| 3338 | EN | Account Takeover and Sensitive Data Leakage via CORS Misconfiguration |
CORS misconfiguration
CSRF
Account takeover |
NA |
Lütfü Mert Ceylan (@lutfumertceylan) |
Bug Bounty | 2020-07-04 | 2023-06-13 |
| 3336 | BBC Bug Bounty Write-up | XSS Vulnerability |
Reflected XSS |
BBC |
Pethuraj (@Pethuraj) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3335 | Why I paid 3.5K to become a TLD registrar reseller when doing bug bounty |
XXE |
NA |
hg_real (@hgreal1) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3334 | From Host Header injection to SQL injection |
Host header injection
SQL injection |
NA |
Daoud Youssef / smacker dodi (@daoud_youssef) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3332 | Case Study I - Browser Anomaly with Facebook Apps -1500$ |
Authorization flaw |
Meta / Facebook |
easySIEM (@easySIEM) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3331 | RCE via image upload functionality |
Unrestricted file upload
RCE |
NA |
Adwaith KS |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3330 | My First Bug: Blind SSRF Through Profile Picture Upload |
SSRF |
NA |
swaysthinking (@swaysThinking) |
Bug Bounty | 2020-07-05 | 2023-06-13 |
| 3327 | How i was able to bypass Email Confirm — P4 |
Information disclosure |
NA |
Mohammed Ehssan (@alone_Wwolf) |
Bug Bounty | 2020-07-06 | 2023-06-13 |
| 3326 | From . in regex to SSRF — part 3 |
SSRF
CRLF injection |
NA |
Niemiec Marcin (@xvnpw) |
Bug Bounty | 2020-07-07 | 2023-06-13 |
| 3323 | How I found 10 Remote Code Execution in 10 minutes CVE-2020–5902 |
RCE |
NA |
Saransh Srivastav (@malfuncti0n_) |
Bug Bounty | 2020-07-07 | 2023-06-13 |
| 3322 | Journey from low to critical bug $$$ |
IDOR |
NA |
Dheeraj Madhukar (@Dheerajmadhukar) |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3320 | Global grant uri in Android 8.0-9.0 (2018 year) |
Authorization flaw |
Google |
Dzmitry Lukyanenka (@vulnano) |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3319 | Exploiting Application Logic to Referral Code Disclosure |
Logic flaw
Information disclosure |
NA |
Vaibhav Joshi (@vj0shii) |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3318 | Remote Denial-of-Service with Chrome |
DoS |
Google |
Dan Lyton |
Bug Bounty | 2020-07-09 | 2023-06-13 |
| 3315 | Don’t stop at one bug $$$$ |
Open redirect
XSS
LFI |
NA |
Dheeraj Madhukar (@Dheerajmadhukar) |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3314 | Phone number validation bypass through url path manipulation . |
OTP bypass |
NA |
ben aymen (@ben_aymen_182) |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3313 | A tale of critical account take over |
Account takeover
Exposed JWT generation endpoint
JWT |
NA |
Shivam Pandey (@shivam31200) |
Bug Bounty | 2020-07-10 | 2023-06-13 |
| 3312 | How I hacked into a Telecom Network |
RCE
Security misconfiguration
JBoss |
NA |
Harpreet Singh |
Bug Bounty | 2020-07-11 | 2023-06-13 |
| 3311 | How I was able to change victim’s password using IDN Homograph Attack |
IDN homograph attack |
NA |
Abhishek Karle (@AbhishekKarle3) |
Bug Bounty | 2020-07-11 | 2023-06-13 |
| 3310 | Bug Bounty Experience: Unvalidated Redirection Vulnerability |
Open redirect |
NA |
Simply Secure |
Bug Bounty | 2020-07-12 | 2023-06-13 |
| 3309 | Self stored xss to full account takeover |
XSS
Account takeover |
NA |
Jatin Aesthetic (@techyfreakk) |
Bug Bounty | 2020-07-12 | 2023-06-13 |
| 3308 | How An API Misconfiguration Can Lead To Your Internal Company Data |
Information disclosure |
NA |
Me9187 (@Me9187) |
Bug Bounty | 2020-07-12 | 2023-06-13 |
| 3307 | SSRF in import file function |
SSRF |
NA |
Rafael Silva |
Bug Bounty | 2020-07-14 | 2023-06-13 |
| 3306 | Exploiting Imported Libraries to Bypass WAF |
Reflected XSS |
NA |
Greg Gibson |
Bug Bounty | 2020-07-14 | 2023-06-13 |
| 3305 | Hunting postMessage Vulnerabilities |
postMessage
DOM XSS |
Apple
Google (Youtube)
Adobe |
Gary O%27Leary-Steele (@garyoleary) |
Bug Bounty | 2020-07-14 | 2023-06-13 |
