| 3526 | XSS in Peerio 2 Windows Application (Write Up) |
XSS |
Peerio |
Evan Ricafort (@evanricafort) |
Bug Bounty | 2020-04-24 | 2023-06-13 |
| 3525 | Fun With CORS Misconfiguration — II |
CORS misconfiguration
XSS |
NA |
Aman Gupta (@gupt4j1) |
Bug Bounty | 2020-04-25 | 2023-06-13 |
| 3524 | 1-click RCE on Keybase |
RCE |
Keybase |
smaury (@smaury92) |
Bug Bounty | 2020-04-27 | 2023-06-13 |
| 3523 | Bitrix WAF bypass |
Reflected XSS |
Mail.ru |
Roma Ramazanoff (@r0hack) |
Bug Bounty | 2020-04-27 | 2023-06-13 |
| 3522 | Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams |
Account takeover
Subdomain takeover |
Microsoft |
Omer Tsarfati (@OmerTsarfati) |
Bug Bounty | 2020-04-27 | 2023-06-13 |
| 3521 | Piercing the Veal: Short Stories to Read with Friends |
SSRF |
DuckDuckGo |
d0nut (@d0nutptr) |
Bug Bounty | 2020-04-27 | 2023-06-13 |
| 3519 | Recon to Sensitive Information Disclosure in Minutes |
Information disclosure
Outdated component with a known vulnerability |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-04-28 | 2023-06-13 |
| 3518 | Indirect UXSS issue on a private Android target app |
Universal XSS |
NA |
Kunal pandey (@kunalp94) |
Bug Bounty | 2020-04-29 | 2023-06-13 |
| 3516 | Account taken over in style !!! |
Logic flaw
CSRF
Account takeover |
NA |
kishore hariram (@kishorehariram) |
Bug Bounty | 2020-04-30 | 2023-06-13 |
| 3515 | [Bug Bounty Writeups] Exploiting SQL Injection Vulnerability |
SQL injection |
NA |
Ahmed ElTijani |
Bug Bounty | 2020-04-30 | 2023-06-13 |
| 3514 | Researching Polymorphic Images for XSS on Google Scholar |
Stored XSS |
Google |
Lorenzo Stella (@lorenzostella) |
Bug Bounty | 2020-04-30 | 2023-06-13 |
| 3513 | Hacking Razer Pay Ewallet App |
IDOR |
Razer |
Richard Tan (@sambal0x) |
Bug Bounty | 2020-04-30 | 2023-06-13 |
| 3512 | The Story of Blind SSRF leads to internal Host discovery. |
SSRF |
NA |
kaustubh padwad (@s3curityb3ast) |
Bug Bounty | 2020-05-01 | 2023-06-13 |
| 3511 | Ok Google! bypass flag_secure’ |
Authorization flaw |
Google |
Pankaj Upadhyay (@_pupadhyay) |
Bug Bounty | 2020-05-01 | 2023-06-13 |
| 3508 | Blind SSRF on coda.io |
SSRF |
Coda |
Kleiton Kurti (@kleiton0x7e) |
Bug Bounty | 2020-05-02 | 2023-06-13 |
| 3507 | Reflected XSS on Microsoft.com via Angular Js template injection |
CSTI
XSS |
Microsoft |
Pratik Dabhi (@impratikdabhi) |
Bug Bounty | 2020-05-02 | 2023-06-13 |
| 3506 | Private Dashboards were accessible by other Admins in Analytics Dashboard |
Authorization flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2020-05-02 | 2023-06-13 |
| 3505 | #BugBounty — Adding Money Using Response Modification |
Payment tampering
Logic flaw |
NA |
Line_no 6 |
Bug Bounty | 2020-05-03 | 2023-06-13 |
| 3504 | DOM XSS in Gmail with a little help from Chrome |
DOM XSS |
Google |
Enguerran Gillier (@opnsec) |
Bug Bounty | 2020-05-03 | 2023-06-13 |
| 3503 | Cool paste jacking attack earned me $$$ |
Paste jacking |
NA |
Aman Rawat (@theamanrawat) |
Bug Bounty | 2020-05-04 | 2023-06-13 |
| 3502 | G Suite - Device Management XSS |
XSS |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 3501 | Multiple XSS |
Stored XSS |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 3500 | Stored XSS on biz.waze.com |
XSS |
Google (Waze) |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 3499 | A tale of verbose error message and a JWT token |
Information disclosure
Authorization flaw |
NA |
Marek Geleta (@marek_geleta) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 3498 | Google Acquisition XSS (Apigee) |
XSS |
Google |
TnMch (@TnMch_) |
Bug Bounty | 2020-05-06 | 2023-06-13 |
