| 3512 | The Story of Blind SSRF leads to internal Host discovery. |
SSRF |
NA |
kaustubh padwad (@s3curityb3ast) |
Bug Bounty | 2020-05-01 | 2023-06-13 |
| 3505 | #BugBounty — Adding Money Using Response Modification |
Payment tampering
Logic flaw |
NA |
Line_no 6 |
Bug Bounty | 2020-05-03 | 2023-06-13 |
| 3503 | Cool paste jacking attack earned me $$$ |
Paste jacking |
NA |
Aman Rawat (@theamanrawat) |
Bug Bounty | 2020-05-04 | 2023-06-13 |
| 3502 | G Suite - Device Management XSS |
XSS |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 3499 | A tale of verbose error message and a JWT token |
Information disclosure
Authorization flaw |
NA |
Marek Geleta (@marek_geleta) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 3497 | DOM XSS Walkthrough |
DOM XSS |
NA |
Youssef Lahouifi (@YLahouifi) |
Bug Bounty | 2020-05-06 | 2023-06-13 |
| 3496 | How we Hijacked 26+ Subdomains |
Subdomain takeover |
NA |
Aishwarya Kendle (@aish_kendle) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3495 | DOM-Based XSS at accounts.google.com by Google Voice Extension. |
DOM XSS |
Google |
missoum1307 (@missoum1307) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3492 | Pentesting Cisco SD-WAN Part 2: Breaking Routers |
OS command injection
Security code review |
Cisco |
Julien Legras (@Julien_Legras) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3490 | How I made $10K in bug bounties from GitHub secret leaks |
Information disclosure |
NA |
Tillson Galloway (tillson_) |
Bug Bounty | 2020-05-10 | 2023-06-13 |
| 3488 | Magic of the Back Slash |
Path traversal |
NA |
Anil Tom (mr_4nk) |
Bug Bounty | 2020-05-11 | 2023-06-13 |
| 3486 | Lucky Bug Which Let Me Change Name of Every Accounts at a Single Click |
SQL injection |
NA |
Merbin Russel (e_23_e) |
Bug Bounty | 2020-05-13 | 2023-06-13 |
| 3485 | $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt |
Information disclosure |
NA |
Johann Rehberger (wunderwuzzi23) |
Bug Bounty | 2020-05-13 | 2023-06-13 |
| 3484 | Bug Bounty — Advanced Manual Penetration Testing Leading to Price Manipulation Vulnerability |
Payment tampering |
NA |
Talatmehmood |
Bug Bounty | 2020-05-14 | 2023-06-13 |
| 3483 | Weak Cryptography in Password Reset to Full Account Takeover |
Account takeover
Password reset
Cryptographic issues |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-05-15 | 2023-06-13 |
| 3481 | Password Reset Poisoning leading to Account Takeover |
Password reset
Account takeover |
NA |
Swapnil Maurya (@swapmaurya20) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3480 | Chained Bugs [ Account TakeOver ] |
IDOR
XSS
Account takeover |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3478 | Logical Bug which let me stop Users from Creating Ads at a Website |
Logic flaw
DoS |
NA |
Merbin Russel (e_23_e) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3477 | One Param => $10k |
IDOR
XSS
Account takeover |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3476 | Stored XSS Leads to Plaintext Password Disclosure |
Stored XSS
Information disclosure
Unrestricted file upload |
NA |
bad5ect0r (@bad5ect0r) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3475 | Tale of Account Takeovers (Part-2) |
Account takeover |
NA |
Vijaysimha Reddy Bathini (@fatratfatrat) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3474 | Cors Blimey: The power of chaining CORS |
CORS misconfiguration
Stored XSS
CSRF |
NA |
Hazana (@hazanasec) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3472 | My first 10k bdt bounty from an e-commerce site |
IDOR |
NA |
Md Saikat |
Bug Bounty | 2020-05-18 | 2023-06-13 |
| 3471 | Multiple flaws leads to Account Takeover within an Application |
Account takeover
Password reset |
NA |
Harshit Sengar (@sengarharshit1) |
Bug Bounty | 2020-05-18 | 2023-06-13 |
| 3470 | CVE-2020–1088 — Yet another arbitrary delete EoP |
Local Privilege Escalation
Windows |
Microsoft |
Søren Fritzbøger (@fritzboger) |
Bug Bounty | 2020-05-18 | 2023-06-13 |
