1390 | Account Takeover via Response Manipulation |
Authentication bypass
Account takeover
MFA bypass
HTTP response manipulation |
NA |
BUG HUNTER |
Bug Bounty | 2022-07-08 | 2023-06-13 |
1386 | An interesting idor that allowed me to See all projects ($$$$ Bounty) |
IDOR |
NA |
Abdelkader Mouaz (@hamzadzworm) |
Bug Bounty | 2022-07-09 | 2023-06-13 |
1385 | Exploiting SQL Injection at Authorization token |
SQL injection
Account takeover |
NA |
Basudev |
Bug Bounty | 2022-07-09 | 2023-06-13 |
1384 | How I earned 200$ in Bug Bounty Program |
Information disclosure |
NA |
Idan Malihi |
Bug Bounty | 2022-07-09 | 2023-06-13 |
1381 | How we have pwned Root-Me in 2022 |
XSS
CSRF
RCE |
SPIP |
SpawnZii (@SpawnZii) |
Bug Bounty | 2022-07-12 | 2023-06-13 |
1379 | How a Simple IDOR Led Me to Delete Any Account |
IDOR
CSRF |
NA |
rajesh.r (@_rajesh_ranjan_) |
Bug Bounty | 2022-07-12 | 2023-06-13 |
1378 | Write Up 1: Hellosign Integration [Full Read SSRF] |
SSRF |
NA |
Soufiane Habti (@wld_basha) |
Bug Bounty | 2022-07-12 | 2023-06-13 |
1376 | CVE-2022-32223 Discovery: DLL Hijacking via npm CLI |
DLL Hijacking
Privilege escalation |
Node.js |
Yakir Kadkoda |
Bug Bounty | 2022-07-12 | 2023-06-13 |
1375 | Leveraging the SQL Injection to Execute the XSS by Evading CSP |
CSP bypass
SQL injection
XSS |
NA |
Nirmal Dahal (@TheNittam) |
Bug Bounty | 2022-07-12 | 2023-06-13 |
1373 | CVE-2022-29885 - Don%27t Open That Port - A Denial Of Service vulnerability on Apache Tomcat Cluster Service Listener |
DoS |
Internet Bug Bounty |
void (@voidz0r) |
Bug Bounty | 2022-07-13 | 2023-06-13 |
1372 | Hacking on a Private Program (Salseforce crm) |
RCE
OS command injection |
NA |
Maruf Hosan (@thinkermaruff) |
Bug Bounty | 2022-07-13 | 2023-06-13 |
1371 | Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 |
Local Privilege Escalation |
Apple |
Microsoft 365 Defender Research Team |
Bug Bounty | 2022-07-13 | 2023-06-13 |
1369 | From Open Redirect to Reflected XSS manually |
Open redirect
Reflected XSS |
NA |
Rodric |
Bug Bounty | 2022-07-14 | 2023-06-13 |
1368 | CVE-2022-30136: Microsoft Windows Network File System V4 Remote Code Execution Vulnerability |
RCE
DoS
Memory corruption |
Microsoft |
Yuki Chen (@guhe120) |
Bug Bounty | 2022-07-14 | 2023-06-13 |
1367 | Abusing URL Shortners for fun and profit |
Information disclosure
Account takeover
IDOR |
NA |
Sicksec (@OriginalSicksec) |
Bug Bounty | 2022-07-14 | 2023-06-13 |
1365 | Exploiting Arbitrary Object Instantiations in PHP without Custom Classes |
RCE
Arbitrary Object Instantiation
Bruteforce
LDAP injection |
NA |
Arseniy Sharoglazov (@_mohemiv) |
Bug Bounty | 2022-07-14 | 2023-06-13 |
1362 | Exploiting Arbitrary Object Instantiations in PHP without Custom Classes |
Lack of rate limiting
Privilege escalation
IDOR
Account takeover |
NA |
Muhammad Talha / evilmango |
Bug Bounty | 2022-07-15 | 2023-06-13 |
1361 | Good Recon Leads To Senssitive Accounts |
Information disclosure
Username enumeration |
NA |
Milanjain |
Bug Bounty | 2022-07-15 | 2023-06-13 |
1359 | Authorization token leak from verify email endpoint |
Account takeover
Information disclosure |
NA |
Vengeance |
Bug Bounty | 2022-07-16 | 2023-06-13 |
1358 | First Bug Bounty from DOS: Taking the service down |
DoS |
NA |
Faique (@imfaiqu3) |
Bug Bounty | 2022-07-16 | 2023-06-13 |
1357 | Business logic error |
Logic flaw |
NA |
anjaneyulu kanakatla |
Bug Bounty | 2022-07-16 | 2023-06-13 |
1356 | Subdomain takeover and Text injection on a 404 error page-$100 bounty |
Subdomain takeover |
NA |
Jeewan Bhatta (@thenullkid) |
Bug Bounty | 2022-07-16 | 2023-06-13 |
1355 | CRLF to Account takeover (chaining bugs) |
CRLF injection
XSS
Account takeover |
NA |
MoSec (@moe1n1) |
Bug Bounty | 2022-07-16 | 2023-06-13 |
1354 | Going beyond Alert with XSS |
XSS
Account takeover |
NA |
pipsh |
Bug Bounty | 2022-07-16 | 2023-06-13 |
1353 | A Story Of My First Bug Bounty |
Information disclosure |
NA |
Raj Qureshi (@RajQureshi9) |
Bug Bounty | 2022-07-17 | 2023-06-13 |