1647 | How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty |
SQL injection |
NA |
Vishal Saini (@k4k4r07) |
Bug Bounty | 2022-04-08 | 2023-06-13 |
1645 | Securing Easy Appointments and earning CVE-2022-0482 |
Broken Access Control |
Easy!Appointments |
Francesco Carlucci (@francecarlucci) |
Bug Bounty | 2022-04-09 | 2023-06-13 |
1642 | The #100DaysOfHacking Challenge : A Game Changer for Me |
IDOR |
NA |
Najam Ul Saqib (@NjmUlSqb) |
Bug Bounty | 2022-04-10 | 2023-06-13 |
1640 | SVG SSRFs and saga of bypasses |
SSRF
HTML injection |
NA |
Preetham Bomma (@cyber01_) |
Bug Bounty | 2022-04-11 | 2023-06-13 |
1636 | XSS - The LocalStorage Robbery |
XSS |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-04-12 | 2023-06-13 |
1635 | CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed) |
Local Privilege Escalation |
Microsoft |
Jacob Baines (@Junior_Baines) |
Bug Bounty | 2022-04-12 | 2023-06-13 |
1633 | CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client |
Local Privilege Escalation |
AWS |
Rhino Security Labs (@RhinoSecurity) |
Bug Bounty | 2022-04-12 | 2023-06-13 |
1628 | MY First Bug In Hackerone |
Information disclosure |
NA |
anjaneyulu kanakatla |
Bug Bounty | 2022-04-14 | 2023-06-13 |
1627 | Bypass Rate Limit — A blank space leads to this random encounter! |
Password reset
Rate limiting bypass |
NA |
Roxst4r (@mveswar98) |
Bug Bounty | 2022-04-14 | 2023-06-13 |
1622 | CVE-2022-26133 - Bitbucket Data Center - Java Deserialization Vulnerability |
Insecure deserialization |
Atlassian |
Benny Jacob (@bennyyjacob) |
Bug Bounty | 2022-04-14 | 2023-06-13 |
1621 | Prototype Pollution in fast-xml-parser |
Prototype pollution |
NA |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2022-04-14 | 2023-06-13 |
1620 | Crazy Simple Insecure Design & 300$ Bounty! |
IP grabbing |
NA |
Saransh Saraf (@mr23r0) |
Bug Bounty | 2022-04-15 | 2023-06-13 |
1615 | Full Account Takeover via Open Redirection |
Open redirect
Token leak
Account takeover
OAuth |
NA |
vFlexo (@vflexo) |
Bug Bounty | 2022-04-17 | 2023-06-13 |
1612 | Palisade identifies Wormable Cross-Site Scripting Vulnerability affecting Rarible’s NFT Marketplace |
XSS |
Rarible |
Palissade (@PalisadeLLC) |
Bug Bounty | 2022-04-18 | 2023-06-13 |
1611 | Adobe Acrobat hollowing out same-origin policy |
XSS
SOP bypass
Open redirect
postMessage |
Adobe |
Wladimir Palant (@WPalant) |
Bug Bounty | 2022-04-19 | 2023-06-13 |
1609 | CVE-2022-21449: Psychic Signatures in Java |
Signature bypass
Cryptographic issues |
Oracle |
Neil Madden (@neilmaddog) |
Bug Bounty | 2022-04-19 | 2023-06-13 |
1608 | Exploiting a File Upload Vulnerability — A Directory Traversal Attack |
Unrestricted file upload
Path traversal |
NA |
Kwadwo Amoako |
Bug Bounty | 2022-04-20 | 2023-06-13 |
1607 | Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account |
Information disclosure
Privilege escalation |
Microsoft |
Joosua Santasalo (@SantasaloJoosua) |
Bug Bounty | 2022-04-21 | 2023-06-13 |
1605 | Smashing the Modern Web Tech Stack — Part 1: The Evolving Threat Landscape in 2022 and DOM-based XSS in Cloud-Native React Apps. |
Open redirect
XSS |
NA |
MalwareJoe |
Bug Bounty | 2022-04-21 | 2023-06-13 |
1604 | Security issues with cloudflare/odoh-server-go and the ODoH RFC draft |
SSRF |
Cloudflare |
Frans Rosén (@fransrosen) |
Bug Bounty | 2022-04-21 | 2023-06-13 |
1603 | Adventures Into The MeowCorp Bug Bounty Program |
Information disclosure
Weak credentials
SSRF
.git folder disclosure
RCE |
NA |
Nirmal Thapa (@tnirmalz) |
Bug Bounty | 2022-04-21 | 2023-06-13 |
1602 | How I Bypassed 2FA while Resetting Password |
MFA bypass
Password reset |
NA |
Sufiyan Gouri (@gouri_sufyan) |
Bug Bounty | 2022-04-23 | 2023-06-13 |
1600 | EJS, Server side template injection RCE (CVE-2022-29078) - writeup |
SSTI
RCE |
ejs
NetApp |
Eslam Salem (@net_code) |
Bug Bounty | 2022-04-23 | 2023-06-13 |
1598 | Fuzzing and credentials leakage..awesome bug hunting writeup |
Hardcoded credentials
Information disclosure |
NA |
Abdalrahman Alshammas |
Bug Bounty | 2022-04-25 | 2023-06-13 |
1594 | Bypassing WAF for $2222 |
WAF bypass
Path traversal |
NA |
Divyansh Sharma |
Bug Bounty | 2022-04-27 | 2023-06-13 |