| 4311 | I Found Clickjacking on Google CSE. Is This Important? |
Clickjacking |
Google |
Mukhammad Akbar (@abaykandotcom) |
Bug Bounty | 2019-02-10 | 2023-06-13 |
| 4262 | Account Takeover Using Cross-Site WebSocket Hijacking (CSWH) |
Cross-Site WebSocket Hijacking (CSWH)
Account takeover |
NA |
Sharan Panegav (@PanegavSharan) |
Bug Bounty | 2019-03-09 | 2023-06-13 |
| 4233 | How I could have hijacked a victim’s YouTube notifications! (Google VRP Writeup) |
CSRF |
Google |
Yash Sodha (@y_sodha) |
Bug Bounty | 2019-03-26 | 2023-06-13 |
| 4232 | My very first bug: a dreaded dupe and then an IDOR jackpot! |
IDOR |
Yahoo! / Verizon Media |
John H4X00R (@JohnH4X00R) |
Bug Bounty | 2019-03-28 | 2023-06-13 |
| 4223 | How I am able to hijack you. |
Logic flaw |
Google |
Terjanq (@terjanq) |
Bug Bounty | 2019-04-03 | 2023-06-13 |
| 4091 | Account Takeover with Clickjacking |
Clickjacking |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-19 | 2023-06-13 |
| 4084 | $1800 worth Clickjacking |
Clickjacking |
NA |
Osama Avvan (@osamaavvan) |
Bug Bounty | 2019-06-21 | 2023-06-13 |
| 4036 | Bypass CSRF With ClickJacking Worth $1250 |
CSRF
Clickjacking |
NA |
Saad Ahmed (@XSaadAhmedX) |
Bug Bounty | 2019-07-16 | 2023-06-13 |
| 3979 | Clickjacking DOM XSS on Google.org |
Clickjacking
DOM XSS |
Google |
Thomas Orlita (@ThomasOrlita) |
Bug Bounty | 2019-08-12 | 2023-06-13 |
| 3965 | Kaspersky in the Middle – what could possibly go wrong? |
Clickjacking
Universal XSS
MiTM |
Kaspersky |
Wladimir Palant (@WPalant) |
Bug Bounty | 2019-08-19 | 2023-06-13 |
| 3904 | Broken Link Hijacking - s3 buckets |
Broken link hijacking |
Google |
Tutorgeeks (@tutorgeeks) |
Bug Bounty | 2019-09-22 | 2023-06-13 |
| 3886 | Vulnerability To Bypass Clickjacking Protection In Youtube |
Clickjacking |
Google |
spidersec (@SpiderSec) |
Bug Bounty | 2019-10-06 | 2023-06-13 |
| 3848 | How I Hacked Dutch Government in 5 Minutes? Twitter Account Takeover |
Broken link hijacking |
Dutch Government |
Numan ÖZDEMİR (@numanozdemircom) |
Bug Bounty | 2019-11-06 | 2023-06-13 |
| 3838 | Command Injection Through BLH |
Broken link hijacking |
Meta / Facebook |
Shankar R (@trapp3r_hat) |
Bug Bounty | 2019-11-14 | 2023-06-13 |
| 3836 | Taking over Facebook Page Tabs |
Broken link hijacking |
Meta / Facebook |
Taking over Facebook Page Tabs |
Bug Bounty | 2019-11-14 | 2023-06-13 |
| 3696 | How I was able to takeover the company’s LinkedIn Page |
Broken link hijacking |
NA |
Vijaysimha Reddy Bathini (@fatratfatrat) |
Bug Bounty | 2020-01-29 | 2023-06-13 |
| 3684 | Hijacking shared report links in Google Data Studio |
Authorization flaw |
Google |
sushiwushi (@sushiwushi2) |
Bug Bounty | 2020-02-05 | 2023-06-13 |
| 3679 | Google APIS ClickJacking ( $1337) |
Clickjacking |
Google |
Myo Min Thu (@myominthu1337) |
Bug Bounty | 2020-02-05 | 2023-06-13 |
| 3639 | Account Hijack using Authorization bypass $$$$ |
Account takeover
Authorization flaw |
NA |
Bhavesh Thakur (@Bhavesh_Thakur_) |
Bug Bounty | 2020-02-28 | 2023-06-13 |
| 3626 | Google Bug Bounty: Clickjacking on Google Payment (1337$) |
Clickjacking |
Google |
santuySec (@santuySec) |
Bug Bounty | 2020-03-06 | 2023-06-13 |
| 3595 | Hacking — Always Check the Cross-domain Policy |
SOP bypass
CSRF |
Starbucks |
Jack |
Bug Bounty | 2020-03-19 | 2023-06-13 |
| 3503 | Cool paste jacking attack earned me $$$ |
Paste jacking |
NA |
Aman Rawat (@theamanrawat) |
Bug Bounty | 2020-05-04 | 2023-06-13 |
| 3496 | How we Hijacked 26+ Subdomains |
Subdomain takeover |
NA |
Aishwarya Kendle (@aish_kendle) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3479 | How I was able to make users loss of money on Google Pay |
Clickjacking |
Google |
santuySec (@santuySec) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3450 | Clickjacking to Account Takeover |
Clickjacking |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
