| 3888 | From Multiple IDORs leading to Code Execution on a different Host Container |
IDOR
RCE |
NA |
Rahul (@Rahul_R95) |
Bug Bounty | 2019-10-04 | 2023-06-13 |
| 3885 | EXIF Geolocation Data Not Stripped From Uploaded Images |
Information disclosure |
NA |
Sourav Newatia (@souravnewatia) |
Bug Bounty | 2019-10-09 | 2023-06-13 |
| 3883 | Bypass Uppercase filters like a PRO (XSS Advanced Methods) |
XSS |
NA |
MasterSEC (@MasterSEC_AR) |
Bug Bounty | 2019-10-11 | 2023-06-13 |
| 3881 | Finding SQL injections fast with white-box analysis — a recent bug example |
SQL injection |
Zoho |
Florian Hauser (@frycos) |
Bug Bounty | 2019-10-13 | 2023-06-13 |
| 3880 | An inconsistent CSRF |
CSRF |
NA |
Smaran Chand (@smaranchand) |
Bug Bounty | 2019-10-15 | 2023-06-13 |
| 3879 | How I bypassed 2 Factor Authentication |
MFA bypass |
NA |
Hemant Singh Manral |
Bug Bounty | 2019-10-15 | 2023-06-13 |
| 3878 | How I found RCE But Got Duplicated |
Unrestricted file upload
RCE |
NA |
Smile Hacker |
Bug Bounty | 2019-10-15 | 2023-06-13 |
| 3868 | NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114] |
NFC
Android |
Google |
Nightwatch Cybersecurity (@nightwatchcyber) |
Bug Bounty | 2019-10-24 | 2023-06-13 |
| 3867 | How I earned $$$$ by finding confidential customer data including plain-text passwords! |
Directory listing
Information disclosure |
NA |
Sushant Soni (@sushantsoni5392) |
Bug Bounty | 2019-10-24 | 2023-06-13 |
| 3864 | How to Takover a ldap server. |
Misconfigured LDAP server |
NA |
Ashish Kunwar (@D0rkerDevil) |
Bug Bounty | 2019-10-25 | 2023-06-13 |
| 3861 | How I hacked 50+ Companies in 6 hrs |
SSTI
RCE |
NA |
Vignesh C (@pwn_r00t) |
Bug Bounty | 2019-10-29 | 2023-06-13 |
| 3860 | [Leak] Can I take the user information, please?!! |
Information disclosure |
NA |
Mohamed Sayed (@FlEx0Geek) |
Bug Bounty | 2019-10-29 | 2023-06-13 |
| 3859 | XSS to Account Takeover |
XSS
CSRF |
NA |
Tomi (@noobe_io) |
Bug Bounty | 2019-10-29 | 2023-06-13 |
| 3858 | Cross Site Request Forgery Critical Exploitable IN Infected Site? |
CSRF |
NA |
Hossam Mesbah |
Bug Bounty | 2019-10-29 | 2023-06-13 |
| 3856 | GraphQL introspection leads to sensitive data disclosure. |
Information disclosure |
NA |
Eshan Singh (@R0X4R) |
Bug Bounty | 2019-10-30 | 2023-06-13 |
| 3854 | Download this tool and you win |
Open redirect |
NA |
zoid (@z0idsec) |
Bug Bounty | 2019-10-31 | 2023-06-13 |
| 3853 | Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty |
Null byte buffer overflow
Memory corruption |
NA |
Sam Curry (@samwcyo) |
Bug Bounty | 2019-11-01 | 2023-06-13 |
| 3852 | XSS will never die |
XSS |
NA |
Oleksandr Opanasiuk (@Lekssik2) |
Bug Bounty | 2019-11-02 | 2023-06-13 |
| 3851 | BugBounty | A Simple SSRF |
SSRF
DNS rebinding |
NA |
Jinone (@jinonehk) |
Bug Bounty | 2019-11-05 | 2023-06-13 |
| 3849 | BugBounty | A Simple SSRF |
SSRF
DNS rebinding |
NA |
Jinone (@jinonehk) |
Bug Bounty | 2019-11-05 | 2023-06-13 |
| 3847 | A simple post auth bypass leads to unauthorized web server access |
Default credentials |
NA |
Hein Thant Zin (@H3Lowr) |
Bug Bounty | 2019-11-08 | 2023-06-13 |
| 3846 | BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! 😎 |
MFA bypass
Lack of rate limiting |
NA |
Akash Agrawal (@akashmagrawal) |
Bug Bounty | 2019-11-08 | 2023-06-13 |
| 3845 | DOM-Based XSS | Bug Bounty Writeup |
DOM XSS |
NA |
HacknPentest (@HacknPentest) |
Bug Bounty | 2019-11-10 | 2023-06-13 |
| 3844 | My First SSRF Using DNS Rebinding |
SSRF
DNS rebinding |
NA |
Marek Geleta (@marek_geleta) |
Bug Bounty | 2019-11-11 | 2023-06-13 |
| 3842 | How i Bought VPS, Hosting, Domain only $0.01 |
Payment tampering |
NA |
Zerb0a |
Bug Bounty | 2019-11-12 | 2023-06-13 |
