| 2700 | Cross Site Port Attack - A Stranger’s Call |
XSPA |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-03-21 | 2023-06-13 |
| 2699 | OTP brute-force via rate limit bypass |
Bruteforce
Lack of rate limiting
OTP bypass |
NA |
Bilal Muqeet (@blmqt) |
Bug Bounty | 2021-03-21 | 2023-06-13 |
| 2698 | Finding My First Critical Vulnerability |
Information disclosure |
NA |
Thexssrat (@theXSSrat) |
Bug Bounty | 2021-03-21 | 2023-06-13 |
| 2697 | How I made it to Google HOF? |
IDOR |
Google |
Sudhanshu Rajbhar (@sudhanshur705) |
Bug Bounty | 2021-03-21 | 2023-06-13 |
| 2696 | Finding and exploiting race condition vulnerability on facebook server |
Race condition |
Meta / Facebook |
Dewanand Vishal (@dewcode91) |
Bug Bounty | 2021-03-24 | 2023-06-13 |
| 2695 | Bypass rate limit to enumeration users through Google Drive |
Rate limiting bypass |
Google |
Abdullah Mohamed (@3bodymo_) |
Bug Bounty | 2021-03-24 | 2023-06-13 |
| 2694 | Multiple Authorization bypass issues in Google%27s Richmedia Studio |
Authorization flaw |
Google |
Zohar Shachar |
Bug Bounty | 2021-03-24 | 2023-06-13 |
| 2693 | How I leveraged XSS to make Privilege Escalation to be Super Admin! |
XSS
Privilege escalation |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2021-03-25 | 2023-06-13 |
| 2692 | PoC: The easiest 125 Euro’s I Ever made |
Logic flaw |
NA |
Thexssrat (@theXSSrat) |
Bug Bounty | 2021-03-25 | 2023-06-13 |
| 2691 | Encrypted Payload -> Decrypted Execution ($600) : Stored XSS |
Stored XSS |
NA |
Shrirang Diwakar |
Bug Bounty | 2021-03-25 | 2023-06-13 |
| 2690 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #2 |
Broken Access Control
IDOR |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-03-26 | 2023-06-13 |
| 2689 | Increasing impact of Information Disclosure — Full Account Takeover ! |
Information disclosure
Password reset |
NA |
Abhisek R (@abh1sek_r) |
Bug Bounty | 2021-03-26 | 2023-06-13 |
| 2688 | How to bypass CloudFlare bot protection ? |
Logic flaw |
Cloudflare |
jychp (@jychp_fr) |
Bug Bounty | 2021-03-27 | 2023-06-13 |
| 2687 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #1 |
Broken Access Control
IDOR |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2021-03-28 | 2023-06-13 |
| 2686 | How I made to Paypal Bug Bounty $750 |
Open redirect |
Paypal |
Pethuraj (@Pethuraj) |
Bug Bounty | 2021-03-28 | 2023-06-13 |
| 2685 | PHP fopen() function to local file inclusion |
LFI |
NA |
أنس روبي (@xhzeem) |
Bug Bounty | 2021-03-28 | 2023-06-13 |
| 2684 | CSRF to Full Account Takeover |
CSRF
Account takeover |
NA |
Ashraf Harb (@ashrafharb97) |
Bug Bounty | 2021-03-29 | 2023-06-13 |
| 2683 | A weird XSS |
Reflected XSS |
NA |
gato the wizard |
Bug Bounty | 2021-03-30 | 2023-06-13 |
| 2682 | I felt like there were no more bugs left after winning € 2000 … But an email worth €750 changed my mind |
Broken Access Control
IDOR |
NA |
Thexssrat (@theXSSrat) |
Bug Bounty | 2021-03-31 | 2023-06-13 |
| 2681 | Missing CORS leads to Complete Account Takeover |
Missing CORS
CSRF
Account takeover |
NA |
Niraj Modi (@nirajmodi51) |
Bug Bounty | 2021-03-30 | 2023-06-13 |
| 2680 | My first Bug report at Facebook 2021 |
Logic flaw
Authorization flaw |
Meta / Facebook |
Kent Jarold Abulag (@wkemenhehehegsg) |
Bug Bounty | 2021-03-31 | 2023-06-13 |
| 2678 | GKE Autopilot Node Compromise via Race Condition |
Container escape |
Google |
Anthony Weems |
Bug Bounty | 2021-04-01 | 2023-06-13 |
| 2677 | Zero click vulnerability in Apple’s macOS Mail |
Account takeover
Information disclosure
RCE |
Apple |
Mikko Kenttälä (@Turmio_) |
Bug Bounty | 2021-04-01 | 2023-06-13 |
| 2674 | Who Contains the Containers? |
Local Privilege Escalation |
Microsoft |
James Forshaw (@tiraniddo) |
Bug Bounty | 2021-04-01 | 2023-06-13 |
| 2673 | Play a game, get Subscribed to my channel - YouTube Clickjacking Bug | #GoogleVRP |
Clickjacking |
Google |
Sriram Kesavan (@sriramoffcl) |
Bug Bounty | 2021-04-02 | 2023-06-13 |
