List of bug bounty writeups

Table of contents

Bug bounty writeups published in 2022

Title & URL Author Bug bounty program Vulnerability Reward $$$ Publication date Alternative link
How I found an IDOR Worth $1500 Adil Nadeem Babras - IDOR $1,500 10/02/2022
Tale of Easy P1 Bugs in Wild Harsh Tandel - Forced browsing, 403 bypass, Information disclosure - 10/01/2022
Security vs Compliance-Cloudflare Password Policy Restriction Bypass Lohith Gowda M (@lohigowda_in) Cloudflare Client-side enforcement of server-side security $300 09/29/2022
Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned) Francesco Mariani (@medusa_1) & Jacopo Tediosi (@jacopotediosi) Akamai, Paypal, Airbnb, Tesla, Valve, Zomato, Whitejar, Starbucks, PlayStation, Marriott, Hyatt Hotels, Goldman Sachs, Microsoft, Apple, LastPass, Brussels Airlines, Mastercard, eToro BBP, BMW Group, Rockstar Games Web cache poisoning $50,000+ 09/29/2022
Orange Arbitrary Command Execution Omar Hashem (@OmarHashem666) Orange RCE, Docker daemon misconfiguration, Lack of authentication - 09/29/2022
ECDSA Nonce Reuse Ingredous Labs - Crypto bug - 09/29/2022
XSS through DHCP: How Attackers Use Standards Dylan Ross - XSS N/A (Pentest) 09/29/2022
A vulnerability on Patreon, and their elusive bounty program. Datura Mater (@DaturaMater) Patreon Payment bypass, Weak crypto $0 (No response) 09/29/2022
CVE-2022-37461: Two Reflected XSS Vulnerabilities in Canon Medical’s Vitrea View Jordan Hedges & Avery Warddhana Canon Reflected XSS N/A (VDP) 09/29/2022
Apple CoreText - An Unexpected Journey to Learn about Failure Daniel Lim Wee Soong (@daniellimws) Apple Memory corruption bug - 09/29/2022
Exploits Explained: 5 Unusual Authentication Bypass Techniques Ozgur Alp (@ozgur_bbh) - Authentication bypass - 09/28/2022
Two RCEs are better than one: write-up of an interesting lateral movement Riccardo Malatesta (@seeu_inspace) - Local Privilege Escalation, RCE N/A (Pentest) 09/28/2022
Another Tale Of IBM I (AS/400) Hacking pz - Local Privilege Escalation, Midrange system, Menu security N/A (Pentest) 09/28/2022
Layer 2 network security bypass using VLAN 0, LLC/SNAP headers and invalid length <td markdown="span">Etienne Champetier / champtar Microsoft, Cisco Layer 2 networking vulnerability, MiTM, DoS - 09/27/2022
“Hey Siri, follow that car!” - How traffic cameras expose your location through parking apps. Inti De Ceukelaire (@securinti) - Information disclosure, Session hijacking N/A (Responsible disclosure) 09/26/2022
Skype for Business Audit Part 2 - SKYPErimeterleak frycos (@frycos) Microsoft SSRF $0 (“Not meeting the bar”) 09/26/2022
New Attack Paths? AS Requested Service Tickets Charlie Clark (@exploitph) Microsoft Local Privilege Escalation $0 (“By design”) 09/25/2022
Blind account takeover Bartłomiej Bergier (@bergee) - Account takeover $250 09/25/2022
Tesla paid me $10,000 because of Directory Indexing redteamer Tesla Directory listing $10,000 09/25/2022
Shopping App Deeplink Arbitrary URLs Neil Mark Ochea (@nmochea) - Android bug, Insecure deeplink - 09/25/2022
Stored XSS in Nvidia via Angular JS template injection Mohamed Abdelhady Nvidia CSTI, Stored XSS N/A (VDP) 09/25/2022
Escalating SSTI to Reflected XSS using curly braces {} Sagar Sajeev (@Sagar__Sajeev) - SSTI, XSS - 09/24/2022
Blind XSS on Admin Portal Leads to Information Disclosure Rohit Kumar (@Rohit_443) - Blind XSS - 09/24/2022
Microsoft Windows Shift F10 Bypass and Autopilot privilge escalation Matek Kamilló (@k4m1ll0) Microsoft Local Privilege Escalation $0 09/24/2022
Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations hackthebox - Security misconfiguration N/A (Pentest) 09/24/2022
CVE-2022-35256 - HTTP Request Smuggling in NodeJS VVX7 (@VV_X_7) Node.js HTTP request smuggling - 09/23/2022
Pre-Auth Remote Code Execution - Web Page Test Laluka (@TheLaluka) CatchPoint RCE, SSRF $300 09/23/2022
WAF bypasses via 0days terjanq (@terjanq) ModSecurity WAF bypass, Content-type confusion, Charset confusion - 09/23/2022
Arbitrary File Corruption: End - to - End Encrypted Messaging Application Neil Mark Ochea (@nmochea) - Android bug, Insecure intents - 09/23/2022
My First Valid Bug “Bypass the Admin Panel” Digant Prajapati - Authentication bypass $50 09/23/2022
My First XSS Avyukt Syrine (@AvyuktSyrine) - Open redirect, XSS - 09/23/2022
Skype for Business Audit Part 1 - SKYPErsistence frycos (@frycos) Microsoft Local Privilege Escalation - 09/22/2022
Making HTTP header injection critical via response queue poisoning James Kettle (@albinowax) - HTTP header injection, HTTP request smuggling $12,500 09/22/2022
How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty Omar Hashem (@OmarHashem666) - SQL injection - 09/22/2022
One takeover to rule them all Gwendal Le Coguic (@gwendallecoguic) EDF Subdomain takeover N/A (VDP) 09/21/2022
Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library Sam Curry (@samwcyo) Netlify, Gemini, PancakeSwap, Docusign, Moonpay & Celo Universal XSS, SSRF, Open redirect, Web cache poisoning - 09/21/2022
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability Kasimir Schulz (@Abraxus7331) Python Path traversal - 09/21/2022
TypeORM Prototype Pollution Leading To SQL Injection (CVE-2022-36531) Norbert Szetei (@73696e65) & Viktor Chuchurski (@viktorot) TypeORM DoS, SQL injection N/A (Responsible disclosure) 09/21/2022
Mass Assignment Leading to Pre Account Takeover Cyberali - Mass assignment $1,300 09/21/2022
Parameters in Lambda Functions that lead to XSS and Injection Teri Radichel (@TeriRadichel) AWS XSS, Serverless N/A (Responsible disclosure) 09/20/2022
How we Abused Repository Webhooks to Access Internal CI Systems at Scale Omer Gil (@omer_gil) & Asi Greenholts (@TupleType) - CI/CD - 09/20/2022
Securing Developer Tools: OneDev Remote Code Execution Paul Gerste OneDev RCE, SSRF, Broken Access Control, Container escape N/A (Responsible disclosure) 09/20/2022
Apollo Router Security Audit Report (Q2 2022) Norbert Szetei (@73696e65) & Mykhailo Baraniak Apollo GraphQL DoS, CSRF N/A (Pentest) 09/20/2022
AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes Elad Gabay (@eladgabay_) Oracle Cross-tenant vulnerability, Authorization flaw - 09/20/2022
7,500$ – IDOR on Apple [] apapedulimu / Nosa Shandy (@LocalHost31337) Apple IDOR $3,000 09/20/2022
Tag Myself in Your Favorite TikTok Artist Video [IDOR] apapedulimu / Nosa Shandy (@LocalHost31337) TikTok IDOR $7,500 09/20/2022
Privilege Escalation Leads to making authenticated actions (payment processing, creating invoices.. etc) X-Vector (@XVector11) - Privilege escalation, Authorization flaw - 09/20/2022
Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286) x86matthew (@x86matthew) Seagate Local Privilege Escalation, Windows, Driver hacking N/A (VDP) 09/20/2022
SSD Advisory – Linux CLOCK_THREAD_CPUTIME_ID LPE - Linux Kernel Organization Memory corruption bug, Race condition - 09/20/2022
How to hack Github Actions StackOverflowExcept1on GitHub CI/CD $500 09/19/2022
Android Application Forgot Password Token Leakage Leading to Account Takeover Cyberali - Information disclosure, Password reset flaw, Account takeover, Android - 09/19/2022
Turning Your Computer Into a GPS Tracker With Apple Maps Ron Masas (@RonMasas) Apple Privacy issue, Information disclosure - 09/18/2022
Bug Bounty { How I found an Sensitive Information Disclosure( Reconnaissance ) } S Rahul (@7srambo) - Information disclosure - 09/18/2022
SSRF Attack Leading To AWS Metadata ParagBagul CERT-EU SSRF N/A (VDP) 09/18/2022
How i Found Unauthorized Bypass RCE Yashshirke - RCE, Old components with known vulnerabilities - 09/18/2022
How an Akamai misconfiguration earned us USD 46.000 Francesco Mariani (@medusa_1) & Jacopo Tediosi (@jacopotediosi) Akamai, Microsoft, Apple HTTP request smuggling $46,000 09/17/2022
How i made the multiple hall of fame in Nokia within 2 minutes Vedavyasan Nokia Clickjacking N/A (VDP) 09/17/2022
Cloning internal Google repos for fun and… info? Luke Berner Google Authorization flaw - 09/16/2022
Getting Paid With Just Picking Color — Bug Bounty Redza - CSS injection - 09/16/2022
Abusing Broken Link In Fitbit (Google Acquisition)To Collect BugBounty Reports On Behalf Of Google ! Jayateertha Guruprasad (@JayateerthaG) Google Broken Link Hijacking $0 09/16/2022
The Tale Of SSRF To RCE on .GOV Domain Tobydavenn - SSRF, RCE - 09/16/2022
Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804) Maxwell Garrett (@TheGrandPew) Atlassian RCE, OS command injection - 09/14/2022
Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities Quentin Kaiser (@QKaiser) & Mücahid Kır (@muc0ze) Netgear OS command injection, RCE, MiTM - 09/14/2022
How I abused the file upload function to get a high severity vulnerability in Bug Bounty Omar Hashem (@OmarHashem666) - Unrestricted file upload, Information disclosure - 09/14/2022
Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS Sector 7 (@sector7_nl) Unified Automation DoS $5,000 09/14/2022
Attacking the Android kernel using the Qualcomm TrustZone Tamir Zahavi-Brunner (@tamir_zb) Qalcomm, Google Memory corruption bug - 09/14/2022
mast1c0re: Hacking the PS4 / PS5 through the PS2 Emulator - Part 1 - Escape CTurt (@CTurtE) PlayStation Memory corruption bug - 09/14/2022
Colorful Vulnerabilities Tal Lossos (@TalLossos) OpenRazer Memory corruption bug, Buffer Overflow N/A (Responsible disclosure) 09/14/2022
Data Exfiltration through Blind XXE on PDF Generator arbenn (@arbennsh) - Blind XXE, WAF bypass - 09/13/2022
Blind XSS and Time-Based SQL Injection to Admin Panel Control and Database Takeover Cyberali - Blind XSS, SQL injection - 09/13/2022
Hacking Unity Games with Malicious GameObjects & Hacking Unity Games with Malicious GameObjects, Part 2 Jason Kielpinski (@f2jason) Unity Arbitrary code execution, RCE - 09/13/2022
Undermining Microsoft Teams Security by Mining Tokens Vectra Protect team (@Vectra_AI) Microsoft Cleartext Storage of Sensitive Information $0 09/13/2022
LiveHelperChat - Remote Code Execution via Vulnerable Theme Upload Function arbenn (@arbennsh) Live Helper Chat RCE N/A (VDP) 09/13/2022
Contentful Access Token Disclosure in Android APK Cyberali - Information disclosure, Android - 09/12/2022
SSRF(g/vrp) for 5000$ lalka (@0x01alka) - SSRF $5,000 09/12/2022
Privacy Violation In Chat System | Writeup Inderjeet Singh - rashahacks - Privacy issue - 09/12/2022
How I found 3 rare security bug in a day zer0d - Session expiration flaw, Payment bypass, Lack of rate limiting - 09/10/2022
How I was able to Bypass Philips Authentication ParagBagul Philips Outdated component with a known vulnerability, Authentication bypass N/A 09/10/2022
Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code Noam Dotan GitHub Authorization flaw, Logic flaw $0 (Working as intended) 09/08/2022
Attacking Firecracker: AWS’ microVM Monitor Written in Rust Valentina Palmiotti (@chompie1337) Firecracker Memory corruption bug N/A (VDP) 09/08/2022
Riding The Inforail To Exploit Ivanti Avalanche – Part 2 Piotr Bazydło (@chudyPB) Ivanti RCE, Insecure deserialization, Path traversal, Authentication bypass, Unrestricted file upload, Arbitrary file write, Arbitrary file read - 09/08/2022
Avalanche remote network crash Péter Szilágyi (@peter_szilagyi) Ava Labs DoS N/A (Responsible disclosure) 09/08/2022
403 bypass Abbas Heybati (@abbas_heybati) Microsoft 403 bypass - 09/08/2022
How I was able to see likes count even though is hidden by victim | YouTube R ando (@Rando02355205) Google Information disclosure, Logic flaw - 09/08/2022
Fun With CORS Talis Ozols - CORS misconfiguration, Token theft N/A (Pentest) 09/08/2022
QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031) Tom Ellson (@tde_sec) Quest RCE, Path traversal N/A (VDP) 09/08/2022
Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution Daan Keuper (@daankeuper) & Thijs Alkemade (@xnyhps) AVEVA Arbitrary Code Execution, Local Privilege Escalation $20,000 09/08/2022
Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED) Deral Heiland (@Percent_X) Baxter Healthcare Hardcoded credentials, Memory corruption bug, MiTM, Information disclosure N/A (VDP) 09/08/2022
Binarly Finds Six High Severity Firmware Vulnerabilities In HP Enterprise Devices Binarly efiXplorer Team HP Memory corruption bug - 09/08/2022
Step-by-Step Walkthrough of CVE-2022-32792 - WebKit B3ReduceStrength Out-of-Bounds Write Daniel Lim (@daniellimws) & Đỗ Minh Tuấn (@tuanit96) Apple Memory corruption bug N/A (n-day vulnerability) 09/08/2022
Groovy Template Engine Exploitation – Notes from a real case scenario Gianluca Baldi - RCE, Code injection N/A (Pentest) 09/07/2022
$900 Blind XSS ѕнín (@shinchina_) - Blind XSS $900 09/07/2022
Exploiting Laravel based applications with leaked APP_KEYs and Queues Timo Müller (@mtimo44) - RCE N/A (Pentest) 09/07/2022
How I found 3 RXSS on the Lululemon bug bounty program Omar Hashem (@OmarHashem666) lululemon XSS - 09/07/2022
Groovy Template Engine Exploitation – Notes from a real case scenario Gianluca Baldi - RCE N/A (Pentest) 09/07/2022
How I found Moodle Cross site scripting ParagBagul Moodle XSS - 09/07/2022
Zuckerpunch - Abusing Self Hosted Github Runners at Facebook Marcus Young Facebook CI/CD bug $10,000 09/06/2022
IDOR leads to removing members from any Google Chat Space. DF Google IDOR $3133.70 09/06/2022
Group expert’s pending expertise request leaking on Facebook DF Facebook IDOR - 09/06/2022
Details about future collaboration profiles and pages have been revealed DF Facebook IDOR - 09/06/2022
Quasar: Compromising Electron Apps Taggart (@mttaggart) Microsoft Local Privilege Escalation $0 (Working as intended) 09/06/2022
How to turn security research into profit: a CL.0 case study James Kettle (@albinowax) - HTTP request smuggling, Desync attack - 09/06/2022
Exploiting Out-of-Band XXE in the Wild Mahmoud Youssef (@0xmahmoudjo0) - XXE, SSRF - 09/06/2022
WordPress Core - Unauthenticated Blind SSRF Simon Scannell (@scannell_simon) & Thomas Chauchefoin WordPress SSRF - 09/06/2022
Turning cookie based XSS into account takeover Bartłomiej Bergier (@bergee) Terrahost XSS, Account takeover $500 09/06/2022
CVE-2022-35405 Manage engines RCE (Password Manager Pro, PAM360 and Access Manager Plus) Vinicius Pereira (@big0x75) Zoho RCE - 09/06/2022
Bug Bounty { How I found an SSRF ( Reconnaissance ) } S Rahul (@7srambo) - SSRF - 09/06/2022
CVE-2022-34715: More Microsoft Windows NFS V4 Remote Code Execution Quintin Crist, Dusan Stevanovic & Arimura Microsoft RCE, Memory corruption bug - 09/06/2022
