| 3841 | Bug Bounty: Broken API Authorization |
Authorization flaw |
NA |
Th3hidd3nmist (@th3_hidd3n_mist) |
Bug Bounty | 2019-11-12 | 2023-06-13 |
| 3839 | Mass XS-Search using Cache Attack |
XS-Search |
Google |
Terjanq (@terjanq) |
Bug Bounty | 2019-11-12 | 2023-06-13 |
| 3837 | [Server Side Request Forgery] Blind SSRF due to Sentry Misconfiguration |
SSRF |
NA |
Kent Bayron (@bayronkentoy) |
Bug Bounty | 2019-11-14 | 2023-06-13 |
| 3835 | Chains on Chains!! Chaining several IDOR’s into Account Takeover(PART ONE) |
IDOR |
NA |
Daniel Marte (@DanielM59720745) |
Bug Bounty | 2019-11-15 | 2023-06-13 |
| 3834 | Authenticated CORS with Access-Control-Allow-Origin: * |
Caching issue
Browser hacking |
Google (Chromium) |
BitK (@BitK_) |
Bug Bounty | 2019-11-15 | 2023-06-13 |
| 3831 | LDAP Admin Account Bypassed :) |
LDAP injection
Authentication bypass |
NA |
Himanshu Pdy (@himanshu_pdy) |
Bug Bounty | 2019-11-16 | 2023-06-13 |
| 3830 | Privilege Escalation with simple recon |
Privilege escalation
Blind XSS |
NA |
Mayur Gupta (@RisingHunter_) |
Bug Bounty | 2019-11-16 | 2023-06-13 |
| 3828 | My First Bug ($500) |
No valid SPF records |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3827 | This is How I was able to hunt a rare bug in a private program |
Missing authentication
Privilege escalation |
NA |
Abida Fahd |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3825 | Million Users PII Leak Data Leak |
Information disclosure
Blind XSS |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2019-11-18 | 2023-06-13 |
| 3821 | Subdomain Takeover via Campaignmonitor.com |
Subdomain takeover |
NA |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-11-20 | 2023-06-13 |
| 3820 | How I paid 2$ for a 1054$ XSS bug + 20 chars blind XSS payloads |
XSS |
NA |
Mohamed Daher (@DaherMohamed4) |
Bug Bounty | 2019-11-20 | 2023-06-13 |
| 3817 | 700$ Denial of Service(DoS) vulnerability in script-loader.php (CVE-2018-6389) |
DoS |
NA |
Pankaj Thakur (@Nep_1337_1998) |
Bug Bounty | 2019-11-21 | 2023-06-13 |
| 3815 | Stories Of IDOR-Part 2 |
IDOR |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2019-11-21 | 2023-06-13 |
| 3814 | IDOR via Websockets |
IDOR |
NA |
Shuaib Oladigbolu (@_sawzeeyy) |
Bug Bounty | 2019-11-23 | 2023-06-13 |
| 3813 | Exploiting padding oracles with fixed IVs |
Padding oracle attack
Account takeover |
NA |
Teddy Katz (@not_aardvark) |
Bug Bounty | 2019-11-23 | 2023-06-13 |
| 3812 | The AccountTakeOver Killing Chain |
Account takeover
CSRF
Self-XSS |
NA |
أنس روبي (@xhzeem) |
Bug Bounty | 2019-11-23 | 2023-06-13 |
| 3811 | CORS Misconfiguration to Account TakeOver [Out of scope to grab items In-Scope] |
CORS misconfiguration
Open redirect
Reflected XSS
Session management issue |
NA |
Mashoud1122 (@mashoud1122) |
Bug Bounty | 2019-11-24 | 2023-06-13 |
| 3809 | How Did Tons of People Like Me on Tinder? |
HTTP request smuggling |
NA |
Mustafa iran (@Mustafaran) |
Bug Bounty | 2019-11-25 | 2023-06-13 |
| 3808 | Getting access to disabled/hidden features with the help of Burpsuite Match and Replace settings |
Authorization flaw |
NA |
Johns Simon (@Johnssimon22) |
Bug Bounty | 2019-11-27 | 2023-06-13 |
| 3803 | How I turned Self XSS to Stored via CSRF |
Self-XSS
CSRF |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2019-11-29 | 2023-06-13 |
| 3802 | My first RCE: a tale of good ideas and good friends |
RCE
ImageTragick |
NA |
rez0 (@rez0__) |
Bug Bounty | 2019-11-29 | 2023-06-13 |
| 3801 | Dank Writeup On Broken Access Control On An Indian Startup |
Unrestricted file upload
Authorization flaw |
NA |
Divyanshu Shukla (@justm0rph3u5) |
Bug Bounty | 2019-11-30 | 2023-06-13 |
| 3800 | XSS like a Pro |
XSS |
NA |
Anas Mahmood (@AnasIsHere) |
Bug Bounty | 2019-12-05 | 2023-06-13 |
| 3799 | HTTP Request Smuggling + IDOR |
HTTP request smuggling
IDOR |
NA |
hipotermia (@_hipotermia_) |
Bug Bounty | 2019-12-05 | 2023-06-13 |
