| 3187 | Accessing the website directly through its IP address, a case of a poorly hidden sql injection |
SQL injection |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-27 | 2023-06-13 |
| 3184 | The Importance of keeping up to date, or how I found an interesting bug thanks to a tweet |
Stored XSS |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-29 | 2023-06-13 |
| 3183 | Unhiding the hidden |
Client-side enforcement of server-side security
Authorization flaw
CSRF |
NA |
I am Broot |
Bug Bounty | 2020-08-31 | 2023-06-13 |
| 3181 | Stop scratching the surface, and hack the dependencies |
Stored XSS |
NA |
Rotem Reiss (@rotem_reiss) |
Bug Bounty | 2020-08-31 | 2023-06-13 |
| 3178 | CVE-2020-6519 - Chromium 83 Zero Day Full CSP Bypass Cross Platforms |
CSP bypass |
Google (Chrome & Chromium) |
Gal Weizman (@WeizmanGal) |
Bug Bounty | 2022-09-02 | 2023-06-13 |
| 3177 | My Story With XSS |
XSS |
NA |
Soufiane Habti (@wld_basha) |
Bug Bounty | 2020-09-03 | 2023-06-13 |
| 3176 | Account Takeover via IDOR |
IDOR
Account takeover |
NA |
Roma Ramazanoff (@r0hack) |
Bug Bounty | 2020-09-04 | 2023-06-13 |
| 3175 | How_i_was_able_to_pawned_website_via_escilating_webcache deception to rce |
Web cache deception
SSRF
RCE |
NA |
mohit (@mohit29295572) |
Bug Bounty | 2020-09-05 | 2023-06-13 |
| 3174 | XSS that can pay your Bills :) |
Reflected XSS |
NA |
Smile Hacker (@_smile_hacker_) |
Bug Bounty | 2020-09-05 | 2023-06-13 |
| 3173 | Never Give Up, The Story Behind a Dupe-To-Triaged |
XSS
OAuth
Account takeover |
NA |
Alan Brian (@soyelmago) |
Bug Bounty | 2020-09-06 | 2023-06-13 |
| 3172 | How response Manipulation got me a little, but sweet Bounty |
MFA bypass |
NA |
Tommaso De Ponti (@heytdep) |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3170 | From Android Static Analysis to RCE on Prod |
RCE
Directory listing
Missing authentication |
NA |
Aditya Dixit (@zombie007o) |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3169 | XSS->Fix->Bypass: 10000$ bounty in Google Maps |
XSS |
Google |
Zohar Shachar |
Bug Bounty | 2020-09-07 | 2023-06-13 |
| 3168 | CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze |
RCE
Local Privilege Escalation |
Backblaze |
Jason Geffner (@JasonGeffner) |
Bug Bounty | 2020-09-09 | 2023-06-13 |
| 3166 | Unintended Behaviour of domain got me P4 |
Logic flaw |
NA |
Takester (@dhiraj_ramteke) |
Bug Bounty | 2020-09-10 | 2023-06-13 |
| 3165 | Universal XSS in Android WebView (CVE-2020-6506) |
Universal XSS |
Google
Microsoft
Twitter |
Alesandro Ortiz (@AlesandroOrtizR) |
Bug Bounty | 2020-09-10 | 2023-06-13 |
| 3163 | How I hacked redbus [An online bus-ticketing application] |
LFI
SSRF |
redBus |
Sangeetha Rajesh S (@rajesh_sangi12) |
Bug Bounty | 2020-09-12 | 2023-06-13 |
| 3162 | SQL Injection & Remote Code Execution - Double P1 |
SQL injection
RCE |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-09-13 | 2023-06-13 |
| 3161 | Business logic vulnerabilities — Low-level logic flaw |
Logic flaw |
NA |
Harry D |
Bug Bounty | 2020-09-13 | 2023-06-13 |
| 3160 | Account takeover by OTP bypass |
OTP bypass |
NA |
Bhavarth Kandoria |
Bug Bounty | 2020-09-13 | 2023-06-13 |
| 3157 | Exploiting a "Useless" Cookie-Based XSS and Making it Useful |
XSS |
NA |
Daniel Thatcher (@_danielthatcher) |
Bug Bounty | 2020-09-16 | 2023-06-13 |
| 3156 | Res-block: Extension Resources Block Attack on Chrome’s Incognito Mode |
Browser hacking |
Google |
Piyush Raj (@0x48piraj) |
Bug Bounty | 2020-09-16 | 2023-06-13 |
| 3152 | Privilege Escalation via Account Takeover on NodeBB Forum Software — Bug Bounty (512$) — CVE-2020–15149 |
IDOR
Account takeover |
NodeBB |
Muhammed Eren Uygun (@erenuyguun) |
Bug Bounty | 2020-09-19 | 2023-06-13 |
| 3151 | CVE-2020-9964 - An iOS infoleak |
iOS
Memory initialisation issue |
Apple |
Muirey03 (@Muirey03) |
Bug Bounty | 2020-09-19 | 2023-06-13 |
| 3150 | Emoji error handling |
SQL injection |
NA |
shesha sai_c (@Cyb3r_4ss4s1n) |
Bug Bounty | 2020-09-19 | 2023-06-13 |
