| 3076 | How i got 250$ in 5 munites using my phone |
HTML injection |
Basecamp |
Abdelkader Mouaz (@hamzadzworm) |
Bug Bounty | 2020-10-26 | 2023-06-13 |
| 3075 | The YouTube bug that allowed unlisted uploads to any channel |
IDOR
Information disclosure |
Google |
Ryan Kovatch |
Bug Bounty | 2020-10-27 | 2023-06-13 |
| 3074 | Automating xss identification with Dalfox & Paramspider |
Reflected XSS |
NA |
Paras Arora (@parasarora06) |
Bug Bounty | 2020-10-27 | 2023-06-13 |
| 3073 | Error-Based SQL Injection on a WordPress website and extract more than 150k user details |
SQL injection |
NA |
Ynoof Alassiri |
Bug Bounty | 2020-10-27 | 2023-06-13 |
| 3072 | Story of an interesting bug. |
Lack of rate limiting
DoS |
NA |
Vedant Tekale (@_justYnot) |
Bug Bounty | 2020-10-28 | 2023-06-13 |
| 3071 | Weblogic RCE by only one GET request — CVE-2020–14882 Analysis |
RCE
Authentication bypass
Security code review |
Oracle (WebLogic) |
Nguyễn Tiến Giang (@testanull) |
Bug Bounty | 2020-10-28 | 2023-06-13 |
| 3070 | Manual broken link monitoring |
Broken link hijacking |
NA |
GrumpinouT (@RVerwilghen) |
Bug Bounty | 2020-10-29 | 2023-06-13 |
| 3069 | Rate Limit Bypassing Allowing Identity Spoofing |
Rate limiting bypass
OTP bypass |
NA |
Mohamed Talaat (@T4144t) |
Bug Bounty | 2020-10-29 | 2023-06-13 |
| 3068 | Wormable remote code execution in Alien Swarm |
RCE |
Valve |
mev |
Bug Bounty | 2020-10-30 | 2023-06-13 |
| 3067 | Ability To Backdoor Facebook For Android |
Insecure deeplink
Android |
Meta / Facebook |
Ashley King (@AshleyKingUK) |
Bug Bounty | 2020-10-30 | 2023-06-13 |
| 3066 | Hinge Hackerone Writeup |
Broken Access Control |
Hinge |
Tyle Butler (@tbutler0x90) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
| 3065 | Beyond the wall: command injection still alive. |
OS command injection |
NA |
Ahmed Constant (@a_Constant_) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
| 3064 | Abusing %27Report Abuse%27 |
Logic flaw
Authorization flaw |
NA |
Aseem Shrey (@AseemShrey) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
| 3063 | How i got 7000$ in Bug-Bounty for my Critical Finding. |
Information disclosure |
NA |
Kishan Kumar / Noobie BoY (@hst_kishan) |
Bug Bounty | 2020-10-31 | 2023-06-13 |
| 3062 | An often overlooked Oauth misconfiguration. |
OAuth |
NA |
VipItHunter (@VipItHunter1) |
Bug Bounty | 2020-11-01 | 2023-06-13 |
| 3061 | Leaked .git folder leads to RCE |
.git folder disclosure
RCE |
NA |
James Clee (@jtcsec) |
Bug Bounty | 2020-11-01 | 2023-06-13 |
| 3060 | Subdomain Takeover in Azure: making a PoC |
Subdomain takeover |
NA |
Diego Bernal Adelantado (@secfaults) |
Bug Bounty | 2020-11-01 | 2023-06-13 |
| 3059 | CVE-2020-13294 |
Authentication flaw
OpenID Connect
OAuth |
GitLab |
Lauritz Holtmann (@_lauritz_) |
Bug Bounty | 2020-11-01 | 2023-06-13 |
| 3058 | Reveal the page admin that uploaded a video on the page in comment section |
Information disclosure
Logic flaw |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2020-11-02 | 2023-06-13 |
| 3057 | Forcing for a bounty$$ |
Authorization flaw |
NA |
Rafi Ahamed (Leonidas D. Ace) |
Bug Bounty | 2020-11-03 | 2023-06-13 |
| 3056 | From a 500 error to Django admin takeover |
Authorization bypass
Account takeover |
NA |
Shashank (@cyberboyIndia) |
Bug Bounty | 2020-11-03 | 2023-06-13 |
| 3055 | Delete Any Photos In Facebook |
Authorization flaw
Logic flaw |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2020-11-04 | 2023-06-13 |
| 3054 | How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day |
Information disclosure |
Brave Software |
sickcodes (@sickcodes) |
Bug Bounty | 2020-11-05 | 2023-06-13 |
| 3053 | 1000$ for Open redirect via unknown technique [BugBounty writeup] |
Open redirect |
GitLab |
ruvlol |
Bug Bounty | 2020-11-05 | 2023-06-13 |
| 3052 | Story of a Pre-Account Takeover |
Account takeover
OAuth |
NA |
Kushal Dhakal (@dhakal0kushal) |
Bug Bounty | 2020-11-06 | 2023-06-13 |
