| 3468 | Teradici and CVE-2020-10965: An issue of routing. |
Missing authentication |
Teradici |
Benjamin Heald (@heald_ben) |
Bug Bounty | 2020-05-18 | 2023-06-13 |
| 3467 | How I got 200$ in 5 minutes – Sensitive data leak |
Information disclosure |
NA |
Sanjay Verdu (@codersanjay) |
Bug Bounty | 2020-05-19 | 2023-06-13 |
| 3466 | Easy bounties with subdomain discovery - Using Project Sonar for bug bounty |
Broken access control
Authorization flaw |
Bpost |
Torben Capiau (@TorbenCapiau) |
Bug Bounty | 2020-05-20 | 2023-06-13 |
| 3461 | Parsing the DOM elements of Other pages via XSS: A Bug Bounty Story |
XSS
Information disclosure |
NA |
Mandeep Jadon (@1337tr0lls) |
Bug Bounty | 2020-05-22 | 2023-06-13 |
| 3460 | My First Bug Bounty — 2 Factor Authentication Bypass |
OTP bypass |
NA |
Talatmehmood |
Bug Bounty | 2020-05-22 | 2023-06-13 |
| 3459 | How Source code reading helped me find an IDOR |
IDOR
Information disclosure |
NA |
Sanjay Verdu (@codersanjay) |
Bug Bounty | 2020-05-22 | 2023-06-13 |
| 3458 | Story About OTP Bypass To Stored XSS |
OTP bypass
Stored XSS |
NA |
PJ Borah (@PJBorah1) |
Bug Bounty | 2020-05-23 | 2023-06-13 |
| 3456 | Chaining an IDOR with a business-logic error to achieve critical impact |
IDOR
Logic flaw |
NA |
Julien Cretel (@jub0bs) |
Bug Bounty | 2020-05-26 | 2023-06-13 |
| 3451 | iOS Outlook Stored XSS Write-Up($3000) |
XSS |
Microsoft |
kminthein / weev3 (@kyawminthein99) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3450 | Clickjacking to Account Takeover |
Clickjacking |
NA |
Abhishek Yadav (@abhishake100) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3449 | A Long Overdue Write-up: How I got into the Oppo Hall of Fame |
Login screen bypass
Authentication bypass |
oppo |
Shibin B. Shaji (@shibinbshaji06) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3447 | Bypassing WAF to perform XSS |
XSS |
NA |
Kleiton Kurti (@kleiton0x7e) |
Bug Bounty | 2020-05-28 | 2023-06-13 |
| 3444 | IDOR in session cookie leading to Mass Account Takeover |
IDOR
Account takeover |
NA |
Zonduhackerone (@zonduu1) |
Bug Bounty | 2020-05-29 | 2023-06-13 |
| 3443 | My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft |
SSRF |
Lyft |
Ben Sadeghipour (@nahamsec) |
Bug Bounty | 2020-05-29 | 2023-06-13 |
| 3442 | Analysis and Discovery of CVE-2020-13693 |
Privilege escalation
Security code review |
BBPress |
Raphael Karger (@pwnszn) |
Bug Bounty | 2020-05-29 | 2023-06-13 |
| 3441 | Weak Cryptography Leads To Open Redirect |
Open redirect |
NA |
DarkLotus (@darklotuskdb) |
Bug Bounty | 2020-05-30 | 2023-06-13 |
| 3439 | Zero-day in Sign in with Apple |
Account takeover |
Apple |
Bhavuk Jain (@bhavukjain1) |
Bug Bounty | 2020-05-30 | 2023-06-13 |
| 3438 | Cross-site scripting: The power of the hidden parameters. |
Reflected XSS |
Sony |
Kassih Mouhssine (@KassihMouhssine) |
Bug Bounty | 2020-05-30 | 2023-06-13 |
| 3436 | Weird “Subdomain Take Over” pattern of Amazon S3 |
Subdomain takeover |
NA |
Simgamsetti Manikanta (@zaheckmania) |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3435 | Hunting on ASPX Application For P1%27s [Unauthenticated SOAP,RCE, Info Disclosure] |
RCE
Information disclosure
IDOR |
NA |
ElMahdi Mrhassel (@ElMrhassel) |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3434 | h1{Error based XXE - bug bounty writeup} |
XXE |
NA |
f4d3 (@f4d3_cl) |
Bug Bounty | 2020-05-31 | 2023-06-13 |
| 3432 | How I leveraged an interesting CSRF vulnerability to turn self XSS into a persistent attack? |
Self-XSS
CSRF |
NA |
Akash Methani (@0xAkash) |
Bug Bounty | 2020-06-01 | 2023-06-13 |
| 3429 | Double URL-encoded XSS |
Reflected XSS |
NA |
vict0ni (@vict0ni) |
Bug Bounty | 2020-06-02 | 2023-06-13 |
| 3427 | IP-in-IP protocol routes arbitrary traffic by default |
DoS
Spoofing |
Internet Bug Bounty |
yannayl (@Yannayli) |
Bug Bounty | 2020-06-02 | 2023-06-13 |
| 3426 | From CRLF to Account Takeover |
CRLF injection
HTTP response splitting
Reflected XSS
Account takeover |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2020-06-03 | 2023-06-13 |