IDOR “Insecure direct object references”, my first P1 in Bugbounty jedus0r - IDOR - 09/05/2022
A Bug That Was 23 Years Old Or Not Axel Chong & Daniel Stenberg (@bagder) Internet Bug Bounty (curl) DoS - 09/05/2022
Hacking My Helium Crypto Miner Md. Asif Hossain (@0x0asif) Pycom Hardcoded credentials, Lack of authentication, RCE, Local Privilege Escalation N/A (Responsible disclosure) 09/05/2022
SSD Advisory – Linux CONFIG_WATCH_QUEUE LPE - Ubuntu, Linux kernel Organization Memory corruption bug, Race condition, Local Privilege Escalation - 09/05/2022
SIMPLE IBM I (AS/400) Hacking pz - Local Privilege Escalation, Midrange system, Menu security N/A (Pentest) 09/05/2022
How I found my first SSRF to RCE! Md. Asif Hossain (@0x0asif) - IDOR, SSRF, RCE $3,200 09/04/2022
Discovery of CVE-2022-35406 Mr. Vrushabh (@doshi_vrushabh) PortSwigger Web Security Logic flaw, HTTP Referrer header leakage $150 09/03/2022
Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique) Harel (@h4r3l) Glassdoor Web cache poisoning, XSS, DoS $1,700 09/02/2022
Viewing Instagram live streams anonymously without notifying the host David Schütz (@xdavidhu) Meta / Facebook IDOR, Logic flaw, Privacy issue $0 (Won’t fix) 09/02/2022
The Database Handover | A Dumb Mistake | Critical BUG Saransh Saraf - Information disclosure $1,000 09/02/2022
How can i get SQL Injection Mohamed Abdelhady - SQL injection - 09/02/2022
Google & Apache Found Vulnerable to GitHub Environment Injection Noam Dotan Google, Google & Apache Privilege escalation, CI/CD bug - 09/01/2022
AngularJS Client-Side Template Injection: The orderBy Filter. Jay - CSTI - 09/01/2022
Azure Synapse: Local Privilege Escalation Vulnerability in Spark Tzah Pahima (@TzahPahima) Microsoft Race condition, Local Privilege Escalation - 09/01/2022
Using Hackability to uncover a Chrome infoleak Gareth Heyes (@garethheyes) Google SOP bypass $2,000 09/01/2022
How did we Found Log4shell on Agorapulse Snap Sec (@snap_sec) Agorapulse Log4j, RCE - 09/01/2022
SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250) Cedric Halbronn (@saidelike), Alex Plaskett (@alexjplaskett) & fidgeting bits (@FidgetingBits) Ubuntu, Linux kernel Organization Memory corruption bug, Local Privilege Escalation - 09/01/2022
Abusing Microsoft Teams Direct Routing Moritz Abrell (@moritz_abrell) AudioCodes Ltd. Spoofing, Fraud attack N/A (Responsible disclosure) 09/01/2022
Vulnerability in TikTok Android app could lead to one-click account hijacking Microsoft 365 Defender Research Team TikTok Insecure deeplink, Android bug - 08/31/2022
Saving more than 100,000 website from a Watering Hole attack mohamad mahmoudi (@Lotus_619) HubSpot Web Cache Poisoning, Watering hole attack $5,000 08/31/2022
HTMLI/XSS - Crafting a better PoC RiotSecurityTeam (@RiotSecTeam) - XSS, HTML injection - 08/30/2022
CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM David Yesland (@daveysec) Fortinet Arbitrary file write, Local Privilege Escalation N/A (VDP) 08/30/2022
mfa bypass in private program, the abdulsec way abdulsec (@moodiAbdoul) - MFA bypass $600 08/30/2022
IDOR at Login function leads to leak user’s PII data Eslam Akl (@eslam3kll) - IDOR, Information disclosure - 08/30/2022
My findings on Hack U.S Program Charansai U.S. Dept Of Defense Lack of authentication, .git folder disclosure, Information disclosure, $500 08/30/2022
Found SQL Injection Vulnerability on Government Organization Website! mehedishakeel (@mehedishakeel) - SQL injection - 08/30/2022
CVE-2021-38297 – Analysis of a Go Web Assembly vulnerability Uriya Yavnieli (@uriya_yavniely) Go Memory corruption bug N/A (n-day vulnerability & VDP) 08/30/2022
Harvesting Active Directory Credentials Via HTTP Request Smuggling Tijme Gommers (@tijme) - HTTP Request Smuggling N/A (Red teaming) 08/29/2022
Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl Eugene Lim (@spaceraccoonsec) Amazon Authorization flaw, Signature validation bypass - 08/29/2022
Bypassing ModSecurity for RCEs Somdev Sangwan (s0md3v) ModSecurity WAF bypass, Code injection, RCE - 08/29/2022
Blind Exploits To Rule Watchguard Firewalls Charles Fol (@cfreal_) WatchGuard XPath injection, Memory corruption bug, Local Privilege Escalation, RCE N/A (VDP) 08/29/2022
Bypassing Amazon WAF to pop an alert() Manash (@manash036) - WAF bypass, XSS - 08/29/2022
How I bypassed Reflected XSS in well-known platform Iori Yagami - XSS - 08/29/2022
Out-Of-Bond Remote code Execution(RCE) on De Nederlandsche Bank N.V. with burp-suite collaborator Santosh Kumar Sha (@killmongar1996) De Nederlandsche Bank OS command injection, RCE - 08/28/2022
How I found reflected XSS on IDFC Bank with burp-suite Intruder Santosh Kumar Sha (@killmongar1996) IDFC Bank Reflected XSS - 08/28/2022
Unsubscribe any user’s e-mail notifications via IDOR Sagar Sajeev (@Sagar__Sajeev) - IDOR $200 08/28/2022
CSRF Vulnerability In The NodeJS Ecosystem Adrian Tiron (@adrian__t) Node.js third-party modules (csurf) CSRF N/A (Responsible disclosure) 08/28/2022
The Million Dollar IDOR Monish Basaniwal - IDOR, Race condition, GraphQL bug - 08/27/2022
SSRF leads to access AWS metadata. Akash Patil (@skypatil98) - SSRF $50 08/27/2022
Improper Input Validation Leads To Email Spamming Akshay Ravi (@AKSHAYC09YC47) - Email content injection $0 (Duplicate) 08/27/2022
My Hall of Fame at United Nations Success Story Joshua Arulsamy (@Joshua_Arulsamy) United Nations XSS N/A (VDP) 08/27/2022
Tetsuji: Remote Code Execution on a GameBoy Colour 22 Years Later xcellerator (@TheXcellerator) Nintendo RCE - 08/27/2022
Zimbra Open Bucket Data Leak – Responsible Disclosure Raffaele Forte (@raffaele_forte) Zimbra AWS misconfiguration N/A (VDP) 08/26/2022
Break the Logic: 5 Different Perspectives in Single Page (€1500) can1337 (@canmustdie) - Client-side enforcement of server-side security, IDOR, Authorization flaw $1,500 08/26/2022
XSS-VDP-HACKERONE arshiadev Trellix XSS N/A (VDP) 08/26/2022
ASP.NET Boilerplate Multiple Vulnerabilities Sana Oshika (@bigshika) Volosoft (ASP.NET Boilerplate) Authentication flaw, Hardcoded credentials, JWT bug, Padding oracle attack, Cryptographic issues N/A (Responsible disclosure) 08/26/2022
SSD Advisory – VhdmpiValidateVirtualDiskSurface LPE Sana Oshika (@bigshika) Windows Local Privilege escalation - 08/26/2022
Command Injection in the GitHub Pages Build Pipeline Joren Vrancken GitHub RCE, OS command injection $4,000 08/25/2022
Chaining Telegram bugs to steal session-related files. Sayed Abdelhafiz (@dPhoeniixx) Telegram Arbitrary file read, Android bug - 08/25/2022
SATisfying our way into remote code execution in the OPC UA industrial stack JFrog Security Research Team (@JFrogSecurity) Unified Automation Memory corruption bug, RCE - 08/25/2022
Crashing Industrial Control Systems at Pwn2Own Miami 2022 JFrog Security Research Team (@JFrogSecurity) Unified Automation DoS, Memory corruption bug, RCE - 08/25/2022
“GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs Bobby Rauch Microsoft Phishing - 08/24/2022
2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3 Pierre Kim (@PierreKimSec) & Alexandre Torres (@AlexTorSec) FreeBSD Security Team DoS $0 (full disclosure) 08/24/2022
Break the Logic: Insecure Parameters (€300) can1337 (@canmustdie) - Parameter manipulation, Logic flaw, Mass assignment $300 08/24/2022
Oracle SBC: Multiple Security Vulnerabilities Leading to Unauthorized Access and Denial of Service Harold Zang Oracle IDOR, Path traversal, DoS - 08/23/2022
Securing Developer Tools: Argument Injection in Visual Studio Code Thomas Chauchefoin Microsoft Argument injection, RCE - 08/23/2022
[CVE-2020-2733] JD Edwards EnterpriseOne Tools admin password not adequately protected Vahagn Vardanyan (@vah_13) Oracle Information disclosure - 08/23/2022
But You Told Me You Were Safe: Attacking The Mozilla Firefox Renderer (Part 1) & But You Told Me You Were Safe: Attacking The Mozilla Firefox Sandbox (Part 2) Hossein Lotfi (@hosselot) & Manfred Paul (@_manfp) Mozilla Browser bug, RCE, Prototype pollution $100,000 08/23/2022
Break Me Out Of Sandbox In Old Pipe - CVE-2022-22715 Windows Dirty Pipe k0shl (@KeyZ3r0) Microsoft Local Privilege Escalation - 08/23/2022
Paracosme - CVE-2022-33318 - Remote Code Execution in ICONICS Genesis64 Axel Souchet (@0vercl0k) ICONICS Memory corruption bug, RCE - 08/22/2022
Patch bypass for [CVE-2020-6369] Hard-coded Credentials in CA Introscope Enterprise Manager Arpine Maghakyan SAP Hardcoded credentials, Information disclosure - 08/22/2022
Vulnerability in Linux containers – investigation and mitigation Steven Murdoch (@sjmurdoch) Moby Project Local Privilege Escalation N/A (VDP) 08/22/2022
Useless path traversals in Zyxel admin interface (CVE-2022-2030) Maurizio Agazzini (@0x696e6f6465) Zyxel Path traversal N/A (VDP) 08/22/2022
SSRF & Google HOF(Hall of Fame) Aman Pareek (@aman_notsogreat) Google SSRF $0 (Doesn’t meet the bar) 08/22/2022
How a Port scan got me Nokia Hall of Fame Mani Sashank Nokia Lack of authentication, Information disclosure N/A (VDP) 08/22/2022
Blockchain Network is Secured! But not the apps and their Integrations Keyur Talati - Payment tampering, Logic flaw - 08/22/2022
Blind command injection Bartłomiej Bergier (@bergee) - RCE, OS command injection N/A (VDP) 08/21/2022
Failed Coding Assessment to Remote Code Execution - Part 1 Akash Chhabra (@_hackingguy) HackerEarth RCE - 08/20/2022
VPNs on iOS are a scam Michael Horowitz (@defensivecomput) Apple Privacy issue $0 (Expected behavior) 08/20/2022
Never underestimate the power of open redirect, a story of a full account takeover Ibrahim Auwal (@ibrahimatix0x01) - Open redirect, Account takeover, Token theft - 08/20/2022
Account takeover worth $1000 Faique (@imfaiqu3) - Account takeover, Authentication bypass, Information disclosure, Password reset flaw $1,000 08/19/2022
Uncovering a ChromeOS remote memory corruption vulnerability Microsoft 365 Defender Research Team Google Memory corruption bug $25,000 08/19/2022
Amazon Quickly Fixed A Vulnerability In Ring Android App That Could Expose Users’ Camera Recordings David Sopas (@dsopas), João Morais (@jmoraissec) & Pedro Umbelino (@kripthor) Amazon XSS, iOS bug, Android bug - 08/18/2022
XSS by Javascript Overriding Monke (@pmofcats) - XSS - 08/18/2022
Outlook CVE-2022-35742 insu (@hpy_insu) Microsoft DoS - 08/18/2022 Alternative link
Trust Me, I’m a Robot: Can We Trust RPA With Our Most Guarded Secrets? Nimrod Stoler (@n1mr0d5) & Nethanel Coppenhagen Blue Prism RPA bug, Insecure deserialization, SQL injection, MiTM N/A (Responsible disclosure) 08/18/2022
Fishbowl Disclosure: CVE-2022-29805 Michael Rand Fishbowl Insecure deserialization N/A (Responsible disclosure) 08/18/2022
Let’s Dance in the Cache - Destabilizing Hash Table on Microsoft IIS! Orange Tsai (@orange_8361) Microsoft DoS, Web cache poisoning, Authentication bypass $30,000 08/18/2022
You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications Eugene Lim (@spaceraccoonsec) VMware, Synology, Apple, Microsoft, Google, NextCloud XSS, SMTP command injection - 08/18/2022
N/a to $750 bounty for a Blind XSS. Dirtycoder (@dirtycoder0124) - Blind XSS $750 08/18/2022
Critical Local File Read in Electron Desktop App Renwa (@RenwaX23) Asana LFI $6,200 08/17/2022
RCE on Spip and Root-Me, v2! Laluka (@TheLaluka) & t0 (@t0) SPIP RCE, SSTI, DNS rebinding, XSS, Code injection, Unrestricted file upload N/A (VDP) 08/16/2022
Monitoring Linux host metrics with the Node Exporter information disclosure $350 Dhamotharan (@Dhamu_offi) Slack Information disclosure, Lack of authentication $350 08/16/2022
DOM XSS On A Gov Domain Bypassing WAF Tobydavenn - DOM XSS, WAF bypass - 08/16/2022
CSRF leads to Account Takeover | Samsung R ando (@Rando02355205) Samsung CSRF, Account takeover - 08/16/2022
2FA Bypass Do Re Mi Ashlyn Lau (@ashlyn_lau) - 2FA bypass - 08/16/2022
Multiple Denial of Service (DoS) Vulnerabilities in GoProxy, Smokescreen libraries Lorenzo Stella (@lorenzostella) Stripe DoS - 08/16/2022
FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug Chris (@accessvector) FreeBSD Security Team Memory corruption bug, Local Privilege Escalation - 08/16/2022
Open Redirect at Nvidia Mohamed Abdelhady</a> Nvidia Open redirect N/A (VDP) 08/16/2022
CVE-2022-30211: Windows L2TP VPN Memory Leak and Use after Free Vulnerability Alex Nichols (@i4mchr00t) Microsoft Memory corruption bug, RCE - 08/15/2022
We discovered major vulnerabilities in Control Web Panel. Here’s how we found them. Immersive Labs (@immersivelabs) Centos Web Panel (CWP) Path traversal, RCE, Weak crypto, Password reset flaw, Account takeover - 08/15/2022
Salesforce bug hunting to Critical bug Vuk Ivanovic - Information disclosure - 08/15/2022
Business Logic Vulnerability via IDOR Sagar Sajeev (@Sagar__Sajeev) - IDOR, Payment tampering $2,000 coupon 08/15/2022
1day to 0day(CVE-2022-30024) on TP-Link TL-WR841N Trần Minh Cường TP-Link Memory corruption bug - 08/15/2022
Five-minute hunting for hidden XSS Bartłomiej Bergier (@bergee) - Reflected XSS - 08/15/2022
The forgotten API and XSS filter bypass Bartłomiej Bergier (@bergee) - XSS - 08/14/2022
URL filter bypass, RFI and XSS Bartłomiej Bergier (@bergee) - Stored XSS, RFI - 08/14/2022
Hacking Zyxel IP cameras to gain a root shell Eric Urban Zyxel Lack of authentication, DoS, Information disclosure, Local Privilege Escalation N/A (VDP) 08/14/2022
How I got into the United Nations’ Hall of Fame Ameya Andhare (@cryptoknight028) United Nations Lack of authentication N/A (VDP) 08/14/2022
XSS via Angular Template Injection Bartłomiej Bergier (@bergee) - CSTI, XSS, WAF bypass - 08/13/2022
Remote Code Execution on Element Desktop Application using Node Integration in Sub Frames Bypass - CVE-2022-23597 & Video PoC s1r1us (@s1r1u5_) & TheGrandPew (@TheGrandPew) Matrix (Element) RCE, XSS N/A (VDP) 08/13/2022
Story of 5000$ bounty for Grafana Panel Access in Apple hckerl00 (@lokeshg62498939) Apple Lack of authentication, Information disclosure $5,000 08/13/2022
CVE-2022-30216 - Authentication coercion of the Windows “Server” service Ben Barnea (@nachoskrnl) Microsoft Off-by-one Error, Authentication coercion - 08/13/2022
How I earned a $7000 bug bounty from Grab (RCE Unique Bugs) ANDRI Grab RCE, Android bug $7,000 08/13/2022
Escalating Open Redirect to XSS Sagar Sajeev (@Sagar__Sajeev) - Open redirect, XSS - 08/13/2022
An Unusual Tale of Email Verification Bypass Sagar Sajeev (@Sagar__Sajeev) - Email verification bypass, Brute-force, Rate-limiting bypass - 08/13/2022
