| 3670 | Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches |
Information disclosure |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2020-02-11 | 2023-06-13 |
| 3658 | From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World |
Information disclosure
RCE |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-02-18 | 2023-06-13 |
| 3656 | Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC |
Information disclosure
Hardcoded credentials |
NA |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2020-02-19 | 2023-06-13 |
| 3646 | How I Get my first P1 (Sensitive Information Disclosure) using WPScan |
Information disclosure |
NA |
Harrmahar (@harrmahar) |
Bug Bounty | 2020-02-26 | 2023-06-13 |
| 3640 | Page Admin Disclosure via an Upgraded Page Post |
Authorization flaw
Information disclosure |
Meta / Facebook |
Dan Fabro (@0x61_) |
Bug Bounty | 2020-02-28 | 2023-06-13 |
| 3610 | How I got access to critical data of a Company in no time ? |
Information disclosure
Lack of rate limiting
Bruteforce |
NA |
Kaustubh Kale |
Bug Bounty | 2020-03-12 | 2023-06-13 |
| 3608 | API secret key Leakage leads to disclosure of Employee’s Information |
Information disclosure |
NA |
Ace Candelario (@phspades) |
Bug Bounty | 2020-03-13 | 2023-06-13 |
| 3607 | User%27s email disclosure via invalid password reset link [$250] |
Password reset
Information disclosure |
NA |
Myo Min Thu (@myominthu1337) |
Bug Bounty | 2020-03-13 | 2023-06-13 |
| 3606 | What is your GCP infra worth?...about ~$700 [Bugbounty] |
Information disclosure |
Tokopedia |
Chris Gates (@carnal0wnage) |
Bug Bounty | 2020-03-13 | 2023-06-13 |
| 3581 | Exploiting magic links, critical bugs are one line away |
Information disclosure
Missing authentication |
Razer |
0xSha (@0xsha) |
Bug Bounty | 2020-03-27 | 2023-06-13 |
| 3567 | Account Take Over without user Interaction |
Password reset
Information disclosure
Account takeover |
NA |
Ravilla Bharath |
Bug Bounty | 2020-04-02 | 2023-06-13 |
| 3560 | Page Admin Disclosure: Facebook Bug Bounty 2020 |
Information disclosure
Logic flaw |
Meta / Facebook |
Saugat Pokharel (@saugatpk5) |
Bug Bounty | 2020-04-04 | 2023-06-13 |
| 3557 | $3K Bounty For Elastic-Search Takeover |
Elasticsearch Takeover
Information disclosure |
NA |
Ashish Kunwar (@D0rkerDevil) |
Bug Bounty | 2020-04-06 | 2023-06-13 |
| 3519 | Recon to Sensitive Information Disclosure in Minutes |
Information disclosure
Outdated component with a known vulnerability |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-04-28 | 2023-06-13 |
| 3499 | A tale of verbose error message and a JWT token |
Information disclosure
Authorization flaw |
NA |
Marek Geleta (@marek_geleta) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 3490 | How I made $10K in bug bounties from GitHub secret leaks |
Information disclosure |
NA |
Tillson Galloway (tillson_) |
Bug Bounty | 2020-05-10 | 2023-06-13 |
| 3485 | $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt |
Information disclosure |
NA |
Johann Rehberger (wunderwuzzi23) |
Bug Bounty | 2020-05-13 | 2023-06-13 |
| 3476 | Stored XSS Leads to Plaintext Password Disclosure |
Stored XSS
Information disclosure
Unrestricted file upload |
NA |
bad5ect0r (@bad5ect0r) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3467 | How I got 200$ in 5 minutes – Sensitive data leak |
Information disclosure |
NA |
Sanjay Verdu (@codersanjay) |
Bug Bounty | 2020-05-19 | 2023-06-13 |
| 3461 | Parsing the DOM elements of Other pages via XSS: A Bug Bounty Story |
XSS
Information disclosure |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2020-05-22 | 2023-06-13 |
| 3459 | How Source code reading helped me find an IDOR |
IDOR
Information disclosure |
NA |
Sanjay Verdu (@codersanjay) |
Bug Bounty | 2020-05-22 | 2023-06-13 |
| 3448 | How I was able to see Private Video Uploader Via Facebook Rights Manager.[Responsible Disclosure] |
Information disclosure |
Meta / Facebook |
Kishore TK (@kishoretk_off) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3445 | Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code |
Information disclosure |
Apple |
Andy Grant |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3437 | The story of My First $xxx Bug Bounty From Facebook |
Logic flaw
Information disclosure |
Meta / Facebook |
Sudip Shah |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3435 | Hunting on ASPX Application For P1%27s [Unauthenticated SOAP,RCE, Info Disclosure] |
RCE
Information disclosure
IDOR |
NA |
ElMahdi Mrhassel (@ElMrhassel) |
Bug Bounty | 2020-05-31 | 2023-06-13 |
