| 3921 | I Could Have Hacked All Uber Accounts- But I Chose to Report it Instead |
Information disclosure |
Uber |
Anand Prakash (@anandpraka_sh) |
Bug Bounty | 2019-09-13 | 2023-06-13 |
| 3920 | Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3) |
Race condition
RCE
Unrestricted file upload |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3919 | OTP Manipulation |
OTP bypass |
NA |
Kishan choudhary (@choudhary_1337) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3918 | How I found a simple and weird Account takeover bug |
Account takeover
Missing authentication |
NA |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3916 | Client, not client! |
LFI |
NA |
Tung Pun |
Bug Bounty | 2019-09-15 | 2023-06-13 |
| 3915 | RCE with Flask Jinja Template Injection |
SSTI
RCE |
NA |
AkShAy KaTkAr (@AkShAy KaTkAr) |
Bug Bounty | 2019-09-17 | 2023-06-13 |
| 3914 | SSRF | Reading Local Files from DownNotifier server |
SSRF |
NA |
Dr.FarFar (@3XS0) |
Bug Bounty | 2019-09-18 | 2023-06-13 |
| 3911 | How I able to Takeover 10 subdomains in a Private Program ? |
Subdomain takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-09-20 | 2023-06-13 |
| 3909 | Bug or Feature? GitHub Adventure #001 |
OAuth
Open redirect |
NA |
Dominik Opyd (@oad_earth) |
Bug Bounty | 2019-09-21 | 2023-06-13 |
| 3908 | A Simple bypass of Registration Activation that Lead to many Bug - |
Information disclosure
IDOR
CSRF |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-21 | 2023-06-13 |
| 3906 | [Case Study] OAuth Misconfiguration leads to Account Takeover |
OAuth
Account takeover |
NA |
Gaurang Bhatnagar (@0xgaurang) |
Bug Bounty | 2019-09-21 | 2023-06-13 |
| 3905 | [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE |
Information disclosure
SQL injection
Authentication bypass
Unrestricted file upload
RCE
XSS |
NA |
Tomi (@noobe_io) |
Bug Bounty | 2019-09-22 | 2023-06-13 |
| 3904 | Broken Link Hijacking - s3 buckets |
Broken link hijacking |
Google |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2019-09-22 | 2023-06-13 |
| 3903 | Fuzzing {{7*7}} Till {{P1}} |
SSTI |
NA |
Verneet (@err0rrrrr) |
Bug Bounty | 2019-09-23 | 2023-06-13 |
| 3901 | Information Disclosure at PayPal and Xoom (PayPal Acquisition) via Simple Google Dork - 1,000 USD |
Information disclosure |
Paypal |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-24 | 2023-06-13 |
| 3900 | Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure |
Path traversal |
Atlassian |
Sam Curry (@samwcyo) |
Bug Bounty | 2019-09-25 | 2023-06-13 |
| 3898 | Stories Of IDOR |
IDOR |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2019-09-28 | 2023-06-13 |
| 3897 | Spear texting via parameter injection |
Parameter tampering |
NA |
Kyle (@B3nac) |
Bug Bounty | 2019-09-29 | 2023-06-13 |
| 3896 | Bug Hunting: Xss On Cookie Popup Warning |
Reflected XSS |
NA |
vict0ni (@vict0ni) |
Bug Bounty | 2019-09-30 | 2023-06-13 |
| 3895 | One Way to Find Hidden IDOR Vulnerability |
IDOR |
NA |
Vulkey_Chen (@Vulkey_Chen) |
Bug Bounty | 2019-10-01 | 2023-06-13 |
| 3894 | Stealing login credentials with Reflected XSS |
Reflected XSS |
NA |
mehulpanchal007 (@007_sharky) |
Bug Bounty | 2019-10-01 | 2023-06-13 |
| 3893 | How to get RCE on AEM instance without Java knowledge |
RCE |
NA |
byq (@ByQwert) |
Bug Bounty | 2019-10-01 | 2023-06-13 |
| 3892 | How a double-free bug in WhatsApp turns to RCE |
Memory corruption
RCE
Android |
Meta / Facebook |
Awakened |
Bug Bounty | 2019-10-02 | 2023-06-13 |
| 3891 | GraphQL Introspection leads to Sensitive Data Disclosure. |
Information disclosure |
NA |
Pranay Bafna |
Bug Bounty | 2019-10-02 | 2023-06-13 |
| 3890 | REST framework Admin Panel bypass and how I recon for this vulnerability |
Authentication bypass |
NA |
Aziz Hakim (@hackerb0y_) |
Bug Bounty | 2019-10-02 | 2023-06-13 |
