| 2594 | How I was able to Retrieve your Personal Documents using the Wayback Machine! |
Privacy issue
Information disclosure |
NA |
Savir Suda (@savxiety) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
| 2560 | Counter-Strike Global Offsets: reliable remote code execution |
RCE |
Valve |
brymko (@brymko) |
Bug Bounty | 2021-05-13 | 2023-06-13 |
| 2503 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #3 |
Broken Access Control |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-06-04 | 2023-06-13 |
| 2494 | How i was able to bypass parental pin of showmax |
Authorization flaw |
Showmax |
abdulsec (@moodiAbdoul) |
Bug Bounty | 2021-06-09 | 2023-06-13 |
| 2488 | How I was able to bypass the admin panel without the credentials. |
Information disclosure |
NA |
Pratikkhalane (@KhalanePratik) |
Bug Bounty | 2021-06-12 | 2023-06-13 |
| 2478 | This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them |
IDOR
GraphQL |
NA |
Mayur Fartade (@mayurfartade) |
Bug Bounty | 2021-06-15 | 2023-06-13 |
| 2477 | How We Are Able To Hack Any Company By Sending Message – $20,000 Bounty [CVE-2021–34506] |
Universal XSS |
Microsoft |
Shivam Kumar Singh (@MrRajputHacker) |
Bug Bounty | 2021-06-15 | 2023-06-13 |
| 2468 | How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506] |
Universal XSS |
Microsoft |
Vansh Devgan (@Th3Pr0xyB0y) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
| 2456 | How i was able to get Appreciation from the organization of a website just by changing a sign..!!! |
Information disclosure
Source code disclosure |
NA |
Fardeen Ahmed (@fardeenahmed411) |
Bug Bounty | 2021-06-23 | 2023-06-13 |
| 2448 | Gaining access to protected components |
Vulnerable Android content provider
Android |
NA |
DavMehtab Zafar (@0xmzfr) |
Bug Bounty | 2021-06-25 | 2023-06-13 |
| 2438 | How I was able to Takeover Accounts on Foxit.com |
Password reset
Account takeover |
NA |
Jefferson Gonzales (@gonzxph) |
Bug Bounty | 2021-06-29 | 2023-06-13 |
| 2423 | Account Takeovers — Believe the Unbelievable |
Account takeover
Session management issue
Weak credentials
Components with known vulnerabilities
Password reset |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-07-09 | 2023-06-13 |
| 2409 | Stored XSS in Google Doubleclick Studio [Google Research Grant] |
Stored XSS |
Google |
Jasminder Pal Singh (@Singh_Jasminder) |
Bug Bounty | 2021-07-14 | 2023-06-13 |
| 2407 | How i was able to bypass Cloudflare for XSS! |
XSS |
NA |
hosein vita (@HoseinVita) |
Bug Bounty | 2021-07-16 | 2023-06-13 |
| 2397 | How I was able Find mass leaked AWS s3 bucket from js File |
AWS misconfiguration |
NA |
Santosh Kumar Sha (@killmongar1996) |
Bug Bounty | 2021-07-20 | 2023-06-13 |
| 2360 | The journey from Google Honorable Mention to Hall of Fame. |
Referer leakage
Information disclosure
Password reset |
Google |
Akash basnet (@noneofyou007) |
Bug Bounty | 2021-08-01 | 2023-06-13 |
| 2354 | ~/BugBounty/IDOR/”How I was able to exfiltrate any user’s credit coupons” |
IDOR |
NA |
Jai Sharma (@ja1sharma) |
Bug Bounty | 2021-08-02 | 2023-06-13 |
| 2328 | How we was able to takeover whole organization via Privilege Escalation |
Privilege escalation
Authorization flaw |
NA |
Yasser Mohammed (@boomneroli) |
Bug Bounty | 2021-08-13 | 2023-06-13 |
| 2318 | Two weeks of securing Samsung devices: Part 2 |
Arbitrary file write
Arbitrary file read
Vulnerable Android content provider
Android |
Samsung |
Oversecured (@OversecuredInc) |
Bug Bounty | 2021-08-16 | 2023-06-13 |
| 2308 | How I was able to get 1000$ bounty from a ds-store file? |
Information disclosure
Debugging enabled |
NA |
Khaled Mohamed (@0xElkomy) |
Bug Bounty | 2021-08-21 | 2023-06-13 |
| 2301 | How i was able to steal private files of any user on Larksuite |
IDOR |
NA |
Imran Nissar (@Imrannissar3) |
Bug Bounty | 2021-08-24 | 2023-06-13 |
| 2296 | Vulnerability in Bumble dating app reveals any user%27s exact location |
Information disclosure
Logic flaw |
Bumble |
Robert Heaton (@RobJHeaton) |
Bug Bounty | 2021-08-25 | 2023-06-13 |
| 2290 | Oauth client secret leak and possible IDOR leading to PII Disclosure |
IDOR
OAuth
Information disclosure |
NA |
Monke (@pmofcats) |
Bug Bounty | 2021-08-26 | 2023-06-13 |
| 2233 | How I Was Able to delete any facebook story where am I mentioned or tagged |
Logic flaw |
Meta / Facebook |
Sank Dahal (@sank68034756) |
Bug Bounty | 2021-09-10 | 2023-06-13 |
| 2218 | How I was able to find 100+ XSS in United nations Bug Bounty Program |
XSS |
United Nations |
mrpentestguy (@MR_iambatman) |
Bug Bounty | 2021-09-16 | 2023-06-13 |
