| 3220 | Improper Implementation of My Status video time limit in WhatsApp |
Logic flaw
Privacy issue
Android |
Meta / Facebook |
Vishal Ranjan |
Bug Bounty | 2020-08-14 | 2023-06-13 |
| 3219 | Deleted data stored permanently on Instagram? Facebook Bug Bounty 2020 |
Logic flaw
Privacy issue |
Meta / Facebook |
Saugat Pokharel (@saugatpk5) |
Bug Bounty | 2020-08-14 | 2023-06-13 |
| 3215 | How I was able to send Authentic Emails as others — Google VRP [Resolved] |
Logic flaw
HTML injection
Email spoofing
Open mail relay |
Google |
Sriram Kesavan (@sriramoffcl) |
Bug Bounty | 2020-08-15 | 2023-06-13 |
| 3191 | Waze: How I Tracked Your Mother |
Logic flaw
Information disclosure |
Google (Waze) |
Peter Gasper (@malgregator) |
Bug Bounty | 2020-08-25 | 2023-06-13 |
| 3182 | Page shops with a hidden Product in “Featured product section” which could be controlled by attacker (Ex Editor). |
Logic flaw |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2020-08-31 | 2023-06-13 |
| 3166 | Unintended Behaviour of domain got me P4 |
Logic flaw |
NA |
Takester (@dhiraj_ramteke) |
Bug Bounty | 2020-09-10 | 2023-06-13 |
| 3161 | Business logic vulnerabilities — Low-level logic flaw |
Logic flaw |
NA |
Harry D |
Bug Bounty | 2020-09-13 | 2023-06-13 |
| 3158 | How I Accidentally Got My First Bounty From Facebook |
Logic flaw |
Meta / Facebook |
Bishal Shrestha (@bishal0x01) |
Bug Bounty | 2020-09-15 | 2023-06-13 |
| 3141 | suPHP - The vulnerable ghost in your shell🎯Business Logic Flaw in Google Acquisition! (Hall Of Fame)🎯 |
Logic flaw |
Google |
Ritesh Gohil (@RiteshG37659480) |
Bug Bounty | 2020-09-21 | 2023-06-13 |
| 3133 | Hacking the Medium partner program |
Logic flaw |
Medium |
Mohammad-Ali Bandzar |
Bug Bounty | 2020-09-26 | 2023-06-13 |
| 3064 | Abusing %27Report Abuse%27 |
Logic flaw
Authorization flaw |
NA |
Aseem Shrey (@AseemShrey) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
| 3058 | Reveal the page admin that uploaded a video on the page in comment section |
Information disclosure
Logic flaw |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2020-11-02 | 2023-06-13 |
| 3055 | Delete Any Photos In Facebook |
Authorization flaw
Logic flaw |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2020-11-04 | 2023-06-13 |
| 3033 | Replying Comments On Someone’s LiveStream From Page is Posted as Personal Identity |
Logic flaw |
Meta / Facebook |
Prakash Panta (@Prakashpanta268) |
Bug Bounty | 2020-11-13 | 2023-06-13 |
| 3023 | Stealing User’s PII info by visiting API endpoint directly |
Information disclosure
Logic flaw |
NA |
Kunal pandey (@kunalp94) |
Bug Bounty | 2020-11-16 | 2023-06-13 |
| 2974 | Hiding from a custom list is possible on who sees our post is possible making victim not remove them from the list. |
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2020-12-11 | 2023-06-13 |
| 2967 | Disclosing the members of private Facebook Group as a non-member. |
Authorization flaw
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2020-12-15 | 2023-06-13 |
| 2955 | Facebook bug Bounty -Finding the hidden members of the private events. |
Information disclosure
Logic flaw |
Meta / Facebook |
Vivek ps (@vivekps143) |
Bug Bounty | 2020-12-20 | 2023-06-13 |
| 2954 | This is how I was able to view anyone’s private email and birthday on Instagram |
Information disclosure
Logic flaw |
Meta / Facebook |
Saugat Pokharel (@saugatpk5) |
Bug Bounty | 2020-12-20 | 2023-06-13 |
| 2949 | Hiding from custom story privacy list is possible in FBlite making the victim unable to remove you from the list. |
Logic flaw |
Meta / Facebook |
Baibhav Anand (@SpongeBhav) |
Bug Bounty | 2020-12-24 | 2023-06-13 |
| 2938 | Event Creator Is Not Able To Block The Attacker During Event Livestream |
Logic flaw |
Meta / Facebook |
Prakash Panta (@prakashpanta268) |
Bug Bounty | 2020-12-30 | 2023-06-13 |
| 2937 | Group Admin Can’t Able To Moderate Comments When Posted Through Page : Facebook Bug Bounty 2020 |
Logic flaw |
Meta / Facebook |
Prakash Panta (@prakashpanta268) |
Bug Bounty | 2020-12-30 | 2023-06-13 |
| 2934 | Facebook bug bounty (500 USD) : A blocked fundraiser organizer would be unable to view or remove themselves from the fundraiser. |
DoS
Logic flaw |
Meta / Facebook |
Vivek ps (@vivekps143) |
Bug Bounty | 2020-12-31 | 2023-06-13 |
| 2928 | Exploiting Max. Character Limitation |
Logic flaw
DoS |
NA |
Sunil Yedla (@sunilyedla2) |
Bug Bounty | 2021-01-05 | 2023-06-13 |
| 2919 | Github Organization Takeover By Claiming Owner Invitation |
Account takeover
Logic flaw |
GitHub |
Abss (@absshax) |
Bug Bounty | 2021-01-07 | 2023-06-13 |