Bypassing unexpected IDOR Bharatsingh - IDOR, 40x bypass $0 (Duplicate) 08/13/2022
UN United Nations Host Header Injection leads to any Full Account Takeover (ATO) Ahmed Hassan United Nations Host header injection, Password reset flaw, Account takeover N/A (VDP) 08/13/2022
DOM Cross-Site Scripting Via postMessage in AnnounceKit Lorenzo Stella (@lorenzostella) Announcekit DOM XSS - 08/12/2022
Exploiting CVE-2022-24816: A Code Injection In The Jt-jiffle Extension Of Geoserver Remsio (@remsio) & Us3r777 (@us3r777) - RCE, Code injection - 08/12/2022
How I found an XSS vulnerability via using emojis Patrik Fabian Swisscom XSS - 08/12/2022
Researching Xiaomi’s TEE to get to Chinese money Slava Makkaveev Xiaomi Payment bypass, Android bug, Memory corrutption bug - 08/12/2022
Process injection: breaking all macOS security layers with a single vulnerability Thijs Alkemade (@xnyhps) Apple Local Privilege Escalation, Process injection vulnerability - 08/12/2022
File Upload Bypass to RCE == \(\) Sagar Sajeev (@Sagar__Sajeev) - Unrestricted file upload, RCE - 08/12/2022
Amazon Cognito misconfiguration lead to account takeover Hossam Ahmed (@iknowhatodo0x01) - Account takeover $0 (Duplicate) 08/12/2022
FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies & Biological Inspiration Bahruz Jabiyev (@BahruzJabiyev), Steven Sprecher (@StevenSprecher), Anthony Gavazzi, Tommaso Innocenti (@innotommy), Kaan Onarlioglu, Engin Kirda - HTTP Request Smuggling, DoS - 08/11/2022
IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit, Hekate exploits & Slides Steven Seeley (@steventseeley) VMware Authentication bypass, Information Disclosure, CSRF, RCE, Local Privilege Escalation - 08/11/2022
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors Shir Tamari (@shirtamari), Nir Ohfeld (@nirohfeld) & Sagi Tzadik (@sagitz_) Google, Microsoft, Aiven & others Privilege escalation, Cross-tenant vulnerability, OS command injection, Local privilege escalation - 08/11/2022
Attacking Titan M with Only One Byte Damiano Melotti (@DamianoMelotti) & Maxime Rossi Bellom (@max_r_b) Google Memory corruption bug, Local Privilege Escalation $75,000 08/11/2022
My Experience on Hacking the Dutch Government Jefferson Gonzales (@gonzxph) Dutch Government XSS, Open redirect, CSRF, Account takeover N/A (VDP) 08/11/2022
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software Jake Baines (@Junior_Baines) Cisco RCE, OS command injection, Local Privilege Escalation, MiTM - 08/11/2022
Mining Node.js Vulnerabilities via Object Dependence Graph and Query Song Li, Mingqing Kang, Jianwei Hou & Yinzhi Cao - RCE, OS command injection Prototype pollution, Path traversal - 08/10/2022
Web Cache Deception Escalates! Seyed Ali Mirheidari, Matteo Golinelli, Kaan Onarlioglu, Engin Kirda & Bruno Crispo - Web cache deception - 08/10/2022
Advanced Inter-Process Desynchronization in SAP’s HTTP Server & Slides Martin Doyhenard (@tincho_508) SAP Memory corruption bug, RCE, HTTP Request Smuggling, Web cache poisoning, Desync attack - 08/10/2022
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling James Kettle (@albinowax) AWS, Amazon, Akamai, Cisco, Verisign, Pulse Secure, Varnish HTTP Request Smuggling, Desync attack - 08/10/2022
Email Confirmation bypass at Instagram Avinash Kumar (@itsavinash_) Meta / Facebook Email confirmation bypass, Logic flaw $3,000 08/10/2022
How I earned a $6000 bug bounty from Cloudflare ANDRI Cloudflare Path traversal $6,000 08/10/2022
Google Cloud Shell - Command Injection Bugra Eskici (@bugraeskici) Google OS command injection, RCE - 08/10/2022
403 Forbidden Bypass Leading to Admin Endpoint Access. Christian Dray (@G0ds0nXY) - 403 bypass, Information disclosure $1,800 08/10/2022
Defeat the HttpOnly flag to achieve Account Takeover | RXSS Mohamed Tarek (@timooon107) - Reflected XSS, Account takeover - 08/10/2022
iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser Felix Krause (@KrauseFx) Meta / Facebook Privacy issue - 08/10/2022
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) Xingyu Jin Linux kernel Organization, Google, Samsung Memory corruption bug, Race condition, Local Privilege Escalation, Android bug - 08/10/2022
Security Implications of URL Parsing Differentials Thomas Chauchefoin - Open redirect, URL parsing differential bug N/A (Responsible disclosure) 08/09/2022
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability Quentin Kaiser (@QKaiser) Cisco OS command injection, RCE - 08/09/2022
From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager Steven Seeley (@steventseeley) VMware Authentication bypass, Information disclosure, Local Privilege Escalation - 08/09/2022
Dancing on the architecture of VMware Workspace ONE Access (ENG) Petrus Viet (@VietPetrus) VMware Authentication bypass, SQL injection, RCE - 08/09/2022
Bypassed Cloudflare’s Web Application Firewall (WAF) Ansh Vaid (@anshvaid4) - XSS, HTML injection, WAF bypass - 08/09/2022
Simple Open Redirect Bypass. Harshad Gaikwad (@h4rsh4d) - Open redirect - 08/09/2022
From Shodan to RCE: That one time I hacked a Fortune 500 company. vimanari_ (@vimanari_) - Lack of authentication, Arbitrary file read, RCE, Exposed Jenkins instance - 08/08/2022
Stored XSS in Mohammad Alfin Hidayatullah (@Alpinbrainsec) GitBook Stored XSS - 08/08/2022
SSD Advisory – Apple Safari ICU Out-Of-Bounds Write Dohyun Lee (@l33d0hyun) Apple Memory corruption bug - 08/07/2022
2FA Bypass via Google Identity & OAuth Login Sharat Kaikolamthuruthil (@sharp488) - 2FA bypass, Account takeover - 08/07/2022
Liferay revisited: A tale of 20k$ VNG Security Response Center (@vngsecresponse) - RCE $20,000 08/06/2022
Irremovable guest in facebook event — Facebook bug bounty Rajiv Gyawali (@rajiv_gyawali) Meta / Facebook Logic flaw - 08/06/2022
CVE-2022-29582 - An io_uring vulnerability Jayden (@Awarau1) & David Bouman (@pqlqpql) Google Memory corruption bug - 08/06/2022
How i was able to get 29 free products. | Bug Bounty Fırat (@CalloftheD) - Race condition - 08/06/2022
Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI Nir Ohfeld (@nirohfeld) & Rotem Lipowitch (@rotemlipowitch) Microsoft Local Privilege Escalation - 08/05/2022
CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE Spencer McIntyre (@zeroSteiner) VMware Local Privilege Escalation - 08/05/2022
Symlinks as mount portals: Abusing container mount points on MikroTik’s RouterOS to gain code execution nns MikroTik Container escape, Local Privilege Escalation - 08/05/2022
QNAP Poisoned XML Command Injection (Silently Patched) Jake Baines (@Junior_Baines) QNAP OS command injection, RCE N/A (VDP) 08/04/2022
Hijacking email with Cloudflare Email Routing Albert Pedersen (@AlbertSPedersen) Cloudflare HTTP response manipulation, Privilege escalation - 08/03/2022
Elasticsearch A Easy Win For Bug Bounty Hunters || How To Find and Report Tamim Hasan (@tamimhasan404) - Information disclosure - 08/03/2022
XSS in Gmail’s Amp4Email Adi “Adico” Cohen (@wir3less2) Google XSS $5,000 08/02/2022
(ZOHO) Manage Engine Desktop Central – SQL Injection / Arbitrary File Write & Path Traversal / Arbitrary File Write Tom Ellson (@tde_sec) Zoho SQL injection, Arbitrary file write, Path traversal - 08/02/2022
Multiple bugs in one program leads to 1500€ can1337 (@canmustdie) - Privilege escalation, IDOR, Authorization flaw $1,500 08/02/2022
How I earned 500$ by uploading a file: write-up of one of my first bug bounty Riccardo Malatesta (@seeu_inspace) Semrush Unrestricted file upload $500 08/02/2022
Instagram photo was present in data backup nearly after two years being deleted. Jeewan Bhatta (@thenullkid) Meta / Facebook Privacy issue $550 08/02/2022
Stored XSS to Account Takeover : Going beyond document.cookie | Stealing Session Data from IndexedDB Syed Mushfik Hasan Tahsin (@SMHTahsin33) - Stored XSS, Account takeover - 08/02/2022
How I earned $10,000 within the last 7 months — a 17y/o Edition Gowtham Naidu Ponnana (@gowtham_ponnana) - Authorization flaw $10,000 08/01/2022
Analysis of Adobe Acrobat Reader Javascript Doc.print() Use-After-Free Vulnerability (CVE-2022-34233) ThreatLabz (@Threatlabz) Adobe Memory corruption bug - 08/01/2022
How I get Full Account Takeover via stealing action’s login form | XSS Mohamed Tarek (@timooon107) - XSS, Account takeover - 08/01/2022
How I Earned €150 in 2 Minutes | HTML injection in email Thillai Raj - HTML injection $150 07/30/2022
My Second CVE (CVE-2022-31855) y0ung_dst (@Y0ung_MA) RStudio OS command injection, Local privilege escalation N/A (VDP) 07/30/2022
Zero-day XSS th3.d1p4k (@DipakPanchal05) IRCTC HTML Injection, Open Redirect, XSS N/A (VDP) 07/30/2022
Discord Desktop - Remote Code Execution & Video PoC s1r1us (@s1r1u5_) & ptr-yudai (@ptrYudai) Discord RCE, XSS, Sandbox bypass, CSP bypass $5,000 07/29/2022
Business logic vulnerabilities Sagar Sajeev (@Sagar__Sajeev) - Logic flaw, Payment tampering $400 07/29/2022
Arris / Arris-variant DSL/Fiber router critical vulnerability exposure Derek Abdine (@dabdine) ARRIS Path traversal, Memory corruption bug N/A (Responsible disclosure) 07/29/2022
Reading Message from Microsoft’s Private Yammer Group Meareg Microsoft Authorization flaw - 07/28/2022
“ParseThru” – Exploiting HTTP Parameter Smuggling in Golang Daniel Abeles (@Daniel_Abeles) & Gal Goldsthein Harbor, Traefik, Skipper HTTP Parameter Smuggling N/A (VDP) 07/28/2022
Researching Open Source apps for XSS to RCE flaws Aleksey Solovev - XSS, RCE N/A (VDP) 07/28/2022
How I became a millionaire in 3h | Fintech Bug Bounty — Part 1 0x4KD (@0x4kd) - IDOR, Lack of rate-limiting, Logic flaw - 07/28/2022
Vulnerability in Dahua’s ONVIF Implementation Threatens IP Camera Security Nozomi Networks Labs (@nozominetworks) Dahua MiTM N/A (VDP) 07/28/2022
Corrupting memory without memory corruption Man Yue Mo (@mmolgtm) Google Memory corruption bug - 07/27/2022
SSD Advisory – Apple Safari IDN URL Spoofing Dohyun Lee (@l33d0hyun) Apple URL spoofing - 07/27/2022
Reflected Cross Site Scripting on User Agent-Dependent Response Ali Hassan Ghori (@alihasanghauri) Reflected XSS $100 07/27/2022
Exploiting GitHub Actions on open source projects Rojan Rijal (@uraniumhacker), Johnny Nipper (@ratherbeonline) & Tanner Emek (@itscachemoney) Elastic RCE - 07/26/2022
Google XSS NDevTK (@ndevtk) Google XSS $8,133.70 07/26/2022
HTTP Parameter Pollution - It’s Contaminated Again Jerry Shah (@Jerry), ethicalbughunter (@ethicalbughuntr) & droppyy33 - HTTP Parameter Pollution, Rate-limiting bypass $50 07/26/2022
CVE-2022-31813: Forwarding Addresses Is Hard Gaetan Ferry (@mabote) Internet Bug Bounty (Apache HTTPD) Host header injection, DoS, IP address spoofing - 07/26/2022
Disclosing information with a side-channel in Django Sonar (@SonarSource) Django Side channel attack N/A (VDP) 07/26/2022
Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and Laurence Tennant freeCodeCamp Mass assignment N/A (VDP) 07/26/2022
Advisory | Roxy-WI Unauthenticated Remote Code Executions CVE-2022-31137 Nuri Çilengir (@ncilengir) Roxy-WI RCE, Authentication bypass N/A (VDP) 07/26/2022
Publicly Accessible Android Crash Reports Containing Sensitive Information Ali Hassan Ghori (@alihasanghauri) IDOR, Information disclosure $100 07/26/2022
CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable Mickey Jin (@patch1t) Apple MacOS bug, SIP bypass - 07/26/2022
CVE-2022–36446 — Webmin 1.996 — Remote Code Execution (RCE — Authenticated) During Install New Packages Emir Polat (@devilsgrins) Webmin RCE, OS command injection N/A (VDP) 07/26/2022
Digging JS files to find BUGs Adnan Malik (@adnanmalikinfo) - IDOR, Information disclosure $2,114 07/25/2022
Outdated PHP Version leads to RCE iamdevansharya (@iamdevansharya) - RCE, Old components with known vulnerabilities - 07/25/2022
DoS worth $650 ? Interesting right! Sagar Sajeev (@Sagar__Sajeev) - DoS, Pixel flood attack $650 07/25/2022
Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP) for a bounty of $4,913 Sayaan Alam (@ehsayaan) Dropbox Email spoofing $4,913 07/25/2022
With Management Comes Risk: Finding Flaws in FileWave MDM Claroty’s Team82 (@Claroty) Filewave Authentication bypass, Hardcoded credentials, Information disclosure N/A (VDP) 07/25/2022
Deep understand ASPX file handling and some related attack vectors Rskvp93 (@rskvp93) Microsoft Local Privilege Escalation, WAF bypass - 07/25/2022
Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505) Daniel Romero (@daniel_rome), Pablo Lorenzo & Guillermo del Valle Gil Nuki Memory corruption bug, DoS, Broken Access Control, Sensitive Information Sent Over an Unencrypted Channel - 07/25/2022
How I Gained Access To A Finance Company’s Accounts (Session Hijacking) Talha Karakumru - Session fixation, Weak crypto - 07/25/2022
A Developer’s Nightmare: Story of a simple IDOR and some poor fixes worth $1125 Marcos IAF (@marcos_iaf) - IDOR $1,125 07/24/2022
How I made 300 GitHub repos point to my blog using Azure subdomains takeover 0xPwN (@msd0s7) - Subdomain takeover - 07/23/2022
$$$ bounty in less 3 minutes from a google dork Steiner254 (@steiner254) - Information disclosure - 07/23/2022
Un3xpected DoS Attack on Profile Pictur3 Roxst4r (@mveswar98) - DoS $100 07/23/2022
SecStory: How I Found Multiple P1 Vulnerabilities without Recon rvdt (@rival_rvdt) - Authentication flaw N/A (VDP) 07/23/2022
WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security Julien Ahrens (@MrTuxracer) WordPress SQL injection, XSS, Account takeover $30,000 07/22/2022
Permanent Crash Instagram Followers. Naveen (@NaveenHax) Meta / Facebook DoS $1,000 07/22/2022
How I was able to Take over a support chat using leaked Keys Pliskin - Information disclosure $1,000 07/22/2022
Pwn2Own Miami 2022: Inductive Automation Remote Code Execution Sector 7 (@sector7_nl) Inductive Automation Ignition RCE, Authentication bypass - 07/22/2022
I mean, IDOR is NOT only about others ID can1337 (@canmustdie) - IDOR - 07/22/2022
How I Test For Web Cache Vulnerabilities + Tips And Tricks Kevin (@bxmbn) - Web cache poisoning, Web cache deception $3,500+ 07/21/2022
Gitlab Project Import RCE Analysis (CVE-2022-2185) Nguyễn Tiến Giang (@testanull) GitLab RCE N/A (n-day vulnerability) 07/21/2022
Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service Kat Traxler (@NightmareJS) AWS Security Logging and Monitoring Failure $0 (Won’t fix) 07/20/2022
