| 3497 | DOM XSS Walkthrough |
DOM XSS |
NA |
Youssef Lahouifi (@YLahouifi) |
Bug Bounty | 2020-05-06 | 2023-06-13 |
| 3496 | How we Hijacked 26+ Subdomains |
Subdomain takeover |
NA |
Aishwarya Kendle (@aish_kendle) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3495 | DOM-Based XSS at accounts.google.com by Google Voice Extension. |
DOM XSS |
Google |
missoum1307 (@missoum1307) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3494 | I Found XSS Security Flaws in Rails – Here%27s What Happened. |
XSS |
Ruby on Rails |
Jesse Campos |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3493 | $20000 Facebook DOM XSS |
DOM XSS |
Meta / Facebook |
Vinoth Kumar (@vinodsparrow) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3492 | Pentesting Cisco SD-WAN Part 2: Breaking Routers |
OS command injection
Security code review |
Cisco |
Julien Legras (@Julien_Legras) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3491 | Bypass XSS filter using HTML Escape |
XSS |
Google |
Syahri Ramadan (@adonkidz7) |
Bug Bounty | 2020-05-08 | 2023-06-13 |
| 3490 | How I made $10K in bug bounties from GitHub secret leaks |
Information disclosure |
NA |
Tillson Galloway (tillson_) |
Bug Bounty | 2020-05-10 | 2023-06-13 |
| 3489 | Another Zoho ManageEngine Story |
Authentication bypass |
Zoho |
Florian Hauser (@frycos) |
Bug Bounty | 2020-05-11 | 2023-06-13 |
| 3488 | Magic of the Back Slash |
Path traversal |
NA |
Anil Tom (mr_4nk) |
Bug Bounty | 2020-05-11 | 2023-06-13 |
| 3486 | Lucky Bug Which Let Me Change Name of Every Accounts at a Single Click |
SQL injection |
NA |
Merbin Russel (e_23_e) |
Bug Bounty | 2020-05-13 | 2023-06-13 |
| 3485 | $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt |
Information disclosure |
NA |
Johann Rehberger (wunderwuzzi23) |
Bug Bounty | 2020-05-13 | 2023-06-13 |
| 3484 | Bug Bounty — Advanced Manual Penetration Testing Leading to Price Manipulation Vulnerability |
Payment tampering |
NA |
Talatmehmood |
Bug Bounty | 2020-05-14 | 2023-06-13 |
| 3483 | Weak Cryptography in Password Reset to Full Account Takeover |
Account takeover
Password reset
Cryptographic issues |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-05-15 | 2023-06-13 |
| 3482 | How I got my first swag on Edmodo with a simple XSS. |
Stored XSS |
Edmodo |
Sanjay Verdu (@codersanjay) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3481 | Password Reset Poisoning leading to Account Takeover |
Password reset
Account takeover |
NA |
Swapnil Maurya (@swapmaurya20) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3480 | Chained Bugs [ Account TakeOver ] |
IDOR
XSS
Account takeover |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3479 | How I was able to make users loss of money on Google Pay |
Clickjacking |
Google |
santuySec (@santuySec) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3478 | Logical Bug which let me stop Users from Creating Ads at a Website |
Logic flaw
DoS |
NA |
Merbin Russel (e_23_e) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3477 | One Param => $10k |
IDOR
XSS
Account takeover |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3476 | Stored XSS Leads to Plaintext Password Disclosure |
Stored XSS
Information disclosure
Unrestricted file upload |
NA |
bad5ect0r (@bad5ect0r) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3475 | Tale of Account Takeovers (Part-2) |
Account takeover |
NA |
Vijaysimha Reddy Bathini (@fatratfatrat) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3474 | Cors Blimey: The power of chaining CORS |
CORS misconfiguration
Stored XSS
CSRF |
NA |
Hazana (@hazanasec) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3473 | How Netgear meshed(*) up WiFi for Business |
Weak crypto
Authentication flaw |
Netgear |
Thorsten Schröder |
Bug Bounty | 2020-05-18 | 2023-06-13 |
| 3472 | My first 10k bdt bounty from an e-commerce site |
IDOR |
NA |
Md Saikat |
Bug Bounty | 2020-05-18 | 2023-06-13 |
