui (@Rizwan_SiDdiqu1) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
2281 | ATO of WordPress Website “4 digits €€€€ Bounty in 5 Minute!” |
Exposed registration page
Account takeover |
NA |
Ritesh Gohil (@RiteshG37659480) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
2278 | How MarkMonitor left >60,000 domains for the taking |
Subdomain takeover |
NA |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
2277 | Two account takeover bugs worth $4300 🎁 |
Account takeover
Privilege escalation
403 bypass
IDOR |
NA |
Usama Varikkottil (@usama_dev) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
2276 | I owe your Request | HTTP Request Smuggling leads to Full Accounts takeover |
HTTP Request Smuggling |
NA |
Muhammad Adel (@ItsFadinG_) |
Bug Bounty | 2021-08-30 | 2023-06-13 |
2274 | CVE-2021-39165: A Bug Bounty Journey from a Laravel SQL Injection Vulnerability |
SQL injection |
NA |
Xuan Tuyen |
Bug Bounty | 2021-08-30 | 2023-06-13 |
2273 | Broken Access Control Leads To Change Of Admin Details |
Privilege escalation
Client-side enforcement of server-side security |
NA |
V3D (@v3d_bug) |
Bug Bounty | 2021-08-31 | 2023-06-13 |
2272 | Bypassing 2-Factor Authentication for Facebook Business Manager (Bounty: 1000 USD) |
MFA bypass |
Meta / Facebook |
Shubham Bhamare (@theshubh77) |
Bug Bounty | 2021-08-31 | 2023-06-13 |
2267 | CVE-2021-2429: A Heap-based Buffer Overflow Bug In The Mysql Innodb Memcached Plugin |
Memory corruption |
Oracle (MySQL) |
- |
Bug Bounty | 2021-09-02 | 2023-06-13 |
2266 | Hacking Dutch Government For a lousy T-shirt |
IDOR
Information disclosure |
Dutch Government |
Veshraj Ghimire (@GhimireVeshraj) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
2265 | How I Found Multiple XSS in Hidden Legacy Pages |
XSS |
NA |
Marx Chryz |
Bug Bounty | 2021-09-02 | 2023-06-13 |
2264 | chaining bugs from self XSS to account takeover |
Self-XSS
WAF bypass
CSRF
Account takeover |
NA |
Behnam Yazdanpanah (@abhiunix) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
2263 | Breaking Application’s Logic to DOS Attack |
IDOR
DoS |
NA |
Abhijeet Singh (@abhiunix) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
2259 | RCE By Code Injection | Perl Reverse Shell |
RCE
Code injection |
NA |
Abdulrahman-Kamel |
Bug Bounty | 2021-09-02 | 2023-06-13 |
2258 | Play the music and bypass TCC aka CVE-2020-29621 |
Privacy issue
MacOS |
Apple |
Wojciech Reguła (@_r3ggi) |
Bug Bounty | 2021-09-02 | 2023-06-13 |
2256 | IDOR Vulnerability In GraphQL Api On Website |
IDOR
GraphQL |
NA |
Aidil Arief |
Bug Bounty | 2021-09-03 | 2023-06-13 |
2252 | Bypassed! and uploaded a sweet reverse shell |
Unrestricted file upload |
NA |
Ajay Sharma (@security_donut) |
Bug Bounty | 2021-09-05 | 2023-06-13 |
2251 | Business Logic Errors - Must Vote |
Logic flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-09-05 | 2023-06-13 |
2249 | Anti-crawler Burp Suite RCE |
RCE
Browser hacking |
PortSwigger |
Wfox |
Bug Bounty | 2021-09-06 | 2023-06-13 |
2248 | How I can take over any user’s account with their mobile number |
Account takeover
OTP bypass
Authentication bypass |
NA |
Sushmitha Katikitala |
Bug Bounty | 2021-09-06 | 2023-06-13 |
2246 | SSD Advisory – NETGEAR D7000 Authentication Bypass |
Authentication bypass |
Netgear |
- |
Bug Bounty | 2021-09-06 | 2023-06-13 |
2245 | Full structure takeover to many brands of company |
Directory listing
Information disclosure |
NA |
Abdelrahman Khaled |
Bug Bounty | 2021-09-06 | 2023-06-13 |
2244 | SSRF in PDF export with PhantomJs |
SSRF
XSS
LFI |
NA |
أنس روبي (@xhzeem) |
Bug Bounty | 2021-09-07 | 2023-06-13 |
2239 | Account Takeover via XSS in e-signature feature worth 2500$ |
XSS
Account takeover |
NA |
Gökhan Güzelkokar (@gkhck_) |
Bug Bounty | 2021-09-08 | 2023-06-13 |
2238 | Spook.js: Attacking Google Chrome%27s Strict Site Isolation via Speculative Execution and Type Confusion |
Browser hacking
Side-channel attack
Site Isolation bypass |
Google |
Ayush Agarwal |
Bug Bounty | 2021-09-08 | 2023-06-13 |