[CVE-2022-34918] A crack in the Linux firewall Arthur Mongodin Linux Kernel Organization Memory corruption bug, Local Privilege Escalation N/A (VDP) 07/20/2022
React debug.keystore key was trusted by Meta(Facebook) which caused to Instagram account takeover by malicious apps. Dzmitry Lukyanenka (@vulnano) Meta / Facebook Account takeover, Android bug $12,000 07/19/2022
Riding The Inforail To Exploit Ivanti Avalanche Piotr Bazydło (@chudyPB) Ivanti RCE, Insecure deserialization, Race condition, Authentication bypass - 07/19/2022
Write-up: BlogEngine .NET - 0day Discovery Jake McCallum (@0xLanks) & Ethan (@complex201) BlogEngine .NET Path traversal, XXE N/A (VDP) 07/19/2022
Local File Inclusion (interesting method) Captain hook - LFI - 07/19/2022
CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation Jake Baines (@Junior_Baines) Zyxel Local Privilege Escalation N/A (VDP) 07/19/2022
SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE Alex Birnberg Microsoft Insecure deserialization, RCE - 07/19/2022
Logging Passwords in Plaintext in Azure Arc Jimi Sebree (@DinoBytes) Microsoft Information disclosure, Local Privilege Escalation $0 07/19/2022
How i was able to bypass Open Redirect 3 times on same program. himanshu pdy (@himanshu_pdy) - Open redirect $300 07/19/2022
Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass Sector 7 (@sector7_nl) OPC Foundation Local Privilege Escalation $40,000 07/19/2022
Authomize Discovers PassBleed Password Stealing and Impersonation Risks in Okta & Okta Response to Security Report Authomize (@Authomize) Okta Sensitive data sent over an unencrypted channel, Authorization flaw, Information disclosure - 07/19/2022
MyBB 0day Authenticated Remote code execution Anna / 416e6e61 (@AnnaViolet20) MyBB RCE, Argument injection N/A (Full disclosure) 07/19/2022
Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages Samip Aryal (@samiparyal_) Meta / Facebook Payment bypass $250 07/18/2022
Hey Google Lets submit bug from Victim Account ! Prasanth Elangovan Google IDOR $0 (Duplicate) 07/18/2022
Good things takes time | Story of my first “valid” critical bug! Kr1shna 4garwal (@Kr1shna4garwal) - Lack of authentication, Exposed administrative interface N/A (VDP) 07/18/2022
CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to Jellyfin Dan Barros & Eduardo Cardoso jellyfin Broken Access Control, XSS N/A (VDP) 07/18/2022
FFUF-ing RECON, or how to get to P1–P3 from a slightly different recon Vuk Ivanovic - vHost misconfiguration, 403 bypass, Information disclosure - 07/17/2022
A Story Of My First Bug Bounty Raj Qureshi (@RajQureshi9) - Information disclosure - 07/17/2022
Going beyond Alert with XSS pipsh - XSS, Account takeover - 07/16/2022
CRLF to Account takeover (chaining bugs) MoSec (@moe1n1) - CRLF, XSS, Account takeover - 07/16/2022
Subdomain takeover and Text injection on a 404 error page-$100 bounty Jeewan Bhatta (@thenullkid) - Subdomain takeover $100 07/16/2022
Business logic error anjaneyulu kanakatla - Logic flaw - 07/16/2022
First Bug Bounty from DOS: Taking the service down Faique (@imfaiqu3) - DoS $200 07/16/2022
Authorization token leak from verify email endpoint Vengeance - Account takeover, Information disclosure - 07/16/2022
Ability to login as google staff in Google Cloud Community Gaurav Bhatia Google Privilege escalation $100 07/15/2022
Good Recon Leads To Senssitive Accounts Milanjain - Information disclosure, Username enumeration - 07/15/2022
Exploiting Arbitrary Object Instantiations in PHP without Custom Classes Muhammad Talha / evilmango - Lack of rate-limiting, Privilege escalation, IDOR, Account takeover - 07/15/2022
How I Got My First CVE Tobydavenn U.S. Dept Of Defense Application-level DoS N/A (VDP) 07/15/2022
How I spammed a Google meet (But for good) Shaunak (SHA25) Google DoS $0 (Duplicate) 07/15/2022
Exploiting Arbitrary Object Instantiations in PHP without Custom Classes Arseniy Sharoglazov (@_mohemiv) - RCE, Arbitrary Object Instantiation, Bruteforce, LDAP injection N/A 07/14/2022
Tableau Server Leaks Sensitive Information From Reflected XSS Simon Bouchard (@SimTwisted) Salesforce Reflected XSS - 07/14/2022
Abusing URL Shortners for fun and profit Sicksec (@OriginalSicksec) - Information disclosure, Account takeover, IDOR $3,000 07/14/2022
CVE-2022-30136: Microsoft Windows Network File System V4 Remote Code Execution Vulnerability Yuki Chen (@guhe120), Guy Lederfein (@glederfein) & Quintin Crist Microsoft RCE, DoS, Memory corruption bug - 07/14/2022
From Open Redirect to Reflected XSS manually Rodric - Open redirect, Reflected XSS - 07/14/2022
Microsoft Teams — Cross Site Scripting (XSS) Bypass CSP Numan Turle (@numanturle) Microsoft XSS, CSP bypass, HTML injection $6,000 07/13/2022
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 Microsoft 365 Defender Research Team Apple Local Privilege Escalation - 07/13/2022
Hacking on a Private Program (Salseforce crm) Maruf Hosan (@thinkermaruff) - RCE, OS command injection $300 07/13/2022
CVE-2022-29885 - Don’t Open That Port - A Denial Of Service vulnerability on Apache Tomcat Cluster Service Listener void (@voidz0r) Internet Bug Bounty DoS $0 (Duplicate) 07/13/2022
Netwrix Auditor Advisory Jordan Parkin Netwrix Insecure deserialization N/A (VDP) 07/13/2022
CVE-2022-32223 Discovery: DLL Hijacking via npm CLI Yakir Kadkoda Node.js DLL Hijacking, Privilege Escalation - 07/12/2022
Microsoft Azure Site Recovery DLL Hijacking Jimi Sebree (@DinoBytes) Microsoft DLL Hijacking, Privilege Escalation $10,000 07/12/2022
Write Up 1: Hellosign Integration [Full Read SSRF] Soufiane Habti (@wld_basha) - SSRF $2,000 07/12/2022
How a Simple IDOR Led Me to Delete Any Account rajesh.r (@rajesh_ranjan) - IDOR, CSRF - 07/12/2022
Remote Code Execution via Prototype Pollution in Blitz.js Paul Gerste Blitz.js Prototype pollution, RCE N/A (VDP) 07/12/2022
How we have pwned Root-Me in 2022 SpawnZii (@SpawnZii) & Abyss Watcher SPIP XSS, CSRF, RCE N/A (VDP) 07/12/2022
Bug Bounty Collaboration and Manual Exploitation of an Interesting Boolean SQL Injection Tavi (@0xtavi) - SQL injection $1,000 07/11/2022
Exploiting Authentication in AWS IAM Authenticator for Kubernetes Gafnit Amiga (@gafnitav) Amazon Authentication flaw, Privilege escalation - 07/11/2022
How I earned 200$ in Bug Bounty Program Idan Malihi - Information disclosure $200 07/09/2022
Exploiting SQL Injection at Authorization token Basudev - SQL injection, Account takeover - 07/09/2022 Alternative link
An interesting idor that allowed me to See all projects (\(\) Bounty) Hamzadzworm (@hamzadzworm) - IDOR - 07/09/2022
Flash XSS in R ando (@Rando02355205) Google XSS - 07/08/2022
Advisory | GLPI Service Management Software Multiple Vulnerabilities and Remote Code Execution Nuri Çilengir (@ncilengir) GLPI SQL injection, RCE, LFI N/A (VDP) 07/08/2022
stored XSS and stored HTML Injection in United Nations Website Ahmed Hassan United Nations XSS, HTML injection N/A (VDP) 07/08/2022
Account Takeover via Response Manipulation BUG HUNTER - Authentication bypass, Account takeover, 2FA bypass, HTTP response manipulation $2,500 07/08/2022
PII Disclosure of Apple Users ($10k) Ahmad Halabi (@Ahmad_Halabi_) Apple IDOR, Lack of rate-limiting, Bruteforce, Information disclosure $10,000 07/07/2022
A Case Study of API Vulnerabilities - Part 2, and Empty Heads Monke (@pmofcats) & Bend Theory (@bendtheory) - SSRF, Path traversal - 07/07/2022
How I find open redirect in Facebook Abhinav Kumar (@abhinavsecond) Brave Software Open redirect $500 07/07/2022
Interesting Privilege Escalation In an Old Private Program Zunaid Mahmud (@SZ_Mahmud_7) - Privilege escalation $900 07/07/2022
Account hijacking using “dirty dancing” in sign-in OAuth-flows & PoC video Frans Rosén (@fransrosen) - OAuth flaw, Account takeover - 07/07/2022
CVE-2022-34265 Takuto Yoshikai (@TakutoYoshikai) Django SQL injection N/A (VDP) 07/07/2022
How I found Open redirect on Bug crowd public program in 2 day Ittipatjitrada (@IttipatJitrada) - Open redirect - 07/06/2022
Exposing Millions of Voter ID card users’ details. Aziz Al Aman (@nxtexploit) CERT-In IDOR, OTP bypass, Account takeover, Logic flaw N/A (VDP) 07/06/2022
Rediscovering Epic Games 0-Days (Forever Unpatched?) Christopher Vella (@Kharosx0) Epic Games Local Privilege Escalation - 07/06/2022
We Hacked Larksuite For 1 month and Here is what we found Snap Sec (@snap_sec) Lark Technologies XSS, IDOR, Privilege escalation, Broken Access Control, CSRF, 40x bypass - 07/04/2022
A swag for a Open Redirect — Google Dork — Bug Bounty Proviesec (@proviesec) - Open redirect N/A (VDP) 07/02/2022
Admin account takeover via weird Password Reset Functionality Mahmoud Youssef (@0xmahmoudjo0) - Account takeover, Authentication bypass, Password reset flaw - 07/02/2022
Two faces of a same PDF document Toni Huttunen Mozilla, Google, Adobe Parser differential attack - 07/01/2022
Facebook Portal’s business logic error lead to 500$ unurbayar amarsaikhan (@0xunuruu) Meta / Facebook Logic flaw, Authorization flaw $500 06/30/2022
Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908) s1r1us (@s1r1u5_) & TheGrandPew (@TheGrandPew) Microsoft RCE, XSS $3,000 06/29/2022
Bypassing Firefox’s HTML Sanitizer API Gareth Heyes (@garethheyes) Mozilla XSS - 06/29/2022
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus Naveen Sunkavally Zoho XXE, SSRF, RCE - 06/29/2022
XSS Blind Stored at 2 Assets TikTok Aidil Arief TikTok XSS $1,000 06/29/2022
My First Apple Bug And My First Writeup Banavath Aravind (@nanicyb) Apple IDOR, Email verification bypass - 06/29/2022
[BugBounty] how do I get a premium tier account without paying a penny Marzuki (@aizack_ma) - Mass-assignment, Payment bypass - 06/29/2022
The Army Of The Headless Browsers Komodo Cyber Consulting (@Komodosec) Meta / Facebook DDoS, Logic flaw $0 (Intended feature) 06/29/2022
Unrar Path Traversal Vulnerability affects Zimbra Mail Sonar (@SonarSource) Zimbra Path traversal, Arbitrary file write, RCE N/A (VDP) 06/28/2022
Bypassing .NET Serialization Binders Markus Wulftange (@mwulftange) Microsoft Insecure deserialization, RCE - 06/28/2022
FabricScape: Escaping Service Fabric and Taking Over the Cluster Unit 42 (@Unit42_Intel) Microsoft Container escape, Local privilege escalation, Cross-tenant vulnerability - 06/28/2022
Access control worth $2000 (everyone missed this IDOR+Access control between two admins.) dhakal_bibek (@dhakal__bibek) - IDOR, Broken Access Control $2,000 06/28/2022
CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED) Hans-Martin Münch (@h0ng10) Rapid7 Client File Read N/A (VDP) 06/28/2022
CVE-2022-30522 – Denial of Service (DoS) Vulnerability in Apache httpd “mod_sed” filter JFrog Security Research Team (@JFrogSecurity) Internet Bug Bounty DoS - 06/28/2022
HTML and Hyperlink Injection via Share Option In Microsoft Onenote Application Divyanshu Shukla (@justm0rph3u5) Microsoft HTML injection, Phishing $0 (OOS) 06/28/2022
CVE-2022-32208: FTP-KRB bad message verification Harry Sintonen Internet Bug Bounty (curl) MiTM $480 06/27/2022
CVE-2022-32207: Unpreserved file permissions Harry Sintonen Internet Bug Bounty (curl) Improper Preservation of Permissions $2,400 06/27/2022
CVE-2022-32206: HTTP compression denial of service Harry Sintonen Internet Bug Bounty (curl) DoS $2,400 06/27/2022
CVE-2022-32205: Set-Cookie denial of service Harry Sintonen Internet Bug Bounty (curl) DoS $480 06/27/2022
Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) Shubham Shah (@infosec_au) & Dylan Pindur Atlassian SSRF - 06/26/2022
Hyperlink Injection On IRC Cloud Aswin K V (@deep_marketer_) IRCCloud Hyperlink injection - 06/26/2022
Bug: Cisco IOS SNMPv3 ACL Issues Gerry Gosselin (@ggPixelHealth) Cisco Information disclosure - 06/26/2022
mysqlnd/pdo password buffer overflow leading to RCE (CVE 2022-31626) & @cyberguru007’s analysis and PoC Charles Fol (@cfreal_) PHP Buffer Overflow, Memory corruption bug N/A (VDP) 06/25/2022
Moderation Filter Bypass in tomorrowisnew (@tomorrowisnew_) Mozilla Logic flaw OOS 06/25/2022
An Out Of Scope domain Leads To a Critical Bug[$1500] Shakti Mohanty (@3ncryptSaan) - Authorization flaw, Broken Access Control $1,500 06/24/2022
Miracle - One Vulnerability To Rule Them All Nguyễn Tiến Giang (@testanull) & peterjson (@peterjson) Oracle Insecure deserialization, SSRF, RCE - 06/23/2022
Pwn2Own 2021 Microsoft Exchange Exploit Chain Rskvp93 (@rskvp93) Microsoft SSRF, RCE - 06/23/2022
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed) Jake Baines (@Junior_Baines) WatchGuard Argument injection N/A (VDP) 06/23/2022
Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006) Joshua Nearchos Google Authentication bypass, Lock screen bypass - 06/23/2022
Filesatck Upload Advisory Summary Carlos Yanez Filestack XSS - 06/23/2022
We were vulnerable - how a security company could have vulns Soman Verma & Alexei Doudkine (@skorov8) Volkis Broken Access Control, Authorization flaw, Information disclosure - 06/22/2022
$1500 Of Broken Access Controls Tobydavenn - Broken Access Control $1,500 06/22/2022
Exploiting vulnerabilities in iOS Application Raj Singh Chauhan (@raj_singh_ch) - IDOR, Bruteforce, Lack of rate limiting, Account takeover, iOS bug - 06/22/2022
Widespread prototype pollution gadgets Gareth Heyes (@garethheyes) - Prototype pollution - 06/21/2022
XSS Vulnerability in IBM Content Navigator (CVE-2020-4757) Olivier Laflamme IBM XSS - 06/21/2022
Response Manipulation in the Admin panel lead to PII leakage Mahmoud Hamed (@7odamo_) UPS VDP Account takeover, HTTP response manipulation N/A (VDP) 06/20/2022
Every XSS is different Leonardo - XSS - 06/20/2022
Account Takeover by OTP bypass Vaibhav Kumar Srivastava - Information disclosure, Client-side enforcement of server-side security, OTP bypass, Account takeover N/A (VDP) 06/19/2022
Personal Access Token Disclosure in Asana Desktop Application Lauritz (@lauritz) Asana Information disclosure, Hardcoded credentials $6,100 06/18/2022
How I hacked one of the biggest Airline in the world Dali Jandro (@Sazouki_) - IDOR, Account takeover, Authorization flaw - 06/18/2022
Hacking a NFT Platform Muhammad Abdullah - SSRF 2 ETH 06/17/2022
How I was able to see likes and dislikes count which is hidden by victim | YouTube #2 Jay Jani (@JayJani007) Google Logic flaw, Authorization flaw - 06/17/2022
That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability Gabriel Sztejnworcel (@sztejnworcel) Microsoft RCE - 06/16/2022
CSRF leads to account takeover in Yahoo! Retr02332 (@Retr02332) Yahoo CSRF, Account takeover $3,000 06/16/2022 Alternative link
