| 3270 | FFUF and my first bounty |
Information disclosure |
NA |
Suryansh Mansharamani |
Bug Bounty | 2020-07-29 | 2023-06-13 |
| 3269 | XSS, RCE & HTML File Upload in same endpoint |
XSS
RCE
Unrestricted file upload |
NA |
Tarikul Islam (@sa1tama0) |
Bug Bounty | 2020-07-29 | 2023-06-13 |
| 3268 | The Noob Way Of Taking Over Accounts |
Authorization flaw
Account takeover
Homograph attack |
NA |
Mudassir Sharief |
Bug Bounty | 2020-07-29 | 2023-06-13 |
| 3266 | One Click to Compromise -- Fun With ClickOnce Deployment Manifests |
NTLMv2 hash disclosure
One-click execution of arbitrary .Net assemblies
Windows |
Microsoft |
Dave Cossa (@G0ldenGunSec) |
Bug Bounty | 2020-07-30 | 2023-06-13 |
| 3265 | Exploiting Business Logic — Wallet Money |
Payment tampering
Logic flaw |
NA |
Keshav Malik (@g0t_rOoT_) |
Bug Bounty | 2020-07-30 | 2023-06-13 |
| 3263 | New features means new bugs |
Logic flaw
Authorization flaw
Payment bypass |
NA |
Zseano (@zseano) |
Bug Bounty | 2020-07-30 | 2023-06-13 |
| 3262 | Using XAMPP and Burp Intruder when scanning for subdomains to look for interesting behaviour & code |
Information disclosure |
NA |
Zseano (@zseano) |
Bug Bounty | 2020-07-30 | 2023-06-13 |
| 3261 | Bypassing OTP via reset password |
OTP bypass |
NA |
Ahmed Cj (@0x0Cj) |
Bug Bounty | 2020-07-30 | 2023-06-13 |
| 3260 | Unauthd - Logic bugs FTW |
Logic flaw |
Apple |
Ilias Morad (@A2nkF_) |
Bug Bounty | 2020-07-31 | 2023-06-13 |
| 3259 | CVE-2020–9854: "Unauthd" - (three) logic bugs ftw! |
Local Privilege Escalation
Logic flaw |
Apple |
Ilias Morad (@A2nkF_) |
Bug Bounty | 2020-08-01 | 2023-06-13 |
| 3258 | CVE-2020-13379 Unauthenticated Full-Read SSRF in Grafana |
SSRF
Open redirect |
NA |
Justin Gardner (@Rhynorater) |
Bug Bounty | 2020-08-01 | 2023-06-13 |
| 3257 | Refocusing in bug hunting, Bonus: An interestingly simple to test CSRF bypass |
CSRF |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-01 | 2023-06-13 |
| 3256 | CVE-2020–9854: "Unauthd" |
MacOS
Local Privilege Escalation
SIP bypass |
Apple (macOS) |
Ilias Morad (@A2nkF_) |
Bug Bounty | 2020-08-01 | 2023-06-13 |
| 3255 | Multi-factor Auth Bypass with Password Reset Function |
MFA bypass
Password reset
Account takeover |
NA |
Vaibhav Joshi (@vj0shii) |
Bug Bounty | 2020-08-02 | 2023-06-13 |
| 3254 | Banning users Race condition |
Race condition |
NA |
Saddam Hussain (@wisdomfreak1) |
Bug Bounty | 2020-08-02 | 2023-06-13 |
| 3250 | Amazon AWS Bastion - Logger Bypass |
Logging bypass
Local Privilege Escalation |
AWS |
Denis Andzakovic |
Bug Bounty | 2020-08-03 | 2023-06-13 |
| 3249 | How I was able to do Mass Account Takeover[Bug Bounty] |
Account takeover
Password reset |
NA |
Not Rickyy (@RickyyNot) |
Bug Bounty | 2020-08-05 | 2023-06-13 |
| 3248 | I want all these features |
Logic flaw
Payment tampering |
NA |
Mohamed Ayad |
Bug Bounty | 2020-08-05 | 2023-06-13 |
| 3247 | CSRF PoC mistake that broke crucial functions for the end user/victim |
Logic flaw |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-05 | 2023-06-13 |
| 3246 | The Case of the Missing Cache Keys |
Web cache poisoning |
NA |
Aaron Costello (@ConspiracyProof) |
Bug Bounty | 2020-08-05 | 2023-06-13 |
| 3245 | Apache Example Servlet leads to $$$$ |
Clickjacking |
NA |
Debangshu Kundu (@debangshu_kundu) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3240 | Exploiting JWT - Lack of Signature Verification |
Account takeover |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2020-08-06 | 2023-06-13 |
| 3239 | The feature works as intended, but what’s in the source? |
Information disclosure |
NA |
Zseano (@zseano) |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3237 | Bug Hunting with Param Miner: Cache poisoning with XSS, a peculiar case |
XSS
Web cache poisoning |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3234 | Bypassing 403 |
Authentication bypass |
NA |
Michael Hyndman (@michaelhyndman) |
Bug Bounty | 2020-08-09 | 2023-06-13 |
