| 3443 | My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft |
SSRF |
Lyft |
Ben Sadeghipour (@nahamsec) |
Bug Bounty | 2020-05-29 | 2023-06-13 |
| 3442 | Analysis and Discovery of CVE-2020-13693 |
Privilege escalation
Security code review |
BBPress |
Raphael Karger (@pwnszn) |
Bug Bounty | 2020-05-29 | 2023-06-13 |
| 3441 | Weak Cryptography Leads To Open Redirect |
Open redirect |
NA |
DarkLotus (@darklotuskdb) |
Bug Bounty | 2020-05-30 | 2023-06-13 |
| 3440 | Microsoft%27s first bug |
Memory corruption
File format vulnerability |
Microsoft |
Lê Hữu Quang Linh (@linhlhq) |
Bug Bounty | 2020-05-30 | 2023-06-13 |
| 3439 | Zero-day in Sign in with Apple |
Account takeover |
Apple |
Bhavuk Jain (@bhavukjain1) |
Bug Bounty | 2020-05-30 | 2023-06-13 |
| 3438 | Cross-site scripting: The power of the hidden parameters. |
Reflected XSS |
Sony |
Kassih Mouhssine (@KassihMouhssine) |
Bug Bounty | 2020-05-30 | 2023-06-13 |
| 3437 | The story of My First $xxx Bug Bounty From Facebook |
Logic flaw
Information disclosure |
Meta / Facebook |
Sudip Shah |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3436 | Weird “Subdomain Take Over” pattern of Amazon S3 |
Subdomain takeover |
NA |
Simgamsetti Manikanta (@zaheckmania) |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3435 | Hunting on ASPX Application For P1%27s [Unauthenticated SOAP,RCE, Info Disclosure] |
RCE
Information disclosure
IDOR |
NA |
ElMahdi Mrhassel (@ElMrhassel) |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3434 | h1{Error based XXE - bug bounty writeup} |
XXE |
NA |
f4d3 (@f4d3_cl) |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3433 | How I made $31500 by submitting a bug to Facebook |
SSRF |
Meta / Facebook |
Bipin Jitiya (@win3zz) |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3432 | How I leveraged an interesting CSRF vulnerability to turn self XSS into a persistent attack? |
Self-XSS
CSRF |
NA |
Akash Methani (@0xAkash) |
Bug Bounty | 2020-06-01 | 2023-06-13 |
| 3431 | Information disclosure and reflected XSS on Tokopedia |
Reflected XSS
Information disclosure |
Tokopedia |
wis4nggeni |
Bug Bounty | 2020-06-01 | 2023-06-13 |
| 3430 | When it’s not only about a Kubernetes CVE… |
SSRF |
Microsoft |
Reever Zax (@ReeverZax) |
Bug Bounty | 2020-06-02 | 2023-06-13 |
| 3429 | Double URL-encoded XSS |
Reflected XSS |
NA |
vict0ni (@vict0ni) |
Bug Bounty | 2020-06-02 | 2023-06-13 |
| 3428 | The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers |
XSS |
Google
Mozilla |
Michał Bentkowski (@SecurityMB) |
Bug Bounty | 2020-06-02 | 2023-06-13 |
| 3427 | IP-in-IP protocol routes arbitrary traffic by default |
DoS
Spoofing |
Internet Bug Bounty |
yannayl (@Yannayli) |
Bug Bounty | 2020-06-02 | 2023-06-13 |
| 3426 | From CRLF to Account Takeover |
CRLF injection
HTTP response splitting
Reflected XSS
Account takeover |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2020-06-03 | 2023-06-13 |
| 3425 | How I got my first big bounty payout with Tesla |
Information disclosure |
Tesla |
CJ Fairhead (@xyantix) |
Bug Bounty | 2020-06-04 | 2023-06-13 |
| 3424 | Privilege Escalation in Google Cloud Platform%27s OS Login |
Privilege escalation |
Google |
Chris Moberly (@init_string) |
Bug Bounty | 2020-06-04 | 2023-06-13 |
| 3423 | Another image removal vulnerability on Facebook |
IDOR |
Meta / Facebook |
Pouya Darabi (@Pouyadarabi) |
Bug Bounty | 2020-06-04 | 2023-06-13 |
| 3422 | Three Privilege Escalation Bugs in Google Cloud Platform’s OS Login |
Local Privilege Escalation
Cloud |
Google |
initstring (@init_string) |
Bug Bounty | 2020-06-04 | 2023-06-13 |
| 3421 | [IDOR] Delete saved credit cards from any Business Manager Account — Facebook Bug Bounty |
IDOR |
Meta / Facebook |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3420 | Story of Blind SQL with a typo error. |
SQL injection |
NA |
Amyrahm (@Amyrahm11) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3419 | Local file read via XSS using PDF generate functionality |
XSS
LFI |
NA |
Sanjay Singh Jhala (@lordjerry0x01) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