Chaining MFA-Enabled IAM Users with IAM Roles for Potential Privilege Escalation in AWS Retr02332 (@Retr02332) Amazon Privilege escalation - 06/16/2022
The Android kernel mitigations obstacle race Man Yue Mo (@mmolgtm) Qualcomm Memory corruption bug, Android bug - 06/16/2022
XSS Blind Stored at Asset Domain Android Apps TikTok Aidil Arief TikTok Stored XSS $1,500 06/16/2022
Proofpoint Discovers Potentially Dangerous Microsoft Office 365 Functionality that can Ransom Files Stored on SharePoint and OneDrive Proofpoint (@proofpoint) Microsoft Logic flaw $0 (Working as intended) 06/16/2022
CVE-2022-23088: Exploiting A Heap Overflow In The Freebsd Wi-fi Stack m00nbsd (@m00nbsd) FreeBSD Security Team Memory corruption bug, RCE - 06/16/2022
Amazon Linux “log4j hotpatch” <1.3-5 local privilege escalation to root (race condition) Justin Steven (@justinsteven) Amazon Local Privilege Escalation - 06/15/2022
Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu Frédéric Basse (@FredoBasse) Google Hardware bug, Memory corruption bug - 06/15/2022
Privilege Escalation in AKS Clusters Anneke Breust, Aymen Segni (@aops_solutions) & Philipp Belitz Microsoft Privilege escalation $0 (Won’t fix) 06/15/2022
[BugTales] UnZiploc: From 0-click To Platform Compromise Daniel Komaromy (@kutyacica), Lorant Szabo (@szabolor) & Gyorgy Miru (@gymiru) Huawei Memory corruption bug, Logic flaw, RCE, Local privilege escalation - 06/14/2022
Hertzbleed Attack Yingchen Wang (@YingchenWang96), Riccardo Paccagnella (@ricpacca), Elizabeth Tang He, Hovav Shacham (@hovav), Christopher Fletcher & David Kohlbrenner (@dkohlbre) Intel, Cloudlfare, Microsoft Side-channel attack, Hardware bug, Cryptographic issues - 06/14/2022
Automating reflected XSS with burp-suite Intruder Santosh Kumar Sha (@killmongar1996) - Reflected XSS $750 06/14/2022
2FA Bypass via Basic Authentication on private bug bounty program Sharat Kaikolamthuruthil (@sharp488) - 2FA bypass - 06/14/2022
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection Sonar (@SonarSource) Zimbra Memcache injection, CRLF injection N/A (VDP) 06/14/2022
403 bypass on a fortune 100 financial institution (P3) Damaidec - Information disclosure, Authorization flaw, Forced browsing - 06/14/2022
Cryptographic Side-Channels (Timing Leaks) in JSBN Soatok (@SoatokDhole) Xfinity Opensource Cryptographic issue, Side-channel attack, Timing attack - 06/14/2022
SynLapse – Technical Details for Critical Azure Synapse Vulnerability & TL;DR Tzah Pahima (@TzahPahima) Microsoft Cross-tenant vulnerability, RCE $60,000 06/14/2022
Bypassing CSP with dangling iframes Gareth Heyes (@garethheyes) Google, Mozilla CSP bypass - 06/14/2022
500$ Account Takeover IONC Xsolla Account takeover, Information disclosure, HTTP response manipulation $500 06/14/2022
How I was able to see likes and dislikes count which is hidden by victim | YouTube #1 Jay Jani (@JayJani007) Google Logic flaw, Authorization flaw - 06/14/2022
Microsoft Azure Synapse Pwnalytics Jimi Sebree (@DinoBytes) Microsoft Privilege escalation - 06/13/2022
Yet another bug into Netfilter Arthur Mongodin Linux Kernel Organization Memory corruption bug, Local Privilege Escalation N/A (VDP) 06/13/2022
Finding vulnerabilities in curl 7.83.0 without reading a single-line of C code Haxatron (@Haxatron1) Internet Bug Bounty (curl) SSRF, Information disclosure, HSTS bypass - 06/12/2022
Hacking 6.5+ million websites => CVE-2022-29455 (Elementor) Rotem Bar (@rotembar), Gal Nagli (@naglinagli) & Tomer Zait (@realgam3) - XSS - 06/12/2022
How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook Neeraj Sharma (@root_n33r4j) Meta / Facebook IDOR $49,500 06/12/2022
Same bug different platform Prajwol Dhungana (@PrajwolDhunga14) Facebook Logic flaw, Authorization flaw - 06/11/2022
From blind SSRF to localhost dirbusting and asset enumeration Jovan Šikanja (@joshibeast) - SSRF - 06/11/2022
A Story of a Bug Found Fuzzing Abdulrhman Alqabandi (@qab) Google, Microsoft Browser bug, Memory corruption bug - 06/11/2022
ed25519-unsafe-libs Konstantinos Chalkias - Cryptographic issues - 06/11/2022
My first CVE-2022–31289 Praveen Mali (@pmmali_) Sonatype Authentication bypass, 403 bypass, HTTP response manipulation N/A (VDP) 06/11/2022
How to download eBooks from Google Play Store without paying for them Yess (@Yess_2021xD) Google Payment bypass, Logic flaw - 06/09/2022
CVE-2022-1040 Sophos XG Firewall Authentication bypass Nguyễn Đình Biển (@biennd279) Sophos Authentication bypass, RCE - 06/09/2022
Chaining vulnerabilities to criticality in Progress WhatsUp Gold Shubham Shah (@infosec_au) Progress (WhatsUp Gold) SSRF, Local File Disclosure, Information disclosure - 06/09/2022
Autodesk Fusion 360 <= 2.0.12887 “Insert SVG” Blind XXE Giulio ‘linset’ Casciaro (@Lins3t) Autodesk XXE N/A (VDP) 06/09/2022
Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225 JFrog Security Research Team (@JFrogSecurity) Envoy Zip bomb, DoS N/A (VDP) 06/09/2022
De-Anonymization attacks against Proton services reversemode (@reversemode) Proton AG Privacy issue, Information disclosure, HTML injection, Local Privilege Escalation - 06/08/2022
Extracting Clear-Text Credentials Directly From Chromium’s Memory & Go BLUE! A Protection Plan for Credentials in Chromium-based Browsers Zeev Ben Porat Google Browser bug $0 (Won’t fix) 06/08/2022
Account Takeover by Chaining Two IDORs Demon (@R29k_) - IDOR, Account takeover - 06/08/2022
Exploiting Amazon active vulnerability Benjamin Walter Amazon Payment bypass, Logic flaw $0 (Informative) 06/08/2022
CVE-2022-26937: Microsoft Windows Network File System NLM Portmap Stack Buffer Overflow Yuki Chen (@guhe120), Guy Lederfein (@glederfein) & Jason McFadyen Microsoft Buffer Overflow, Memory corruption bug - 06/08/2022
Security Vulnerability in GitLab: Sending Arbitrary Requests through Jupyter Notebooks Daniel Fürst (@DnlFrst) GitLab HTML injection $1,500 06/07/2022
An unusual way to find XSS injection in one minute Andrey Onishchenko TimeWeb CSTI, XSS - 06/07/2022
Multiple vulnerabilities in Zyxel zysh Marco Ivaldi / Raptor (@0xdea) Zyxel OS command injection, Memory corruption bug N/A (VDP) 06/07/2022
Another vision for SSRF phor3nsic (@phor3nsic_br) - SSRF - 06/06/2022
If It’s a Feature!!! Let’s Abuse It for $750 Shakti Mohanty (@3ncryptSaan) - CSRF $750 06/05/2022
How Attacker could have suffocated the company staff Muhammad Abdullah - Default credentials $1,400 06/05/2022
Is Exploiting A Null Pointer Deref For LPE Just A Pipe Dream? Michael DePlante (@izobashi) Microsoft (Bitdefender) Memory corruption bug - 06/02/2022
How I Mass hunt for Admin Panel Access…🤩 Ratnadip Gajbhiye (@scspcommunity) Gemeente Delft (The City of Delft) Default credentials - 06/02/2022
Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bounty Chen Cohen (@chencococococo) Microsoft RCE $20,000 06/01/2022
How I found a GoldMine but got No Gold Muhammad Abdullah - Old components with known vulnerabilities $0 06/01/2022
SQL injection to Remote Command Execution (RCE) Kwadwo Amoako - SQL injection, RCE - 05/31/2022
From open redirect to RCE in one week byq (@ByQwert) Open redirect, SSRF, Insecure deserialization, LFI, RCE - 05/31/2022
Abusing Facebook’s feature for a permanent account confusion(logic vulnerability) Liv Facebook 2FA bypass, DoS, Logic flaw - 05/31/2022
How to find & access Admin Panel by digging into JS files…🥰 Ratnadip Gajbhiye (@scspcommunity) - Weak credentials, WAF bypass - 05/30/2022
External Authentication bypass in ingress-nginx Niemiec Marcin (@xvnpw) Kubernetes Path traversal, Authentication bypass $500 05/29/2022
Exploiting iOS app for fun and profit Bijan Murmu (@0xbijan) - Account takeover, Information disclosure - 05/29/2022
Hall of Fame Vice Media ? hacking while sleepy… Muhammad Syahrul Haniawan Vice Media Subdomain takeover N/A (VDP) 05/29/2022
Weird Email Verification Bypass Vaibhav Atkale - Email verification bypass - 05/28/2022
A Simple SQL Injection in an Air Force Website Corben Leo (@hacker_) U.S. Dept Of Defense SQL injection N/A (VDP) 05/27/2022
Bygone Vulnerabilities - Remote Code Execution in IBM Lotus SameTime Clients (CVE-2013-0553) Brian (@hoyahaxa) IBM XSS, RCE - 05/27/2022
Social Media Take Over = Easy Money Jesse Clark (@Hogarth45_) - Broken Link Hijacking - 05/26/2022
How an Open Redirection Leads to an Account Takeover? Mahendra Purbia (@Mah3Sec_) - Open redirect, Account takeover - 05/26/2022
Hijacking Over 100k GoDaddy Websites Jonathan Cran (@jcran), Shpend Kurtishaj (@shpendk) & Maxim Gofnung GoDaddy Subdomain takeover - 05/25/2022
The Printer Goes BRRRRR!!! & Slides Mehdi Talbi (@abu_y0ussef), Rémi Jullian (@netsecurity1) & Thomas Jeunet (@cleptho) HP, Lexmark, Canon Memory corruption bug $60,000 05/25/2022
How I made it into the United Nations hall of fame as I slept Vikaran (@vikaran101) United Nations XSS N/A (VDP) 05/25/2022
How I Found a company’s internal S3 Bucket with 41k Files Tarun Koyalwar (@KoyalwarTarun) - AWS misconfiguration $250 05/24/2022
Spoofing Microsoft 365 Like It’s 1995 Steve Borosh (@424f424f) Microsoft Spoofing, Phishing $0 (Won’t fix) 05/24/2022
CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED) Jacob Baines (@Junior_Baines) VMware Local Privilege Escalation - 05/24/2022
How I Get Bounty From Takeover Account RyuuKhagetsu (@h4x0r_dz) - IDOR, Information disclosure, Password reset flaw, Account takeover - 05/23/2022
Breaking Reverse Proxy Parser Logic Blake Jacobs (@z0idsec) - Path traversal - 05/22/2022
Finding vulnerabilities in Swiss Post’s future e-voting system - Part 2 reversemode (@reversemode) Swiss Post Insecure deserialization, Cryptographic issues - 05/22/2022
2FA Bypass on private bug bounty program due to improper caching mechanism Sharat Kaikolamthuruthil (@sharp488) - 2FA bypass - 05/22/2022
2FA Bypass on private bug bounty program due to CSRF token misconfiguration Sharat Kaikolamthuruthil (@sharp488) - 2FA bypass - 05/22/2022
Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click h4x0r_dz (@h4x0r_dz) Paypal Clickjacking $0 (Informative) 05/22/2022
A business Logic issue worth $1500 Mohsin Khan (@tabaahi_) - Logic flaw $1,500 05/21/2022
How I was able to down a service of Microsoft ? Denial of Service (DOS) Attack on Microsoft. Harsh Banshpal (@harshbanshpal) Microsoft DoS $0 (OOS) 05/21/2022
PayPal IDOR via billing Agreement Token (closed Informative, payment fraud) h4x0r_dz (@h4x0r_dz) Paypal IDOR $0 (OOS) 05/21/2022
Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web Avinash Sudhodanan (@sudoavi) & Andrew Paverd (@ajpaverd) Dropbox, Meta / Facebook (Instagram), LinkedIn, Wordpress & Zoom Account takeover, Pre-hijacking attack - 05/20/2022
Leaking Your GitHub Repositories With Snyk Code Ron Masas (@RonMasas) Snyk Path traversal, Broken Access Control N/A (VDP) 05/20/2022
Research: Auditing WordPress Plugins cy//ective (@cyllective) - SQL injection, LFI, XSS, RCE - 05/20/2022
How I was able to access IBM internal documents Mohamed Taha (@Mohamed12742780) IBM Information disclosure, IDOR - 05/19/2022 Alternative link
From Wayback to Account Takeover Mohamed Taha (@Mohamed12742780) Plex Information disclosure, Account takeover $120 05/19/2022
CVE-2022-21404: Another Story Of Developers Fixing Vulnerabilities Unknowingly Because Of CodeQL Paulino Calderon (@calderpwn) Oracle Insecure deserialization - 05/19/2022
Exploiting an Unbounded memcpy in Parallels Desktop: A Pwn2Own 2021 Guest-to-Host Virtualization Escape RET2 Systems (@ret2systems) Parallels Memory corruption bug $40,000 05/19/2022
A Tale of Confusing IDOR Avi (@naaash) TikTok IDOR $2,500 05/18/2022
Variant Cloud Analysis jspin (@jespinhara) - Default credentials - 05/18/2022
Vulnerability in Huawei’s AppGallery can download paid apps for free Dylan Roussel (@evowizz) Huawei Payment bypass, Logic flaw - 05/18/2022
Stealing Google Drive OAuth tokens from Dropbox Sivanesh Ashok (@sivaneshashok) & Sreeram KL (@kl_sree) Dropbox CSRF, SSRF, Account takeover $1,728 05/17/2022
Bypassing WAF to Weaponize a Stored XSS ne555 - Stored XSS - 05/17/2022
Hacking Swagger-UI - from XSS to account takeovers Dawid Moczadło (@kannthu1) Shopify, Paypal, GitLab, Atlassian, Yahoo, Microsoft, Jamf & others DOM XSS, Account takeover - 05/16/2022
Impact of an Insecure Deep Link Yashar Shahinzadeh (@YShahinzadeh) & Аli Dinifаr (@binb4sh) CafeBazaar Insecure deeplink, Android bug - 05/16/2022
Multiple bugs chained to takeover Facebook Accounts which uses Gmail. Youssef Sammouda (@samm0uda) Meta / Facebook XSS, CSRF, Account takeover $44,625 05/14/2022
My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information’s & In Some cases Passwords At More Than 1000 Companies Orwa Atyat (@GodfatherOrwa) & Abdullah Nawaf (@XHackerx007) - Exposed registration page - 05/14/2022
From android app to access admin dashboard Oday Alhalabi (@OdayAlhalabi) - Exposed registration page, Account takeover - 05/13/2022
Forging OAuth tokens using discovered client id and client secret Basyouni (@AshrafBasyoni4) - Information disclosure, Account takeover - 05/12/2022
New Wine in Old Bottle - Microsoft Sharepoint Post-Auth Deserialization RCE (CVE-2022-29108) Nguyễn Tiến Giang (@testanull) Microsoft Insecure deserialization, RCE - 05/12/2022
Takeover seller accounts worth billions & millions Bijan Murmu (@0xBijan) - IDOR, Account takeover - 05/12/2022
Spoofing SaaS Vanity URLs for Social Engineering Attacks Tal Peleg Box, Zoom, Google URL spoofing - 05/11/2022
Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923) Oliver Lyak (@ly4k_) Microsoft Active Directory Privilege Escalation - 05/10/2022
The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… Renwa (@RenwaX23) - CSS injection, Clickjacking, Account takeover, XSS, Cookie bomb, Self-XSS, CSRF $3,850 05/10/2022
ResolveURI RXSS Imperva Waf Bypass Ahsan Shahid (@hunter0x8) - XSS - 05/10/2022
RCE via Dependency Confusion Samrat Gupta (@Sm4rty_) - Dependency confusion - 05/10/2022
Account verification code bypass lead to a $4000 bounty Mohsin Khan (@tabaahi_) - OTP bypass $4,000 05/08/2022
Can analyzing javascript files lead to remote code execution? Asem Eleraky (@melotover) - Unrestricted file upload, RCE - 05/08/2022
How I Paid For My Holiday With Bug Bounty Tobydavenn - XSS, Broken Access Control, IDOR, Unrestricted file upload - 05/08/2022
P1 Bug — PII information disclosure Huntersherlock - Information disclosure, IDOR - 05/08/2022
