1912 | Write Up – Private Bug Bounty: Firebase Database Exposed By Misconfiguration – $2,000 USD |
Android
Insecure Firebase database |
NA |
Omar Espino (@omespino) |
Bug Bounty | 2022-01-17 | 2023-06-13 |
1911 | Stealing administrative JWT%27s through post auth SSRF (CVE-2021-22056) |
SSRF
CSRF |
VMware |
Shubham Shah (@infosec_au) |
Bug Bounty | 2022-01-17 | 2023-06-13 |
1909 | Zooming in on Zero-click Exploits |
Memory corruption |
Zoom |
Natalie Silvanovich (@natashenka) |
Bug Bounty | 2022-01-18 | 2023-06-13 |
1908 | CVE-2022-21661: Exposing Database Info Via Wordpress SQL Injection |
SQL injection |
WordPress |
ngocnb |
Bug Bounty | 2022-01-18 | 2023-06-13 |
1907 | Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1 |
Insecure deserialization
Cryptographic issues |
Swiss Post |
Ruben Santamarta (@reversemode) |
Bug Bounty | 2022-01-18 | 2023-06-13 |
1905 | How I messed up my own profile data |
Authorization flaw |
NA |
Himmat Singh |
Bug Bounty | 2022-01-20 | 2023-06-13 |
1903 | Hashing the Favicon.ico |
Information disclosure |
NA |
Ski Mask (@Ski_Mask0) |
Bug Bounty | 2022-01-21 | 2023-06-13 |
1902 | Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s meeting. |
Insecure deeplink
Android |
NA |
Quel (@RootIntrud3r) |
Bug Bounty | 2022-01-21 | 2023-06-13 |
1901 | 120 Days of Frequent Hacking |
SSRF
LFI
Information disclosure
XSS
SQL injection |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2022-01-21 | 2023-06-13 |
1900 | How I was able to find multiple vulnerabilities of a Symfony Web Framework web application |
Debug mode enabled
Information disclosure |
NA |
Abid Ahmad (@RootIntrud3r) |
Bug Bounty | 2022-01-23 | 2023-06-13 |
1899 | Path Traversal Paradise |
Path traversal
LFI |
NA |
Kuldeep Pandya (@kuldeepdotexe) |
Bug Bounty | 2022-01-23 | 2023-06-13 |
1896 | CVE-2021-44790: Code Execution On Apache Via An Integer Underflow |
Memory corruption |
Apache |
Chamal |
Bug Bounty | 2022-01-25 | 2023-06-13 |
1894 | How I was able to take over accounts in websites deal with Github as an SSO provider |
Bruteforce
Lack of rate limiting
SSO
Email verification bypass
Account takeover |
NA |
Khaled Mohamed |
Bug Bounty | 2022-01-25 | 2023-06-13 |
1893 | HOW I hacked thousand of subdomains |
Subdomain takeover |
NA |
MoSec (@moe1n1) |
Bug Bounty | 2022-01-25 | 2023-06-13 |
1890 | CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google%27s KCTF Containers |
Container escape
Kubernetes bug |
Google |
Crusaders of Rust (@cor_ctf) |
Bug Bounty | 2022-01-25 | 2023-06-13 |
1888 | Auth Bypass in ADOdb CVE-2021-3850 |
Authentication bypass |
NA |
Emmet Leah |
Bug Bounty | 2022-01-26 | 2023-06-13 |
1887 | Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP) |
MacOS
SIP bypass |
Apple |
Perception Point |
Bug Bounty | 2022-01-27 | 2023-06-13 |
1886 | CVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability |
URL validation bypass |
Microsoft |
Reegun Jayapaul (@reegun21) |
Bug Bounty | 2022-01-27 | 2023-06-13 |
1885 | Stealing administrative JWT%27s through post auth SSRF (CVE-2021-22056) |
Windows Driver hacking
Kernel DoS |
VMware |
Christopher (@Kharosx0) |
Bug Bounty | 2022-01-27 | 2023-06-13 |
1884 | The Story of an RCE on a Java Web Application |
Insecure deserialization |
NA |
LIL NIX (@Lil__Nix) |
Bug Bounty | 2022-01-27 | 2023-06-13 |
1882 | The Story of a RCE on a Java Web Application |
RCE
Insecure deserialization |
NA |
LIL NIX (@Lil__Nix) |
Bug Bounty | 2022-01-28 | 2023-06-13 |
1880 | Multiple HTTP Redirects to Bypass SSRF Protections |
SSRF |
NA |
ne555 |
Bug Bounty | 2022-01-29 | 2023-06-13 |
1879 | Paytm-Broken Link Hijacking |
Broken link hijacking |
Paytm |
Lohith Gowda M (@lohigowda_in) |
Bug Bounty | 2022-01-29 | 2023-06-13 |
1878 | How I Made $16,500 Hacking CDN Caching Servers — Part 1 |
Web cache poisoning
Stored XSS
Web cache deception |
NA |
Kevin (@bxmbn) |
Bug Bounty | 2022-01-29 | 2023-06-13 |
1876 | 2fa Bypass by changing Request method |
MFA bypass |
NA |
Arth Bajpai (@arth_bajpai) |
Bug Bounty | 2022-01-30 | 2023-06-13 |