| 3420 | Story of Blind SQL with a typo error. |
SQL injection |
NA |
Amyrahm (@Amyrahm11) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3419 | Local file read via XSS using PDF generate functionality |
XSS
LFI |
NA |
Sanjay Singh Jhala (@lordjerry0x01) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3418 | Account takeover via postMessage |
Account takeover
postMessage |
NA |
socket (@yxw21) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3417 | Multiple Information exposed due to misconfigured Service-now ITSM instances |
Missing authentication
Information disclosure |
NA |
Th3G3nt3lman (@Th3G3nt3lman) |
Bug Bounty | 2020-06-05 | 2023-06-13 |
| 3416 | From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response |
Privilege escalation |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-06-06 | 2023-06-13 |
| 3415 | XSS to Database Credential Leakage & Database Access — Story of total luck! |
Reflected XSS
Information disclosure |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-06-06 | 2023-06-13 |
| 3413 | Different host header injection worth 2k |
Host header injection |
NA |
Imran Nissar (@Imrannissar3) |
Bug Bounty | 2020-06-07 | 2023-06-13 |
| 3412 | This is fine 🐶 |
Information disclosure |
NA |
Ricardo Iramar dos Santos (@ricardo_iramar) |
Bug Bounty | 2020-06-08 | 2023-06-13 |
| 3410 | The Accidental RCE |
Unrestricted file upload |
NA |
Mr. Beast (@__mr_beast__) |
Bug Bounty | 2020-06-09 | 2023-06-13 |
| 3409 | Cmd Hijack - a command/argument confusion with path traversal in cmd.exe |
OS command injection
Path traversal |
Microsoft |
Julian Horoszkiewicz |
Bug Bounty | 2020-06-10 | 2023-06-13 |
| 3407 | The “P5” Link Injection Story |
Hyperlink injection |
NA |
Silent Bronco (@silentbronco) |
Bug Bounty | 2020-06-10 | 2023-06-13 |
| 3406 | Utilizing Lockdown: Blind Sqli leads to Account Takeover & Data Extraction |
Blind SQL injection
Account takeover |
NA |
Shakti Mohanty (@3ncryptSaan) |
Bug Bounty | 2020-06-10 | 2023-06-13 |
| 3405 | Privilege Escalation by Changing HTTP Response (Admin Access) |
Privilege escalation |
NA |
Bachrudin Ashari Pujakusuma (@Bachrudinashari) |
Bug Bounty | 2020-06-10 | 2023-06-13 |
| 3404 | Guest Blog: From File Upload to RCE |
Unrestricted file upload
RCE |
NA |
Lukasz Wierzbicki (@v13rs8a) |
Bug Bounty | 2020-06-10 | 2023-06-13 |
| 3403 | The Frustrating XSS |
XSS |
NA |
Mr. Beast (@__mr_beast__) |
Bug Bounty | 2020-06-11 | 2023-06-13 |
| 3402 | HUNT for SQL Injection- The Smart Way! |
SQL injection |
NA |
Mudassir Sharief |
Bug Bounty | 2020-06-11 | 2023-06-13 |
| 3401 | Race Conditions - Exploring the Possibilities |
Race condition |
Reddit |
Milind Purswani (@MilindPurswani) |
Bug Bounty | 2020-06-11 | 2023-06-13 |
| 3400 | Let’s Bypass CSRF Protection & Password Confirmation to Takeover Victim Accounts :D |
CSRF |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-06-12 | 2023-06-13 |
| 3399 | DoS and BugBounties :A series of DoS attacks on HackerOne |
DoS |
NA |
Ninad Mishra (@iamr000t) |
Bug Bounty | 2020-06-12 | 2023-06-13 |
| 3398 | Account Takeover via OTP Bruteforce (Apigee API) |
OTP bypass
Bruteforce
Lack of rate limiting |
NA |
Vishnuraj |
Bug Bounty | 2020-06-13 | 2023-06-13 |
| 3397 | RACE Condition vulnerability found in bug-bounty program |
Race condition |
NA |
Pravinrp |
Bug Bounty | 2020-06-13 | 2023-06-13 |
| 3392 | How to Secure AWS ServerLess Lambda from ReDoS(Regular Expression Denial-of-Service) & Resultant Financial Impact |
ReDoS |
NA |
Ddigvijay (@itsdig) |
Bug Bounty | 2020-06-14 | 2023-06-13 |
| 3390 | Business logic flaw in the invitation system allows to Takeover any account at a private company |
Account takeover
IDOR |
NA |
Daniel V. (@d4niel_v) |
Bug Bounty | 2020-06-15 | 2023-06-13 |
| 3389 | Reflected User Input == XSS! |
Reflected XSS |
NA |
Silent Bronco (@silentbronco) |
Bug Bounty | 2020-06-15 | 2023-06-13 |
| 3386 | How I was able to buy t-shirt for €1 — Payment Price Manipulation |
Payment tampering |
NA |
Muztahidul Tanim (@TheMuztahidul) |
Bug Bounty | 2020-06-16 | 2023-06-13 |