Its all about 2fa bypass, or Account Takeover anjaneyulu kanakatla - Password reset flaw, Account takeover, OTP bypass - 05/08/2022
The $16,000 Dev Mistake Daniel Marte (@Masonhck3571) - Information disclosure $16,000 05/07/2022
Cloudflare Pages, part 1: The fellowship of the secret, Part 2: The two privescs, Part 3: The return of the secrets & Cloudflare writeup Sean Yeoh (@seanyeoh) & James Hebden (@devec0) Cloudflare Command injection, Container escape, Bash Path injection, RCE, Local Privilege Escalation, Information disclosure - 05/06/2022
A Fun SSRF through a Headless Browser Corben Leo (@hacker_) - SSRF - 05/06/2022
Advanced sqlmap Case Study Peter M (@h1pmnh) - SQL injection - 05/06/2022
How We hacked (bypassed) Admin Panel just by JS file Zhenwar Hawlery (@zhenwarx) & moSec (@moe1n1) - Information disclosure - 05/06/2022
CVE-2022-0540 - Authentication bypass in Seraph Khoa Dinh (@_l0gg) - Authentication bypass - 05/06/2022
Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) Zulfi Al-Farizi - XSS, CSRF, Account takeover $0 (Duplicate) 05/06/2022
Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store Ken Gannon (@Yogehi) Samsung Android bug, Insecure intent - 05/04/2022
Samsung Flow - Any App Can Read The External Storage Ken Gannon (@Yogehi) Samsung Android bug, Insecure intent - 05/04/2022
Remotely permanent crash any Instagram user via permanent DoS in user DM’s. Naveen (@NaveenHax) Meta / Facebook DoS $1,575 05/04/2022
Business Logic Errors - Art of Testing Cards Jerry Shah (@Jerry) - Payment bypass, Logic flaw - 05/04/2022
How i found a vulnerability that leads to access any users’ sensitive data and got $500 Mr Robert | Ahmed M Hassan (@Mr_Robert20) Flickr Information disclosure $500 05/04/2022
[UNPATCHED] Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloading Vladimir Metnew (@vladimir_metnew) GitHub RCE $500 05/04/2022
Hacking a Bank by Finding a 0day in DotCMS Shubham Shah (@infosec_au) & Hussein Daher (@HusseiN98D) - Directory traversal, Unrestricted file upload, RCE - 05/03/2022
CVE-2022-25262 | JetBrains Hub single-click SAML response takeover Yurii Sanin (@SaninYurii) JetBrains Authorization flaw, SAML bug, OAuth flaw - 05/03/2022
How I got a lousyT-Shirt from the Dutch Government. Mava (@mava656) Dutch Government Old components with known vulnerabilities N/A (VDP) 05/03/2022
Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks Noam Dotan - Privilege escalation, CI/CD bug N/A (Information disclosure) 05/02/2022
ATO without any interaction [aws cognito misconfiguration] Shreyaskoli (@SPY8OY) GitHub Account takeover, Lack of rate limiting $550 04/30/2022
Page Admin Disclosure when Posting a Reel Syd Ricafort (@devsyd11) Meta / Facebook Spoofing $1,000 04/30/2022
Sensitive Data Exfiltration through XSS ($450) Zulfi Al-Farizi - Token leak $450 04/30/2022
Exploitation of an SSRF vulnerability against EC2 IMDSv2 Yassine Aboukir (@Yassineaboukir) - SSRF - 04/28/2022
Contact Point Deanonymization Vulnerability in Meta Lokesh Kumar (@lokeshdlk77) Meta / Facebook Information disclosure $12,000 04/28/2022
Wiz Research discovers “ExtraReplica”— a cross-account database vulnerability in Azure PostgreSQL Shir Tamari (@shirtamari), Ronen Shustin (@ronenshh), Nir Ohfeld (@nirohfeld) & Sagi Tzadik (@sagitz_) Microsoft Cross-tenant vulnerability, Privilege escalation, Authentication bypass - 04/28/2022
2FA Secret value disclosure leads to 2FA Bypass - Bug Bounty Writeup Aditya Singh / rook1337 (@imrook1337) - 2FA bypass, Information disclosure - 04/28/2022
Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) Keiran Sampson (@hpy_downunder), James Hebden (@devec0) & Shubham Shah (@infosec_au) VMware SSRF - 04/27/2022
Bypassing WAF for $2222 Divyansh Sharma - WAF bypass, Path traversal $2,222 04/27/2022
Azure Monitor – Malicious KQL Query Joosua Santasalo (@SantasaloJoosua) Microsoft Privilege escalationn - 04/27/2022
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages? Team Nautilus (@AquaSecTeam) GitHub Logical flaw - 04/26/2022
Fuzzing and credentials leakage..awesome bug hunting writeup Abdalrahman Alshammas - Hardcoded credentials, Information disclosure - 04/26/2022
Unlock any blur text/picture without membership/subscription on |By Neuchi Neil Neuchi Payment bypass, Logic flaw N/A 04/25/2022
EJS, Server side template injection RCE (CVE-2022-29078) - writeup Eslam Salem (@net_code) ejs, NetApp SSTI, RCE N/A (VDP) 04/23/2022
How I got Apple Hall Of Fame ! shubhdeep (@Shubhdeeppp) Apple Content injection - 04/23/2022
How I Bypassed 2FA while Resetting Password Sufiyan Gouri (@gouri_sufyan) - 2FA bypass, Password reset flaw - 04/23/2022
Adventures Into The MeowCorp Bug Bounty Program Nirmal Thapa (@tnirmalz) - Information disclosure, Weak credentials, SSRF, .git folder disclosure, RCE - 04/21/2022
Security issues with cloudflare/odoh-server-go and the ODoH RFC draft Frans Rosén (@fransrosen) Cloudflare SSRF - 04/21/2022
Smashing the Modern Web Tech Stack — Part 1: The Evolving Threat Landscape in 2022 and DOM-based XSS in Cloud-Native React Apps. MalwareJoe - Open redirect, XSS - 04/21/2022
Open Redirection into Bentley System Amit Kumar (@Amitlt2) Bentley Systems XSS - 04/21/2022
Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account Joosua Santasalo (@SantasaloJoosua) Microsoft Information disclosure, Privilege escalationn - 04/21/2022
Exploiting a File Upload Vulnerability — A Directory Traversal Attack Kwadwo Amoako - Unrestricted file upload, Path traversal - 04/20/2022
CVE-2022-21449: Psychic Signatures in Java, A few clarifications about CVE-2022-21449, Lab by @datadoghq & Lab by @SecCodeWarrior Neil Madden (@neilmaddog) Oracle Signature bypass, Cryptographic issues - 04/19/2022
AWS’s Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation Unit 42 (@Unit42_Intel) Amazon Privilege escalation, Container escape - 04/19/2022
Palisade identifies Wormable Cross-Site Scripting Vulnerability affecting Rarible’s NFT Marketplace Palissade (@PalisadeLLC) Rarible XSS $5,000 04/18/2022
Stored XSS To Other Users Via Messages Tobydavenn - Stored XSS - 04/18/2022
SQL Injection in Harvard’s Subdomain Bibek Neupane (@nb1b3k) Harvard SQL injection - 04/17/2022
Full Account Takeover via Open Redirection vFlexo (@vflexo) - Open redirect, Token theft, Account takeover, OAuth flaw - 04/17/2022
XSLeaking with my best bud SOP Ha Anh Hoang Microsoft Information disclosure - 04/15/2022
How we spoofed ENS domains for $15k Hacxyk. (@Hacxyk) ENS Homograph attack $15,000 04/15/2022
How I was able to see likes and dislikes count even though is hidden by victim | YouTube #4 R ando (@Rando02355205) Google Broken Access Control - 04/15/2022
[3/3] Cache Poisoning & Lateral Movement @ GitLab IP GitLab Broken Access Control - 04/15/2022
Crazy Simple Insecure Design & 300$ Bounty! Saransh Saraf - IP grabbing $300 04/15/2022
CVE-2022-26133 - Bitbucket Data Center - Java Deserialization Vulnerability Benny Jacob (@bennyyjacob) Atlassian Insecure deserialization - 04/14/2022
Multiple Vulnerabilities in Cisco Expressway Christian Mehlmauer (@firefart) Cisco Memory leak, Exposed administrative interface - 04/14/2022
United Nations bug bounty[writeup] Debprasad Banerjee United Nations Information disclosure N/A (VDP) 04/14/2022
Abusing Azure Hybrid Workers for Privilege Escalation – Part 2: An Azure PrivSec Story Josh Magri (@passthehashbrwn) Microsoft Privilege escalation $10,000 04/14/2022
Blinding Snort: Breaking The Modbus OT Preprocessor Claroty’s Team82 (@Claroty) Cisco Memory corruption bug - 04/14/2022
Bypass Rate Limit — A blank space leads to this random encounter! Roxst4r (@mveswar98) - Password reset flaw, Rate-limiting bypass - 04/14/2022
MY First Bug In Hackerone anjaneyulu kanakatla - Information disclosure - 04/14/2022
[2/3] XSS Through The Front-Door @ GitLab IP GitLab XSS, CSP bypass, DOM-based JavaScript injection - 04/13/2022
Threat Evasion for aws:multifactorAuthPresent condition using Cloudshell Falcnix (@falcnix) Amazon MFA bypass - 04/13/2022
Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities Kasif Dekel (@kasifdekel) & Ronen Shustin (@ronenshh) Microsoft DoS, Memory corruption bug - 04/13/2022
Bypass Apple Corp SSO on Apple Admin Panel Stealthy (@stealthybugs) Apple Path traversal $6,000 04/12/2022
CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client Rhino Security Labs (@RhinoSecurity) Amazon Local Privilege Escalation - 04/12/2022
IDOR (Insecure Direct Object Reference) leads to listing all valid Users and edit their Profiles Ahmed Hassan Drexel University IDOR - 04/12/2022
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed) Jacob Baines (@Junior_Baines) Microsoft Local Privilege Escalation - 04/12/2022
XSS - The LocalStorage Robbery Jerry Shah (@Jerry) & ethicalbughunter (@ethicalbughuntr) - XSS - 04/12/2022
Broken session control leads to access the admin panel even after revoking the access!! — #ZOHO Naveenroy Zoho Broken Access Control - 04/12/2022
NotGitBleed Aaron Devaney GitHub Information disclosure - 04/11/2022
AWS RDS Vulnerability Leads to AWS Internal Service Credentials Gafnit Amiga (@gafnitav) Amazon LFI - 04/11/2022
SVG SSRFs and saga of bypasses Preetham Bomma (@cyber01_) - SSRF, HTML injection - 04/11/2022
[1/3] Brute-Force Protection Bypass @ GitLab IP GitLab Bruteforce, Rate limiting bypass - 04/11/2022
The #100DaysOfHacking Challenge : A Game Changer for Me Najam Ul Saqib (@NjmUlSqb) - IDOR - 04/10/2022
Privacy Disclosure on Facebook Lite after Creating a Post Rhey Facebook Privacy issue $400 04/10/2022
XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain Ahmed Hassan Huawei XSS, HTML injection - 04/10/2022
MSRC – Joint security research write up – Azure AD Consent bypass disclosure with Kim Jamia – Q1/2022 Joosua Santasalo (@SantasaloJoosua) & Kim Jämiä (@KimJamia) Microsoft Authorization flaw - 04/09/2022
How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty Vishal Saini (@k4k4r07) - SQL injection $4,324 04/08/2022
Stripe checkout misconfiguration leads to an unlimited trial period Colin Winhall (@colinwinhall) Stripe Logic flaw, Payment bypass $0 (Informative) 04/08/2022
Meta’s SparkAR RCE Via ZIP Path Traversal Fady Othman (@Fady_Othman) Meta / Facebook RCE, Path traversal $2,500 04/07/2022
Multiple vulnerability leading to account takeover in TikTok SMB subdomain. Ahmad A Abdulla (@lu3ky13) TikTok IDOR $1,000 04/07/2022
How i got access to 1600k Users PII Data \(\) Gokul AP (@CodingGokul) - Information disclosure $1,500 04/06/2022
SSRF and Account Takeover via XSS in ERPNext (0-day) huli (@aszx87410) ERPNext SSRF, XSS, Account takeover $0 (No response) 04/06/2022
Watch out the links : Account takeover! Akash Hamal (@AkashHamal0x01) - Account takeover - 04/06/2022
CVE-2021-4119: [Bookstack] Email harvesting via SQL “LIKE” clause exploitation Haxatron (@Haxatron1) Bookstack Broken Access Control, SQL injection - 04/05/2022
New npm Flaws Let Attackers Better Target Packages for Account Takeover Team Nautilus (@AquaSecTeam) GitHub Information disclosure - 04/05/2022
HTTP Request Smuggling on and Others. Stealthy (@stealthybugs) Apple HTTP request smuggling $36,000 04/05/2022
Azure Active Directory Exposes Internal Information Secureworks (@Secureworks) Microsoft Information disclosure $0 (Won’t fix) 04/05/2022
How I hacked one of the biggest airlines group of the world Tarek Bouali (@iambouali) - IDOR, Account takeover N/A (VDP) 04/05/2022 Alternative link
CloudKit Share Records leak the title of private iCloud files David Schütz (@xdavidhu) Apple IDOR, Broken Access Control - 04/05/2022
CVE-2021-38159: MOVEit Transfer SQL Injection Analysis Tuan Anh Nguyen (@haxor31337) Palantir Public SQL injection $5,000 04/05/2022
Spoof as another Facebook user to report an impostor account Syd Ricafort (@devsyd11) Facebook Spoofing - 04/05/2022
NoSQL Injection in Plain Sight Kuldeep Pandya (@kuldeepdotexe) - NoSQL injection - 04/04/2022 Alternative link
MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639 & PoC Mickey Jin (@patch1t) Apple Local Privilege Escalation - 04/04/2022
Hacked Nokia With Reflected Cross-site Scripting Vulnerability…. Amit Kumar (@Amitlt2) Nokia Reflected XSS N/A (VDP) 04/04/2022
Cloud SSRF Exploitation Dan Barros - SSRF - 04/04/2022
Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline Noam Dotan GitHub Privilege escalation, CI/CD bug $0 (Informational) 04/04/2022
Exploiting a double-edged SSRF for server and client-side impact Yassine Aboukir (@Yassineaboukir) & Surajjjj (@ninetyn1ne_) - SSRF - 04/03/2022
Hacked Instagram Handle Of Samsung…. Amit Kumar (@Amitlt2) Samsung Broken Link Hijacking - 04/03/2022
How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables David Bouman (@pqlqpql) Linux Kernel Organization Memory corruption bug, Local privilege escalation N/A (VDP) 04/02/2022
View Friends List of any users using “View as” | Facebook Bug bounty Ph.Hitachi Facebook Logic flaw, Broken Acces Control - 04/02/2022
Multiple Times I Hacked Duke University With RXSS Vulnerability!!! Amit Kumar (@Amitlt2) Duke University Reflected XSS N/A (VDP) 04/02/2022
Design Flaw : A Tale of Permanent DOS (Informative -> Triaged) Akash Hamal (@AkashHamal0x01) - DoS - 04/02/2022
Write Up – Finapi (Open Banking API) Oauth Credentials Exposed In Plain Text In Android App Omar Espino (@omespino) - Hardcoded credentials, Android bug - 04/01/2022
Debugging the undebuggable and finding a CVE in Microsoft Defender for Endpoint Gijs Hollestelle Microsoft Endpoint spoofing - 04/01/2022
Small bugs are more dangerous than you think Liv (@terminatorLM) - Self-XSS, Stored XSS, Open redirect, CSRF - 04/01/2022
Pwning a Cisco RV340 with a 4 bug chain exploit Liv (@terminatorLM) Cisco Local Privilege Escalation, OS command injection, RCE, Session management flaw - 04/01/2022
A Large-scale and Longitudinal Measurement Study of DKIM Deployment Chuhan Wang, Kaiwen Shen (@m0xiaoxi), Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan Google, Mailchimp, Sendgrid, Salesforce & others Email spoofing, Phishing - 04/01/2022
Race condition in Tendermint’s StarPort Shashank (@cyberboyIndia) Cosmos Race condition $5,000 03/31/2022
Critical SSRF on Evernote Neolex (@NeolexSecurity) Evernote SSRF $5,000 03/31/2022
Got Access To Dota 2 Admin Panel By Exploiting In-game Feature Abdillah Muhamad (@abdilahrf) Valve XSS $900 03/31/2022
CVE-2022-27643 - NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability Relyze (@relyze) Netgear Memory corruption bug, RCE - 03/31/2022
