| 3335 | Why I paid 3.5K to become a TLD registrar reseller when doing bug bounty |
XXE |
NA |
hg_real (@hgreal1) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3334 | From Host Header injection to SQL injection |
Host header injection
SQL injection |
NA |
Daoud Youssef / smacker dodi (@daoud_youssef) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3333 | Taking Over Files in a chat —IDOR in Microsoft Teams |
IDOR |
Microsoft |
Aly Anwar (@alyanwarr) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3332 | Case Study I - Browser Anomaly with Facebook Apps -1500$ |
Authorization flaw |
Meta / Facebook |
easySIEM (@easySIEM) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3331 | RCE via image upload functionality |
Unrestricted file upload
RCE |
NA |
Adwaith KS |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3330 | My First Bug: Blind SSRF Through Profile Picture Upload |
SSRF |
NA |
swaysthinking (@swaysThinking) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3329 | Make Featured Product in any video |
IDOR |
Meta / Facebook |
abdellah yaala (@yaalaab) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3328 | Issue 1040755: Security: Another "universal" XSS via copy&paste |
Universal XSS
Browser hacking |
Google (Chromium) |
Michał Bentkowski (@SecurityMB) |
Bug Bounty | 2020-07-06 | 2023-06-13 |
| 3327 | How i was able to bypass Email Confirm — P4 |
Information disclosure |
NA |
Mohammed Ehssan (@alone_Wwolf) |
Bug Bounty | 2020-07-06 | 2023-06-13 |
| 3326 | From . in regex to SSRF — part 3 |
SSRF
CRLF injection |
NA |
Niemiec Marcin (@xvnpw) |
Bug Bounty | 2020-07-07 | 2023-06-13 |
| 3325 | Free blockchain storage – Tale of a bug in Substrate’s FRAME runtime |
Blockchain |
Parity Technologies |
Mudit Gupta (@Mudit__Gupta) |
Bug Bounty | 2020-07-07 | 2023-06-13 |
| 3324 | XSS in Zoom.us Signup Flow |
XSS |
Zoom |
Eduardo Vela (@sirdarckcat) |
Bug Bounty | 2020-07-07 | 2023-06-13 |
| 3323 | How I found 10 Remote Code Execution in 10 minutes CVE-2020–5902 |
RCE |
NA |
Saransh Srivastav (@malfuncti0n_) |
Bug Bounty | 2020-07-07 | 2023-06-13 |
| 3322 | Journey from low to critical bug $$$ |
IDOR |
NA |
Dheeraj Madhukar (@Dheerajmadhukar) |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3321 | From N/A to Resolved For BackBlaze Android App[Hackerone Platform] Bucket Takeover |
Hardcoded credentials
Information disclosure |
BackBlaze |
Sahil Tikoo (@viperbluff) |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3320 | Global grant uri in Android 8.0-9.0 (2018 year) |
Authorization flaw |
Google |
Dzmitry Lukyanenka (@vulnano) |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3319 | Exploiting Application Logic to Referral Code Disclosure |
Logic flaw
Information disclosure |
NA |
Vaibhav Joshi (@vj0shii) |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3318 | Remote Denial-of-Service with Chrome |
DoS |
Google |
Dan Lyton |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3316 | Tenda AC15 AC1900 Vulnerabilities Discovered and Exploited |
CSRF
XSS
Hardcoded credentials
RCE |
Tenda |
Sanjana Sarda |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3315 | Don’t stop at one bug $$$$ |
Open redirect
XSS
LFI |
NA |
Dheeraj Madhukar (@Dheerajmadhukar) |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3314 | Phone number validation bypass through url path manipulation . |
OTP bypass |
NA |
ben aymen (@ben_aymen_182) |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3313 | A tale of critical account take over |
Account takeover
Exposed JWT generation endpoint
JWT |
NA |
Shivam Pandey (@shivam31200) |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3312 | How I hacked into a Telecom Network |
RCE
Security misconfiguration
JBoss |
NA |
Harpreet Singh |
Bug Bounty | 2020-07-11 | 2023-06-13 |
| 3311 | How I was able to change victim’s password using IDN Homograph Attack |
IDN homograph attack |
NA |
Abhishek Karle (@AbhishekKarle3) |
Bug Bounty | 2020-07-11 | 2023-06-13 |
| 3310 | Bug Bounty Experience: Unvalidated Redirection Vulnerability |
Open redirect |
NA |
Simply Secure |
Bug Bounty | 2020-07-12 | 2023-06-13 |
