| 3309 | Self stored xss to full account takeover |
XSS
Account takeover |
NA |
Jatin Aesthetic (@techyfreakk) |
Bug Bounty | 2020-07-12 | 2023-06-13 |
| 3308 | How An API Misconfiguration Can Lead To Your Internal Company Data |
Information disclosure |
NA |
Me9187 (@Me9187) |
Bug Bounty | 2020-07-12 | 2023-06-13 |
| 3307 | SSRF in import file function |
SSRF |
NA |
Rafael Silva |
Bug Bounty | 2020-07-14 | 2023-06-13 |
| 3306 | Exploiting Imported Libraries to Bypass WAF |
Reflected XSS |
NA |
Greg Gibson |
Bug Bounty | 2020-07-14 | 2023-06-13 |
| 3305 | Hunting postMessage Vulnerabilities |
postMessage
DOM XSS |
Apple
Google (Youtube)
Adobe |
Gary O%27Leary-Steele (@garyoleary) |
Bug Bounty | 2020-07-14 | 2023-06-13 |
| 3304 | Admin ,Editor can disclose personnel email of other editor, admin on page(who created shop) |
Information disclosure |
Meta / Facebook |
The 3 Day Account Takeover |
Bug Bounty | 2020-07-16 | 2023-06-13 |
| 3303 | The 3 Day Account Takeover |
Logic flaw
Password reset
Account takeover
Bruteforce
Lack of rate limiting |
NA |
Mr. Beast (@__mr_beast__) |
Bug Bounty | 2020-07-17 | 2023-06-13 |
| 3302 | I am able to see user’s sensitive data through JSON file. |
Information disclosure
Authorization flaw |
NA |
Saurabh siddharam sanmane (@saurabhsanmane2) |
Bug Bounty | 2020-07-17 | 2023-06-13 |
| 3301 | The Story of My first 4 digit bounty from Facebook |
Logic flaw
Information disclosure |
Meta / Facebook |
Sudip Shah |
Bug Bounty | 2020-07-17 | 2023-06-13 |
| 3300 | How I lost my followers on Medium |
GraphQL
Authorization flaw |
Medium |
Florian (@fh4ntke) |
Bug Bounty | 2020-07-17 | 2023-06-13 |
| 3299 | Idor in google product |
IDOR |
Google |
Baluz (@t3chman) |
Bug Bounty | 2020-07-17 | 2023-06-13 |
| 3298 | Android pin bypass with rate limiting |
Lack of rate limiting
Authentication bypass |
NA |
Baluz (@t3chman) |
Bug Bounty | 2020-07-18 | 2023-06-13 |
| 3297 | Creative Android pin bypass with Race conditon |
Race condition
Authentication bypass |
NA |
Baluz (@t3chman) |
Bug Bounty | 2020-07-18 | 2023-06-13 |
| 3296 | Unique Case for Price Manipulation | BugBounty | VAPT |
Payment tampering |
NA |
Harshit Sengar (@sengarharshit1) |
Bug Bounty | 2020-07-18 | 2023-06-13 |
| 3295 | How I landed on my first bounty : No SPF / DMARC Record Found leading to Social Engineering Attack |
No valid SPF records
No DMARC records |
Lululemon |
Fardeen Ahmed |
Bug Bounty | 2020-07-18 | 2023-06-13 |
| 3294 | bypass user-restriction registration |
Logic flaw
Payment tampering |
NA |
Mohamed Ayad |
Bug Bounty | 2020-07-18 | 2023-06-13 |
| 3293 | Chaining rate limiting for account lockout |
Lack of rate limiting |
NA |
Sandip Oli |
Bug Bounty | 2020-07-19 | 2023-06-13 |
| 3292 | DOS over wep application |
DoS |
NA |
Mohamed Ayad |
Bug Bounty | 2020-07-19 | 2023-06-13 |
| 3291 | The $1,000 worth cookie |
XSS |
Mail.ru |
Jadek Mark (@mase289) |
Bug Bounty | 2020-07-19 | 2023-06-13 |
| 3290 | Denial of Service(DoS) By Regex |
DoS |
NA |
Ashik B |
Bug Bounty | 2020-07-20 | 2023-06-13 |
| 3289 | Increasing reward points N number of time |
Logic flaw |
NA |
Saddam Hussain (@wisdomfreak1) |
Bug Bounty | 2020-07-21 | 2023-06-13 |
| 3288 | Hack Till Your Last Breath |
IDOR |
NA |
mechboy / _m.u.h.e_ (@Muhe76355002) |
Bug Bounty | 2020-07-21 | 2023-06-13 |
| 3286 | HTTP Parameter Pollution - It’s Contaminated |
HTTP parameter pollution |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-07-24 | 2023-06-13 |
| 3285 | Hunting Android Application Bugs Using Android Studio. |
Authorization flaw
Client-side enforcement of server-side security
Information disclosure |
NA |
Tarek Mohammed (@Conan0x3) |
Bug Bounty | 2020-07-24 | 2023-06-13 |
| 3284 | A $5000 Account Takeover |
Account takeover
Password reset |
NA |
neelam |
Bug Bounty | 2020-07-25 | 2023-06-13 |