Unauthenticated Remote Code Execution in Cisco Nexus Dashboard Fabric Controller (formerly DCNM) Pedro Ribeiro (@pedrib1337) Cisco Insecure deserialization, Local Privilege escalation, RCE - 03/30/2022
GitHub Cache Poisoning Scribe Security (@ScribeSecurity) GitHub Cache poisoning attack, Logic flaw $0 (Working as intended) 03/30/2022
How I bypassed 403 forbidden domain using a simple trick Jan Muhammad Zaidi (@hasanakajan) - 403 bypass - 03/29/2022
ABC-Code Execution for Veeam Nikita Petrov (@ultrayoba) Veeam Local Privilege Escalation N/A (VDP) 03/29/2022
Ruby Deserialization - Gadget on Rails HTTPVoid (@httpvoid0x2f) Ruby on Rails Insecure deserialization, RCE - 03/28/2022
Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All Kasif Dekel (@kasifdekel) & Ronen Shustin (@ronenshh) Microsoft RCE, Memory corruption bug, SQL injection - 03/28/2022
How I was able to rick roll every users on Mizu (@kevin_mizu) Root-Me XSS N/A (Responsible disclosure) 03/27/2022
Stealing cookies from subdomain leads to takeover user accounts at Bijan Murmu (@0xBijan) - Account takeover, XSS - 03/27/2022
Deleting account via support ticket Bijan Murmu (@0xBijan) - IDOR, Broken Access Control - 03/26/2022
Bug Bounty Adventures: A NodeBB 0-day Marouane Mouhtadi (@Mar0_0uane) Opera CSRF, Account takeover, SSO bug, Authentication flaw - 03/25/2022
Clipboard hazard with Google Sheets Imre Rad (@ImreRad) Google Phishing $0 (Working as intended) 03/25/2022
Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044) stypr (@stereotype32) Netgear XSS, Arbitrary file read, Authentication bypass, OS command injection, RCE - 03/25/2022
Pwn2Own Austin 2021 : Defeating The Netgear R6700V3 Antide Petit (@xarkes_) & Mitsurugi Heishiro (@0xmitsurugi) Netgear RCE, Memory corruption bug - 03/25/2022
How Token Misconfiguration can lead to takeover account Cryptographer (@justluthra) - Account takeover, Logic flaw - 03/24/2022
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121) Alex Plaskett (@alexjplaskett), Cedric Halbronn (@saidelike) & Aaron Adams (@fidgetingbits) Western Digital RCE - 03/23/2022
How I Was Able To TakeOver Any Account On One Of Europe’s Largest Media Companies Tobydavenn - IDOR, Account takeover N/A (VDP) 03/23/2022
When Equal is Not, Another WebView Takeover Story +Ch0pin (@Ch0pin) - Android bug - 03/22/2022
Authentication bypass using root array Eslam Akl (@eslam3kll) - Authentication bypass, Information disclosure - 03/22/2022
Basic recon to RCE II Joshua Martinelle (@J0_mart) - RCE - 03/22/2022
Story about more than 3.5 million PII leakage in Yahoo!!! dhakal_bibek (@dhakal__bibek) Yahoo IDOR, Information disclosure, iOS bug $9,500 03/22/2022
Google Maps API Key Unauthorized Use Case Dan Barros - Information disclosure $100 03/22/2022
Targeting Visual Studio Code for macOS: File Discovery and a TCC bypass (kinda) & PoC Alfie Champion (@ajpc500) Apple, Microsoft Local Privilege Escalation, TCC bypass, MacoS bug $0 (Won’t fix) 03/21/2022
($$$) Broken Authentication and IDOR at [REDACTED] Rizaldi Wahaz (@wah_haz) - IDOR - 03/21/2022
Broken session control leads to access private videos using the shared link even after revoking the access for specific time!! — #GoogleVRP Naveenroy Google Broken Access Control $0 (Intended behaviour) 03/20/2022
Bug Bounty catches part -1 Bijan Murmu (@0xBijan) - Authentication bypass, Information disclosure, Broken Access Control - 03/20/2022
CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera Maciej Pulikowski (@pulik_io) Google, Microsoft, Opera Browser bug $10,000 03/19/2022
Airdrop: Symbolic Link Following Ron Masas (@RonMasas) Apple iOS bug - 03/19/2022
Adobe bug bounty using IDOR, Confidential data leaks Debprasad Banerjee Adobe IDOR - 03/19/2022
Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software Vendors Meareg Microsoft IDOR - 03/18/2022
For the first Bounty, it takes a few challenging months, but only a few days for the second. Aneesha D (@interc3pt3r) - Old components with known vulnerabilities $250 03/18/2022
Bypass confirmation to add payment method. Yaj Desu - Email verification bypass, Logic flaw - 03/18/2022
Abusing Azure Hybrid Workers for Privilege Escalation – Part 1 Josh Magri (@passthehashbrwn) Microsoft Privilege escalation - 03/17/2022
My First Blind SQL Injection T VAMSHI - SQL injection - 03/17/2022
Parameter Pollution - Zero Day Jerry Shah (@Jerry) & ethicalbughunter (@ethicalbughuntr) Discourse HTTP Parameter Pollution - 03/17/2022
From XSS to RCE (dompdf 0day) Positive Security (@positive_sec) - XSS, RCE N/A (VDP) 03/16/2022
Git honours embedded bare repos, and exploitation via core.fsmonitor in a directory’s .git/config affects IDEs, shell prompts and Git pillagers Justin Steven (@justinsteven) GitHub, Microsoft, JetBrains RCE - 03/16/2022
How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? & frequest akshal(tojojo) - XSS - 03/16/2022
SSD Advisory – Exchange Server GetWacInfo Information Disclosure Vulnerability Alex Birnberg (@alexbirnberg) Microsoft XXE, Information disclosure - 03/15/2022
Securing Developer Tools: Git Integrations Sonar (@SonarSource) Microsoft, JetBrains, GitHub Local Privilege Escalation - 03/15/2022
Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) Richard Warren (@buffaloverflow) Apple Arbitrary file write - 03/15/2022
How I managed to trigger XSS automatically to get critical account takeover c4rrilat0r (@c4rrilat0r) - Stored XSS $3,000 03/15/2022
CVE-2022-22616: Simple way to bypass GateKeeper, hidden for years Mickey Jin (@patch1t) Apple Local Privilege Escalation, GateKeeper bypass - 03/15/2022
CVE-2020-24427: Adobe Reader CJK Codecs Memory Disclosure Vulnerability Haboob Research Team (@HaboobSa) Adobe Memory disclosure - 03/15/2022
My First Bug on VDP & BBP - Bug Bounty Aditya Singh / rook1337 (@imrook1337) - Stored XSS - 03/15/2022
From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password” YoKo Kho (@YokoAcc) - WAF bypass, Weak credentials $2,500 03/14/2022 Alternative link
Achieving Remote Code Execution via Unrestricted File Upload Haroon Hameed - Unrestricted file upload, RCE $3,000 03/14/2022
SQL Injection at Spotify Eslam Akl (@eslam3kll) Spotify SQL injection - 03/14/2022
How I access other domains in using Directory Traversal Kurt Russelle Marmol InfinityFree Directory traversal - 03/14/2022
How I Made The BBC Hall Of Fame 3 Times Tobydavenn BBC Information disclosure N/A (VDP) 03/14/2022
How I bypassed disable_functions in php to get a remote shell Asem Eleraky (@melotover) - RCE - 03/13/2022
Open Redirect via Sendgrid Email Misconfiguration Rifqi Hilmy Zhafrant - Open redirect $250 03/13/2022
A Tale of Open Redirection to Stored XSS Tushar Sharma (@tusharSharma_0) - Stored XSS, Open redirect - 03/12/2022
XSS through base64 encoded JSON Aman Pareek (@aman_notsogreat) - XSS - 03/12/2022
I can see the dislikes count even though is hidden by YouTube | YouTube ($500) R ando (@Rando02355205) Google Broken Access Control, IDOR $500 03/12/2022
I have Found Microsoft Subdomain Website database list, database username, password Bot Ami (@Botami143) Microsoft Information disclosure - 03/11/2022
How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control) can1337 (@canmustdie) - Broken Access Control - 03/11/2022
CVE-2022-24696 – Glance By Mirametrix Privilege Escalation Oddvar Moe (@Oddvarmoe) Lenovo Local Privilege Escalation N/A (VDP) 03/11/2022
How I was able to takeover any users account on a major telecoms website Tobydavenn - XSS - 03/11/2022
Rate Limit Bypass at Girishbo Lack of rate limiting, Password reset flaw - 03/11/2022
How I was able to read any users confidential reports on a public level domain Tobydavenn - IDOR - 03/10/2022
Escalating from Logic App Contributor to Root Owner in Azure Josh Magri (@passthehashbrwn) Microsoft Privilege escalation - 03/09/2022
How I Was Able To Wipe Any Registered Account Tobydavenn - Logic flaw - 03/09/2022
Demographic Misconfiguration on Facebook live Prajwol Dhungana (@PrajwolDhunga14) Facebook Logic flaw, Authorization flaw - 03/09/2022
SSD Advisory – NETGEAR DGND3700v2 PreAuth Root Access - Netgear Authentication bypass, OS command injection, RCE - 03/09/2022
Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis) Nguyễn Tiến Giang (@testanull) & peterjson (@peterjson) Oracle RCE - 03/09/2022
Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities Unit 42 (@Unit42_Intel) Google Privilege escalation, Container escape, Kubernetes bug - 03/08/2022
Log4shell in google $1337.00 amnotacat (@Amnotacat1) Google Log4shell, RCE $1,337 03/08/2022
How I managed to make a DDoS attack by exploiting a company’s service — Bug Bounty Mr Empy (@mr_empy) - DoS - 03/08/2022
Circumventing Browser Security Mechanisms For SSRF HTTPVoid (@httpvoid0x2f) - SSRF, XSS - 03/08/2022
AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service Yanir Tsarimi (@Yanir_) Microsoft Cross-tenant vulnerability, Account takeover $40,000 03/07/2022
The Bad Twin: a peculiar case of JWT exploitation scenario Sandh0t (@sandh0t) - Account takeover $3,000 03/07/2022
Some critical vulnerabilities found with passive analysis on bug bounty programs explained Daniel V (@d4niel_v) - Information disclosure, Logic flaw - 03/07/2022
WhatsApp Bug Bounty: Bypassing biometric authentication using voip Arvind (@ar_arv1nd) Meta / Facebook Authentication bypass - 03/05/2022
How I Hacked A Crypto Company And Could Steal 1 Million Dollars Worth of Bitcoin zoid (@z0idsec) - Path traversal $9,000 03/05/2022 Alternative link
More secure Facebook Canvas Part 2: More Account Takeovers Youssef Sammouda (@samm0uda) Meta / Facebook Account takeover $98,250 03/04/2022
CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED) Jacob Baines (@junior_baines) GitLab Username enumeration, GraphQL bug - 03/03/2022
4300$ Instagram IDOR Bug (2022) Nawaf Alkhaldi (@nvmeeet) Meta / Facebook IDOR $4,300 03/02/2022
Moodle 2nd Order Sqli mufinnnnnnn (@mufinnnnnnn) Moodle SQL injection - 03/02/2022
IDOR in through Code Review Brandon Roldan Mozilla IDOR $1,500 03/02/2022
CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO Chamal Apache Stored XSS, Account takeover - 03/02/2022
webOS Revisited - Even More Mistaken Identities Andreas Lindh (@addelindh) LG Local Privilege escalation, Browser bug - 03/02/2022
[ Directory Traversal attack ] How did I find it using GitHub Fenrir (@leetibrahim) - Information disclosure, Path traversal - 03/02/2022
Skype extension: All functionality broken? Still exploitable! Wladimir Palant (@WPalant) Microsoft Information disclosure, Privacy issue - 03/01/2022
Password Reset to Admin Access Jesse Clark (@Hogarth45_) - Account takeover, Authentication bypass, Password reset flaw - 03/01/2022
HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations Kaiwen Shen (@m0xiaoxi), Jianyu Lu, Yaru Yang, Jianjun Chen, Mingming Zhang, Haixin Duan, Jia Zhang & Xiaofeng Zheng - HTTP request smuggling, DoS, Semantic gap attacks - 03/01/2022
Pwning a Server using Markdown Aditya Dixit (@zombie007o) Hashnode LFI, RCE N/A (Responsible disclosure) 02/28/2022
BrokenPrint: A Netgear stack overflow Alex Plaskett (@alexjplaskett), Cedric Halbronn (@saidelike) & Aaron Adams (@fidgetingbits) Netgear Memory corruption bug, RCE - 02/28/2022
Hacking Subscription Plans for free service. Muhammad Khizer Javed (@khizer_javed47) - Payment bypass, OTP bypass - 02/27/2022
CVE-2022-22947: SpEL Casting And Evil Beans Wyatt Dahlenburg (@wdahlenb) - RCE - 02/26/2022
SSRF & LFI In Uploads Feature Raymond Lind - SSRF, LFI, HTML injection - 02/26/2022
Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager Egor Dimitrenko (@elk0kc) VMware Authentication bypass, RCE, SSRF, Path traversal - 02/25/2022
A Weird Price Tampering Vulnerability vFlexo (@vflexo) - Payment tampering, Logic flaw $200 02/25/2022
Bypassing default visibility for newly-added email in Facebook(Part I - Submitting I.D) & Part II - Trusted Contacts Kent Jarold Abulag (@wkemenhehehegsg) Meta / Facebook Logic flaw $1,500 02/25/2022
Instagram App Access Token Philippe Harewood (@phwd) Meta / Facebook Information disclosure $38,300 02/24/2022
Piercing the Cloud Armor - The 8KB bypass in Google Cloud Platform WAF Kloudle (@Kloudleinc) Google WAF bypass - 02/24/2022
How I Hacked the Dutch Government with SQLi and Won the Famous T-Shirt? Göktuğ Kaya (@g0ktugkaya) Dutch Government SQL injection N/A (VDP) 02/24/2022
Stealing a few more GitHub Actions secrets Teddy Katz (@not_aardvark) GitHub Logic flaw $7,500 02/23/2022
Write Up – Android Application Screen Lock Bypass Via ADB Brute Forcing Omar Espino (@omespino) - Android bug, Bruteforce, Authentication bypass - 02/22/2022
Facebook android vulnerability: Launching internal/tighten deeplink onbehalf of user Rahul Kankrale (@RahulKankrale) - Android bug, Insecure deeplink $3,525 02/22/2022
OAuth and PostMessage - Chaining misconfigurations for your access token. Suraj Disoja (@ninetyn1ne_) - OAuth flaw, postMessage misconfiguration, Token theft - 02/21/2022
How I could’ve bypassed the 2FA security of Instagram once again? Samip Aryal (@samiparyal_) Meta / Facebook 2FA bypass, Logic flaw $3,150 02/21/2022
Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql stypr (@stereotype32) Oracle (MySQL) SQL injection - 02/21/2022
What an injection into jQuery-selector can lead to Anton Subbotin (@ska_vans) - CSRF - 02/21/2022
XSS in hidden input field Faizan Elahi - XSS - 02/21/2022
Send a Email to me and get kicked out of Google Groups !! — #GoogleVRP — A Feature that almost broke Google Groups !! Sriram Kesavan (@sriramoffcl) Google Logic flaw, Authorization flaw $3,133.7 02/20/2022
A Case Study of API Vulnerabilities Monke (@pmofcats) - Information disclosure, Account takeover, Broken Access Control - 02/20/2022
Bypassing Cloudflare’s WAF! Friendly (@SkeletorKeys) - XSS, WAF bypass - 02/19/2022
CVE-2022-23835: A security analysis of Visual Voicemail Chris Talbot AT&T, T-Mobile Voicemail bug - 02/19/2022
My Experience of Hacking Dutch Government remonsec (@remonsec) Dutch Government - N/A (VDP) 02/24/2022
Passive Recon with Spyse (Part-II) & Part-I remonsec (@remonsec) - Subdomain takeover, AWS misconfiguration $2,100 02/19/2022
How I get my first SWAG from SIDN (Sensitive Data Exposer) remonsec (@remonsec) SIDN Directory listing, Information disclosure, 403 bypass N/A (VDP) 02/19/2022
RCE in GitHub Desktop < 2.9.4 Vladimir Metnew (@vladimir_metnew) GitHub RCE $2,000 02/18/2022
