2000 | Zero Click To Account Takeover |
Account takeover
Password reset |
NA |
M7.Arman (@ArmanSecurity) |
Bug Bounty | 2021-12-14 | 2023-06-13 |
1999 | How I Bypassed Incapsula WAF By Imperva |
SQL injection |
NA |
Dawood Ikhlaq |
Bug Bounty | 2021-12-14 | 2023-06-13 |
1996 | How I found the Authentication Bypass bug and Earn $$$$ |
Session expiration issue |
NA |
Thedarkwayg (@shadow_CLAY) |
Bug Bounty | 2021-12-15 | 2023-06-13 |
1994 | GHSL-2021-1053: Path traversal in Grafana REST API - CVE-2021-43813, CVE-2021-43815 |
Path traversal |
Grafana Labs |
Alvaro Muñoz (@pwntester) |
Bug Bounty | 2021-12-15 | 2023-06-13 |
1992 | Exploitation Of CVE-2021-21220 – From Incorrect JIT Behavior To RCE |
Browser hacking
Memory corruption
RCE |
Google
Microsoft |
Bruno Keith (@bkth_) |
Bug Bounty | 2021-12-16 | 2023-06-13 |
1991 | Hacked Google-Meet…??! |
Authorization flaw |
Google |
7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) |
Bug Bounty | 2021-12-18 | 2023-06-13 |
1988 | Stored XSS by bypassing signature |
XSS
Unrestricted file upload |
NA |
Abdulrahman Makki (@AMakki1337) |
Bug Bounty | 2021-12-20 | 2023-06-13 |
1985 | Blackbox Cookie Testing — How I Cracked The Admin’s Cookie |
Authentication bypass |
NA |
Saeed Balquizi |
Bug Bounty | 2021-12-20 | 2023-06-13 |
1984 | Bring Your Own SSRF – The Gateway Actuator |
SSRF
DoS |
NA |
Wyatt Dahlenburg (@wdahlenb) |
Bug Bounty | 2021-12-20 | 2023-06-13 |
1983 | How I earned $$$ by bypassing 2FA |
MFA bypass
Forced browsing |
NA |
Mohamed Taha (@Mohamed12742780) |
Bug Bounty | 2021-12-21 | 2023-06-13 |
1982 | SSD Advisory – Rocket.Chat Client-side Remote Code Execution |
RCE
MacOS |
Rocket.Chat |
- |
Bug Bounty | 2021-12-21 | 2023-06-13 |
1981 | How I found (P2) Broken Authentication with Zero Skill of Hacking |
Authentication bypass
Account takeover |
NA |
yoshi m lutfi (@yoshiahmadlutfi) |
Bug Bounty | 2021-12-21 | 2023-06-13 |
1978 | How I was able to bypass WAF and find the origin IP and a few sensitive files |
WAF bypass |
NA |
Jan Muhammad Zaidi (@hasanakajan) |
Bug Bounty | 2021-12-22 | 2023-06-13 |
1974 | Information Disclosure leads to sensitive credential($$$) |
Information disclosure |
NA |
khan mamun (@mamunwhh) |
Bug Bounty | 2021-12-25 | 2023-06-13 |
1973 | Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)😲 |
Authentication bypass
IDOR
Lack of rate limiting |
NA |
Anurag__Verma |
Bug Bounty | 2021-12-25 | 2023-06-13 |
1969 | XSS via file upload |
XSS
Unrestricted file upload |
NA |
Jay Sharma |
Bug Bounty | 2021-12-27 | 2023-06-13 |
1968 | Bi/ug Bounties and HyperV RCE Research |
RCE |
Microsoft Hyper-V |
Peter Hlavaty (@rezer0dai) |
Bug Bounty | 2021-12-27 | 2023-06-13 |
1967 | Common Nginx Misconfiguration leads to Path Traversal |
Path traversal |
NA |
MikeChan |
Bug Bounty | 2021-12-28 | 2023-06-13 |
1963 | Story of a weird CSRF bug |
CSRF |
NA |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2021-12-29 | 2023-06-13 |
1958 | Bypassing Identity-Aware Proxy - Google Cloud Vulnerability |
Authorization flaw
Token leak
OAuth |
Google |
SebLu |
Bug Bounty | 2021-12-30 | 2023-06-13 |
1955 | Bug Hunting Journey of 2021 |
Stored XSS
Open redirect
Token leak
CSRF
Logic flaw
Information disclosure
IDOR
Account takeover |
NA |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2021-12-31 | 2023-06-13 |
1953 | One Click To Account Takeover |
Mass assignment |
NA |
M7.Arman (@ArmanSecurity) |
Bug Bounty | 2022-01-01 | 2023-06-13 |
1952 | Abusing Business Logic of an Application to create backdoor in a form APP |
Logic flaw |
NA |
Snap Sec (@snap_sec) |
Bug Bounty | 2022-01-01 | 2023-06-13 |
1951 | A tale of zero click account takeover |
Account takeover
IDOR |
NA |
Veshraj Ghimire (@GhimireVeshraj) |
Bug Bounty | 2022-01-01 | 2023-06-13 |
1949 | The Story Of How I Bypass SSO Login |
Authentication bypass |
NA |
zer0d |
Bug Bounty | 2022-01-02 | 2023-06-13 |