| 3974 | [Business Logic] Bypassing Nickname Feature |
Logic flaw |
NA |
Kent Bayron / kntx (@bayronkentoy) |
Bug Bounty | 2019-08-14 | 2023-06-13 |
| 3970 | How I was able to earn 1000$ with just 10 minutes of bug bounty? |
Password reset |
NA |
Ninad Mathpati (@ninad_mathpati) |
Bug Bounty | 2019-08-17 | 2023-06-13 |
| 3967 | U.S. Department of Defense - Info Disclosure and SQLi Writeup |
Information disclosure
SQL injection |
U.S. Dept Of Defense |
Aaron Esau (@arinerron) |
Bug Bounty | 2019-08-19 | 2023-06-13 |
| 3957 | From Github Recon To Account Takeover |
Information disclosure
Account takeover |
NA |
Dipak kumar Das (@d1pakdas) |
Bug Bounty | 2019-08-24 | 2023-06-13 |
| 3955 | Bug Bounty: Bypassing a crappy WAF to exploit a blind SQL injection |
Blind SQL injection |
NA |
Robin Verton (@robinverton) |
Bug Bounty | 2019-08-25 | 2023-06-13 |
| 3952 | Private bug bounty $$,$$$ USD: “RCE as root on Marathon-Mesos instance” |
RCE |
NA |
Omar Espino (@omespino) |
Bug Bounty | 2019-08-27 | 2023-06-13 |
| 3951 | How to look for JS files Vulnerability for fun and profit? |
Information disclosure |
NA |
Yeasir Arafat |
Bug Bounty | 2019-08-27 | 2023-06-13 |
| 3949 | Shodan is your friend!!! If you ignore him you will lose many… |
SQL injection
Authentication bypass |
NA |
Vijaysimha Reddy Bathini (@fatratfatrat) |
Bug Bounty | 2019-08-28 | 2023-06-13 |
| 3948 | My First LFI |
LFI |
NA |
Tirtha Mandal (@tirtha_mandal) |
Bug Bounty | 2019-08-31 | 2023-06-13 |
| 3947 | Graphql Bug to Steal Anyone’s Address |
Information disclosure
GraphQL |
NA |
Pratik Yadav (@PratikY9967) |
Bug Bounty | 2019-09-01 | 2023-06-13 |
| 3944 | RCE using Path Traversal |
RCE
Path traversal |
NA |
inc0gbyt3 (@incogbyte) |
Bug Bounty | 2019-09-02 | 2023-06-13 |
| 3943 | Add new user with Admin permission and takeover the organization |
Authorization flaw
Privilege escalation |
NA |
Tarek Mohamed (@Conan0x3) |
Bug Bounty | 2019-09-04 | 2023-06-13 |
| 3942 | Exposed Jenkins to RCE on 8 Adobe Experience Managers |
RCE
Exposed Jenkins instance |
NA |
Corben Leo (@hacker_) |
Bug Bounty | 2019-09-04 | 2023-06-13 |
| 3940 | DOM Based XSS in Private Program |
DOM XSS |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-09-05 | 2023-06-13 |
| 3939 | Super Glamorous Recon with Intended Functionalities |
SSTI
XSS |
NA |
hateshape (@hateshaped) |
Bug Bounty | 2019-09-06 | 2023-06-13 |
| 3938 | Finding Gem in Someone’s Report: Instant $500USD at HackerOne Platform |
Information disclosure |
NA |
Hisoka Morou |
Bug Bounty | 2019-09-07 | 2023-06-13 |
| 3937 | Write up of two HTTP Requests Smuggling |
HTTP request smuggling |
NA |
C1h2e1 (@C1h2e11) |
Bug Bounty | 2019-09-07 | 2023-06-13 |
| 3936 | Exploiting JSONP and Bypassing Referer Check |
Information disclosure
JSONP |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-09-07 | 2023-06-13 |
| 3934 | Oculus identity verification bypass through brute-force |
OTP bypass
Lack of rate limiting |
Meta / Facebook |
karthik kumar reddy (@karthiksunny007) |
Bug Bounty | 2019-09-09 | 2023-06-13 |
| 3931 | H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress |
Stored XSS
SQL injection |
Uber |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2019-09-10 | 2023-06-13 |
| 3929 | Pwn Them All #BugBounty |
Host header injection
Password reset |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2019-09-11 | 2023-06-13 |
| 3927 | How does my recon win $250 in 15 minutes |
Open redirect |
NA |
Hein Thant Zin (@H3Lowr) |
Bug Bounty | 2019-09-12 | 2023-06-13 |
| 3925 | Exploiting File Uploads Pt. 2 – A Tale of a $3k worth RCE. |
Unrestricted file upload
RCE |
NA |
HackerOn2Wheels (@HackerOn2Wheels) |
Bug Bounty | 2019-09-13 | 2023-06-13 |
| 3924 | HTTP Request Smuggling CL.TE |
HTTP request smuggling |
NA |
memN0ps (@memN0ps) |
Bug Bounty | 2019-09-13 | 2023-06-13 |
| 3923 | Unauthorized access to all user information leaks |
Information disclosure |
NA |
C1h2e1 (@C1h2e11) |
Bug Bounty | 2019-09-13 | 2023-06-13 |
