2095 | Bypass Chrome Ad-Heavy detection mechanism |
Browser hacking |
Google (Chrome) |
0x0021h (@0x0021h) |
Bug Bounty | 2021-11-09 | 2023-06-13 |
2093 | 400$ Bounty again using Google Dorks |
Directory listing
Information disclosure |
NA |
Haris M (@hrsm321) |
Bug Bounty | 2021-11-09 | 2023-06-13 |
2092 | Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond |
HTTP Header Smuggling
HTTP Request Smuggling |
NA |
Daniel Thatcher (@_danielthatcher) |
Bug Bounty | 2021-11-10 | 2023-06-13 |
2091 | ChaosDB Explained: Azure%27s Cosmos DB Vulnerability Walkthrough |
Cross-tenant vulnerability
Account takeover
Privilege escalation |
Microsoft |
Nir Ohfeld (@nirohfeld) |
Bug Bounty | 2021-11-10 | 2023-06-13 |
2089 | Unrestricted File Upload Leads to SSRF and RCE |
ImageTragick
Unrestricted file upload
SSRF
RCE |
NA |
Muhammad Adel (@ItsFadinG_) |
Bug Bounty | 2021-11-11 | 2023-06-13 |
2087 | Simple SSRF Allows Access To Internal Assets |
SSRF |
NA |
Sam Paredes (@caffeinevulns) |
Bug Bounty | 2021-11-11 | 2023-06-13 |
2085 | chaining improper authentication to idor and no rate limit for mass account takeover |
Account takeover
Lack of rate limiting
CSRF
IDOR |
NA |
mohit (@mohit29295572) |
Bug Bounty | 2021-11-12 | 2023-06-13 |
2084 | How I got $200 in 30 Seconds. |
Information disclosure |
NA |
Yash__ HackZ (@HackzYash) |
Bug Bounty | 2021-11-12 | 2023-06-13 |
2083 | Privilege Escalation, worth of €300 |
Broken Access Control
IDOR
Privilege escalation |
NA |
Hemant Kumar |
Bug Bounty | 2021-11-12 | 2023-06-13 |
2082 | Never leave this tip while you hunting Broken Access Control |
Broken Access Control |
NA |
secureITmania (@secureitmania) |
Bug Bounty | 2021-11-13 | 2023-06-13 |
2079 | Broken Link Hijacking — 404 Google Play Store— xxx$ Bounty |
Broken link hijacking |
NA |
Proviesec (@proviesec) |
Bug Bounty | 2021-11-14 | 2023-06-13 |
2078 | How I Found P1 bug Due to Sensitive data exposure And Earn $$$$ |
Information disclosure |
NA |
Piyush shukla (@PiyushShukla__) |
Bug Bounty | 2021-11-15 | 2023-06-13 |
2076 | T-Reqs: HTTP Request Smuggling with Differential Fuzzing |
HTTP Request Smuggling |
NA |
Bahruz Jabiyev (@BahruzJabiyev) |
Bug Bounty | 2021-11-15 | 2023-06-13 |
2073 | Diving into Open-source LMS Codebases |
Insecure file upload
Insecure deserialization
RCE
CSRF
SQL injection
Reflected XSS |
Moodle
Chamilo LMS |
Poh Jia Hao (@Chocologicall) |
Bug Bounty | 2021-11-16 | 2023-06-13 |
2072 | Finding Zero-Day Vulnerabilities in the Supply Chain |
CSTI
Signature bypass |
Adaxes |
Roni Carta (@0xLupin) |
Bug Bounty | 2021-11-16 | 2023-06-13 |
2071 | Keybase App Vulnerability: Incomplete Cleanup of Messages In Keybase for Android/iOS, CVE-2021-34421 |
Information disclosure |
Keybase |
Olivia O’Hara (@oliviaohara) |
Bug Bounty | 2021-11-17 | 2023-06-13 |
2070 | The tale of CVE-2021–34479 (VSCode XSS) |
XSS
CSP bypass |
Microsoft |
Daniel Santos (@bananabr) |
Bug Bounty | 2021-11-17 | 2023-06-13 |
2068 | CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory |
Information disclosure |
Microsoft |
Karl Fosaaen (@kfosaaen) |
Bug Bounty | 2021-11-17 | 2023-06-13 |
2067 | URL whitelist bypass in https://cxl-services.appspot.com |
Privilege escalation
URL validation bypass
SSRF |
Google |
David Schütz (@xdavidhu) |
Bug Bounty | 2021-11-17 | 2023-06-13 |
2066 | A common defect in java system-Memory DoS (include CVE-2021-2344, CVE-2021-2371, CVE-2021-2376, CVE-2021-2378) |
DoS |
Oracle |
threedr3am (@threedr3am1) |
Bug Bounty | 2021-11-18 | 2023-06-13 |
2065 | A Story of an Epic Blind Remote Code Execution(RCE) |
RCE
OS command injection |
NA |
Akash Solanki (@MAALP1225) |
Bug Bounty | 2021-11-18 | 2023-06-13 |
2063 | Exploiting OAuth: Journey to Account Takeover |
Account takeover
OAuth
XSS
Weak CSP
CSRF |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2021-11-19 | 2023-06-13 |
2060 | Peeping through a Web-Socket |
Cross-Site Websocket Hijacking (CSWH) |
NA |
Aditya Verma (@0cirius0) |
Bug Bounty | 2021-11-21 | 2023-06-13 |
2059 | [BugBounty] XSS with Markdown — Exploit & Fix on OpenSource |
XSS |
NA |
Lê Thành Phúc |
Bug Bounty | 2021-11-22 | 2023-06-13 |
2057 | A business logic error bug worth 600$ |
Payment tampering |
NA |
Deep Patidar (@itsdeepceh) |
Bug Bounty | 2021-11-23 | 2023-06-13 |