| 3389 | Reflected User Input == XSS! |
Reflected XSS |
NA |
Silent Bronco (@silentbronco) |
Bug Bounty | 2020-06-15 | 2023-06-13 |
| 3388 | SMTP Injection in Gsuite |
SMTP injection |
Google |
Zohar Shachar |
Bug Bounty | 2020-06-15 | 2023-06-13 |
| 3387 | All *.intercom.help subdomains vulnerable to Subdomain Takeover from intercom Service |
Subdomain takeover |
Intercom |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2020-06-16 | 2023-06-13 |
| 3386 | How I was able to buy t-shirt for €1 — Payment Price Manipulation |
Payment tampering |
NA |
Muztahidul Tanim (@TheMuztahidul) |
Bug Bounty | 2020-06-16 | 2023-06-13 |
| 3385 | How I managed to Escalate privilege as admin |
Lack of rate limiting
Bruteforce
Weak credentials |
NA |
Abisheik Magesh (@AbisheikMagesh) |
Bug Bounty | 2020-06-16 | 2023-06-13 |
| 3384 | How I made more than $30K with Jolokia CVEs |
Reflected XSS
RCE
Information disclosure |
NA |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2020-06-16 | 2023-06-13 |
| 3382 | A subtle stored-XSS in WordPress core |
Stored XSS
RCE |
WordPress |
Sam Thomas (@_s_n_t) |
Bug Bounty | 2020-06-17 | 2023-06-13 |
| 3381 | Hackerone Bug Bounty Report: Hinge |
Information disclosure |
Hinge |
Tyle Butler (@tbutler0x90) |
Bug Bounty | 2020-06-18 | 2023-06-13 |
| 3380 | Replying on LiveStream leading to Page Admin Disclosure: Facebook Bug Bounty |
Information disclosure |
Meta / Facebook |
Saugat Pokharel (@saugatpk5) |
Bug Bounty | 2020-06-18 | 2023-06-13 |
| 3379 | One Token to leak them all : The story of a $8000 NPM_TOKEN |
Information disclosure |
Google |
Aseem Shrey (@AseemShrey) |
Bug Bounty | 2020-06-19 | 2023-06-13 |
| 3378 | From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration |
Information disclosure
MFA bypass |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-06-19 | 2023-06-13 |
| 3377 | Hacking Starbucks and Accessing Nearly 100 Million Customer Records |
Path traversal |
Starbucks |
Sam Curry (@samwcyo) |
Bug Bounty | 2020-06-20 | 2023-06-13 |
| 3376 | How did i find information Disclosure on Facebook-Writeup |
Information disclosure |
Meta / Facebook |
Alaa Abdulridha (@Madrid89001310) |
Bug Bounty | 2020-06-20 | 2023-06-13 |
| 3375 | Bypass 2FA like a Boss |
Lack of rate limiting
Bruteforce |
NA |
Seqrity (@seQrity) |
Bug Bounty | 2020-06-20 | 2023-06-13 |
| 3374 | Simple story of some complicated XSS on Facebook |
Reflected XSS |
Meta / Facebook |
Bipin Jitiya (@win3zz) |
Bug Bounty | 2020-06-21 | 2023-06-13 |
| 3373 | It took me only 5 minutes to find an RCE on Bentley |
RCE
Weak credentials |
Bentley |
Divyansh Sharma |
Bug Bounty | 2020-06-21 | 2023-06-13 |
| 3372 | How i was able to chain bugs and gain access to internal okta instance |
Missing authentication |
NA |
Mmohammed Eldeeb (@malcolmx0x) |
Bug Bounty | 2020-06-22 | 2023-06-13 |
| 3371 | API Token Hijacking Through Clickjacking |
Clickjacking |
NA |
DarkLotus (@darklotuskdb) |
Bug Bounty | 2020-06-22 | 2023-06-13 |
| 3370 | Leveraging an SSRF to leak a secret API key |
SSRF |
NA |
Julien Cretel (@jub0bs) |
Bug Bounty | 2020-06-22 | 2023-06-13 |
| 3369 | A tale of my first ever full SSRF bug |
SSRF |
NA |
Jadek Mark (@mase289) |
Bug Bounty | 2020-06-22 | 2023-06-13 |
| 3368 | Exploiting Bitdefender Antivirus: RCE from any website |
RCE
Information disclosure |
Bitdefender |
Wladimir Palant (@WPalant) |
Bug Bounty | 2020-06-22 | 2023-06-13 |
| 3367 | All About Getting First Bounty with IDOR |
IDOR |
NA |
Mukul Trivedi (@M0hn1sh) |
Bug Bounty | 2020-06-23 | 2023-06-13 |
| 3366 | Bug Bounty in Lockdown (SQLi and Business Logic) |
SQL injection
Logic flaw |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2020-06-24 | 2023-06-13 |
| 3365 | Create hidden comment by blocking an Admin: Facebook Bug Bounty 2020 |
Logic flaw |
Meta / Facebook |
Saugat Pokharel (@saugatpk5) |
Bug Bounty | 2020-06-25 | 2023-06-13 |
| 3364 | How i hacked worldwide ZOOM users |
OAuth
Account takeover |
Zoom |
s3c (@s3c_krd) |
Bug Bounty | 2020-06-27 | 2023-06-13 |
