| 4631 | User credential are sent in clear text in Whatsapp web— FIXED | Facebook Bug Bounty |
Credentials sent over unencrypted channel |
Meta / Facebook |
Thuvarakan Nakarajah |
Bug Bounty | 2018-08-18 | 2023-06-13 |
| 2474 | Story of Google Hall of Fame and Private program bounty worth $$$$ |
Exposed registration page |
Google |
Basavaraj Banakar (@basu_banakar) |
Bug Bounty | 2021-06-16 | 2023-06-13 |
| 1978 | How I was able to bypass WAF and find the origin IP and a few sensitive files |
WAF bypass |
NA |
Jan Muhammad Zaidi (@hasanakajan) |
Bug Bounty | 2021-12-22 | 2023-06-13 |
| 1687 | How I bypassed 403 forbidden domain using a simple trick |
403 bypass |
NA |
Jan Muhammad Zaidi (@hasanakajan) |
Bug Bounty | 2022-03-29 | 2023-06-13 |
| 1628 | MY First Bug In Hackerone |
Information disclosure |
NA |
anjaneyulu kanakatla |
Bug Bounty | 2022-04-14 | 2023-06-13 |
| 1569 | Its all about 2fa bypass, or Account Takeover |
Password reset
Account takeover
OTP bypass |
NA |
anjaneyulu kanakatla |
Bug Bounty | 2022-05-08 | 2023-06-13 |
| 1403 | Vertical Privilege Escalation: The user can takeover an admin account via response manipulation |
Privilege escalation
HTTP response manipulation |
NA |
Jan Muhammad Zaidi (@hasanakajan) |
Bug Bounty | 2022-07-02 | 2023-06-13 |
| 1357 | Business logic error |
Logic flaw |
NA |
anjaneyulu kanakatla |
Bug Bounty | 2022-07-16 | 2023-06-13 |
| 793 | SSRF via DNS Rebinding (CVE-2022–4096) |
SSRF
DNS rebinding
TOCTOU |
Appsmith |
Basavaraj Banakar (@basu_banakar) |
Bug Bounty | 2022-11-22 | 2023-06-13 |
| 629 | An amazing way to turn a xss into an ATO |
XSS
Account takeover |
NA |
Naka |
Bug Bounty | 2023-01-02 | 2023-06-13 |
| 462 | SSRF That Allowed Us to Access Whole Infra Web Services and Many More |
SSRF |
NA |
Basavaraj Banakar (@basu_banakar) |
Bug Bounty | 2023-02-12 | 2023-06-13 |