Stored XSS in ($2,000) R ando (@Rando02355205) Alibaba Stored XSS $1,000 02/18/2022
Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2) Cedric Halbronn (@saidelike), Aaron Adams (@fidgetingbits) & Alex Plaskett (@alexjplaskett) Lexmark Arbitrary file write, Race condition, Printer bug - 02/18/2022
Recon and YouTube, is that a thing? Marcos IAF / Rohit (@marcos_iaf) - Subdomain takeover - 02/17/2022
403 forbidden bypass & Accessing config files using a header vishnurajr - 403 bypass, Authorization flaw - 02/17/2022
Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN) Quentin Kaiser (@QKaiser) Cisco RCE, Unrestricted file upload, OS command injection - 02/17/2022
How I earned $9000 with Privilege escalations Junaid Khan (@JunoonBro) - Privilege escalation $9,000 02/16/2022
My first report on HackerOne: A logic flaw in npm ElSec (@ElSec_) GitHub Logic flaw - 02/16/2022
My First Reflected XSS Bug Bounty — Google Dork — $xxx Proviesec (@proviesec) - Reflected XSS - 02/16/2022
Hacked Dutch Government Website. All I got was this l̶o̶u̶s̶y̶ cool T-Shirt. Romesh chander Dutch Government Information disclosure N/A (VDP) 02/16/2022
Bug Report; Bypassing Weekly Limits In Basic (Free) LinkedIn Account Ashok Acharya LinkedIn Logic flaw - 02/16/2022
Hunting for bugs in VMware: View Planner and vRealize Business for Cloud Mikhail Klyuchnikov (@__Mn1__) & Egor Dimitrenko (@elk0kc) VMware RCE - 02/15/2022
Trim private live videos and access them (Meta bug bounty) abdellah yaala (@yaalaab) Meta / Facebook IDOR $7,500 02/15/2022
Static Taint Analysis Using Binary Ninja: A Case Study Of MySQL Cluster Vulnerabilities Reno Robert (@renorobertr) Oracle (MySQL) Memory corruption bug - 02/15/2022
Advisory: Western Digital My Cloud Pro Series PR4100 RCE Quentin Kaiser (@QKaiser) Western Digital RCE, OS command injection - 02/15/2022
BigQuery SQL Injection Cheat Sheet Ozgur Alp (@ozgur_bbh) & Anil Yuksel (@anilyukk) - SQl injection - 02/14/2022
My First Bounty and How I Got It Aneesha D (@interc3pt3r) - Subdomain takeover INR 10,000 (~ $132) 02/14/2022
Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover Preetham Bomma (@cyber01_) - AWS misconfiguration, Account takeover - 02/14/2022
How i made 15k$ from Remote Code Execution Vulnerability & Demo Abdulrahman Makki (@AMakki1337) - Code injection, RCE, Self-XSS $15,000 02/13/2022
Broken Link Hijacking - Mr. User-Agent Jerry Shah (@Jerry) - Broken link hijacking - 02/13/2022
A tale of 0-Click Account Takeover and 2FA Bypass. Firas Fatnassi (@Fatnass1F1ras) - Account takeover, Password reset flaw, 2FA bypass - 02/12/2022
“Zero-Days” Without Incident - Compromising Angular via Expired npm Publisher Email Domains Matthew Bryant (@IAmMandatory) GitHub Supply chain attack $0 (OOS, Duplicate) 02/11/2022
QRCDR ZeroDay Path Traversal Vulnerability Farhad Karimi (@n0lsec) - Path traversal - 02/11/2022
flashback_connects (Cisco RV340 SSL VPN Unauthenticated Remote Code Execution as root) Pedro Ribeiro (@pedrib1337) & Radek Domanski (@RabbitPro) Cisco Memory corruption bug - 02/11/2022
Subdomain Takeover via Leadpages Services on Tiktok Mohamed Haron (@m7mdharon) Tiktok Subdomain takeover $0 02/11/2022
Mindshare: When Mysql Cluster Encounters Taint Analysis Lucas Leong (@wmliang) Oracle (MySQL) Memory corruption bug - 02/10/2022
Microsoft Team’s Unpatched URL Spoofing Vulnerability Priyank Raval Microsoft URL spoofing $0 (Won’t fix) 02/09/2022
How I hacked Google to read files from their servers for free! Harish SG (@CoderHarish) Google Arbitrary file read $0 (Informative) 02/09/2022
ICMAD SAP Vulnerabilities (CVE-2022-22536, CVE-2022-22532 & CVE-2022-22533) SAP Product Security Response team & Onapsis’Research Labs SAP HTTP request smuggling, Memory leak, DoS, Memory corruption bug - 02/08/2022
Oracle Server Side Request Forgery (SSRF) Metadata Lidor Ben Shitrit Oracle SSRF - 02/08/2022
Story of critical security flaws I found in Glints huli (@aszx87410) Glints IDOR, Information disclosure 1600 SGD (~ $1,200) 02/08/2022
WordPress < 5.8.3 - Object Injection Vulnerability Simon Scannell (@scannell_simon) & Karim El Ouerghemmi WordPress Object injection, RCE - 02/08/2022
SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022-21999) Olivier Lyak (@ly4k_) Microsoft Local Privilege Escalation - 02/08/2022
How Docker Made Me More Capable and the Host Less Secure Alon Zahavi (@Alon_Z4) Microsoft Local Privilege Escalation - 02/08/2022
CVE-2022-21703: cross-origin request forgery against Grafana Julien Cretel (@jub0bs) & abrahack (@theabrahack) Grafana Labs CSRF, SSRF - 02/08/2022
SQL Injection, Reflected XSS and Information Disclosure in one subdomain in just 10 minutes Mahmoud Hamed (@7odamo_) - SQL injection, XSS, Information disclosure - 02/08/2022
Full Account takeover (ATO) — a tale of two bugs 🐛 Kwadwo Amoako - IDOR, Account takeover - 02/08/2022
Google Security Misconfiguration Leads to Account Takeover ! Harsh Banshpal Google Logic flaw, Spoofing $0 (Won’t fix) 02/08/2022
What I Found on Sony Vulnerability Disclosure Program Aditya Singh / rook1337 (@imrook1337) Sony Information disclosure, Lack of rate limiting, Open redirect, IDOR, XSS N/A (VDP) 02/07/2022
How can I access the members-only video comment? | YouTube ($5,000) R ando (@Rando02355205) Google Broken Access Control $5,000 02/07/2022
Insecure Bootstrap Process in Oracle Cloud CLI Nightwatch Cybersecurity (@nightwatchcyber) Oracle Supply chain attack - 02/06/2022
Auth Bypass in Google Assistant David Schütz (@xdavidhu) Google Information disclosure, Authentication bypass $2,674 02/06/2022
Auth Bypass in David Schütz (@xdavidhu) Google Authentication bypass $1,337 02/06/2022
How I found a critical P1 bug in 5 minutes using a cellphone — Bug Bounty Mr Empy (@mr_empy) - SQL injection - 02/06/2022
Facebook Oauth bypass abdellah yaala (@yaalaab) Meta / Facebook OAuth flaw $7,500 02/05/2022
What Bypassing Razer’s DOM-based XSS Patch Can Teach Us EdOverflow (@EdOverflow) Razer DOM XSS - 02/05/2022
How I bypassed PHP functions to read sensitive files on server Kailash (@corrupted_brain) - Components with known vulnerabilities, RCE - 02/04/2022
Bypassing the AWS WAF protection with an 8KB bullet Kloudle (@Kloudleinc) Amazon WAF bypass - 02/24/2022
Write Up – Private Bug Bounty: RCE In EC2 Instance Via SSH With Private Key Exposed On Public Github Repository – $xx,000 USD Omar Espino (@omespino) - Information disclosure - 02/03/2022
Solving DOM XSS Puzzles Eugene Lim (@spaceraccoonsec) - DOM XSS - 02/03/2022
HigherLogic Community RCE Vulnerability 0daystolive (@0daystolive) 8x8, IBM Insecure deserialization, RCE $1,250 02/03/2022
Malicious Kubernetes Helm Charts can be used to steal sensitive information from Argo CD deployments Apiiro’s Security Research Argo CD Supply chain attack, CI/CD bug N/A (VDP) 02/03/2022
A technique to semi-automatically find vulnerabilities in WordPress plugins kazet (@kazet1234) - XSS, SQL injection, Open redirect, CSRF - 02/03/2022
How I Tracked You Around The Globe 🌎 0xdroopy (@NikhilK50866227) Google (Waze) Information disclosure, Privacy issue - 02/02/2022
Abusing Facebooks Call To Action To Launch Internal Deeplinks Ashley King (@AshleyKingUK) Meta / Facebook CSRF, Android bug, iOS bug $4,000 02/02/2022
My first bounty, IDOR + Self XSS [€3000] Ladecruze (@ladecruze) Intigriti Self-XSS, IDOR $3,000 02/02/2022
A misconfigured Apache Airflow to AWS Account Compromise Avinash Jain (@logicbomb_1) - Outdated component with a known vulnerability, Privilege escalation, Information disclosure - 02/02/2022
My experience of Hacking The Dutch Government Phenomenal (@Chawla12111) Dutch Government XSS N/A (VDP) 02/02/2022
No Rate Limiting on OTP sending nOOb_mAsTeR - Bruteforce, Lack of rate limiting - 02/02/2022
CVE-2021-44142: Details On A Samba Code Execution Bug Demonstrated At Pwn2Own Austin Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) & Billy Jheng Bing-Jhong (@st424204) - Memory corruption bug, RCE $45,000 02/01/2022
A Peculiar Case of XSS and my first bug Aman Pareek (@aman_notsogreat) Bentley Systems XSS - 02/01/2022
A story of leaking uninitialized memory from Fastly Emil Lerner (@emil_lerner) Fastly HTTP/3 bug, Memory leak, Information disclosure N/A (VDP) 02/01/2022
How I approached Dependency Confusion! Aditya Soni (@hetroublemakr) - Dependency confusion - 02/01/2022
Hacking Google Drive Integrations Harsh Jaiswal (@rootxharsh) Dropbox SSRF $17,576 01/31/2022
Microsoft OneDrive For Macos Local Privilege Escalation Offensive Security (@offsectraining) Microsoft Local Privilege Escalation, MacOS bug - 01/31/2022
Missing rate-limiting. How I was able to add any unowned phone number to my Facebook account? (Bounty: 5000 USD) Shubham Bhamare (@theshubh77) Meta / Facebook OTP bypass, Bruteforce, Lack of rate limiting $5,000 01/31/2022
Remote Code Execution in .tgz File Upload Nick Berrie (@machevalia) - RCE, Unrestricted file upload $3,100 01/30/2022
Stored Cross-Site Scripting in MediaWiki Nick Berrie (@machevalia) - Stored XSS $1,090 01/30/2022
Access Control Violation – Wiki Page Creation Nick Berrie (@machevalia) - Authorization flaw $522.50 01/30/2022
XSS via X-Forwarded-Host header Abhijeet Biswas (@abhijeetbiswas_) Omise XSS, Host header injection $200 01/30/2022
2fa Bypass by changing Request method Arth Bajpai (@arth_bajpai) - 2FA bypass - 01/30/2022
How I hacked my way to the top of DARPA’s hardware bug bounty Malcolm Stagg (@malcolmst) DARPA FETT Hardware bug - 01/30/2022
How I Made $16,500 Hacking CDN Caching Servers — Part 1 & Part 2 & Part 3 Kevin (@bxmbn) - Web cache poisoning, Stored XSS, Web cache deception $16,500 01/29/2022
Paytm-Broken Link Hijacking Lohith Gowda M (@lohigowda_in) Paytm Broken link hijacking - 01/29/2022
Multiple HTTP Redirects to Bypass SSRF Protections ne555 - SSRF - 01/29/2022
Command Injection in Google Cloud Shell Ademar Nowasky Junior Google RCE, OS command injection $5,000 01/28/2022
The Story of a RCE on a Java Web Application LIL NIX (@Lil__Nix) - RCE, Insecure deserialization - 01/28/2022
Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite SirLeeroyJenkins (@SirLeeroyJenkin) Lark Technologies SSRF - 01/28/2022
The Story of an RCE on a Java Web Application LIL NIX (@Lil__Nix) - Insecure deserialization - 01/27/2022
Stealing administrative JWT’s through post auth SSRF (CVE-2021-22056) Christopher (@Kharosx0) VMware Windows Driver bug, Kernel DoS - 01/27/2022
CVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability Reegun Jayapaul (@reegun21) Microsoft URL validation bypass - 01/27/2022
Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP) Perception Point Apple MacOS bug, SIP bypass - 01/27/2022
Auth Bypass in ADOdb CVE-2021-3850 Emmet Leah - Authentication bypass - 01/26/2022
CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google’s KCTF Containers Crusaders of Rust (@cor_ctf) Google Container escape, Kubernetes bug $31,337 01/25/2022
How I could have read your confidential bug reports by simple mail? Sudhakar Muthumani (@Sudhakarmuthu04) Microsoft Information disclosure, Logic flaw $0 (OOS) 01/25/2022
Hacking the Apple Webcam (again) Ryan Pickren Apple UXSS $100,500 01/25/2022
HOW I hacked thousand of subdomains MoSec (@moe1n1) - Subdomain takeover $5,000 01/25/2022
How I was able to take over accounts in websites deal with Github as an SSO provider Khaled Mohamed - Bruteforcing, Lack of rate limiting, SSO bug, Email validation bypass, Account takeover - 01/25/2022
First Valid BUG Finding At Microsoft And I Got the Acknowledgments Page Microsoft Aidil Arief Microsoft XSS - 01/25/2022
CVE-2021-44790: Code Execution On Apache Via An Integer Underflow Chamal Apache Memory corruption bug - 01/25/2022
How I got access to 25+ Tesla’s around the world. By accident. And curiosity. David Colombo (@david_colombo_) Tesla Default credentials - 01/23/2022
Solarwinds Web Help Desk: When the Helpdesk is too Helpful Assetnote Security Research Team (@assetnote) SolarWinds Information disclosure, Hardcoded credentials - 01/23/2022
Path Traversal Paradise Kuldeep Pandya (@kuldeepdotexe) - Path traversal, LFI - 01/23/2022 Alternative link
How I was able to find multiple vulnerabilities of a Symfony Web Framework web application Abid Ahmad (@RootIntrud3r) - Debug mode enabled, Information disclosure - 01/23/2022
120 Days of Frequent Hacking Kuldeep Pandya (@kuldeepdotexe) & Sam Paredes (@caffeinevulns) - SSRF, LFI, Information disclosure, XSS, SQL injection - 01/21/2022
Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s meeting. Quel (@RootIntrud3r) - Insecure deep link, Android bug $0 (Informative) 01/21/2022
Hashing the Favicon.ico Ski Mask (@Ski_Mask0) - Information disclosure $100 01/21/2022
ZohOwned :: A Critical Authentication Bypass on Zoho ManageEngine Desktop Central Steven Seeley (@steventseeley) Zoho Authentication bypass - 01/20/2022
How I messed up my own profile data Himmat Singh - Authorization flaw - 01/20/2022
Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1 reversemode (@reversemode) Swiss Post Insecure deserialization, Cryptographic issues - 01/18/2022
CVE-2022-21661: Exposing Database Info Via Wordpress SQL Injection ngocnb and khuyenn WordPress SQL injection - 01/18/2022
Zooming in on Zero-click Exploits Natalie Silvanovich (@natashenka) Zoom Memory corruption bug - 01/18/2022
Mixed Messages: Busting Box’s MFA Methods Tal Peleg Box OTP bypass, MFA bypass - 01/18/2022
Stealing administrative JWT’s through post auth SSRF (CVE-2021-22056) Shubham Shah (@infosec_au) & Keiran Sampson (@hpy_downunder) VMware SSRF, CSRF - 01/17/2022
Write Up – Private Bug Bounty: Firebase Database Exposed By Misconfiguration – $2,000 USD Omar Espino (@omespino) - Android bug, Insecure Firebase database $2,000 01/17/2022
Critical XSS in chrome extension p3rr0 (@Hperalta89) - XSS, postMessage bug $1,500 01/17/2022
How i found “Broken Access Control Through out-of-sync setup” and got $1000 Mr Robert | Ahmed M Hassan (@Mr_Robert20) - Broken Access Control, Authorization flaw $1,000 01/16/2022
XXE in SAML SSO Writeup - Bug Bounty Aditya Singh / rook1337 (@imrook1337) - XXE - 01/16/2022
Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) Johannes Moritz & Robin Peraglie Moodle SQL Injection, Broken Access Control - 01/15/2022
120 Days of High Frequency Hunting Kuldeep Pandya (@kuldeepdotexe) & Sam Paredes (@caffeinevulns) - SSRF, LFI, Information disclosure, Broken Access Control, Authentication bypass, XSS, SQL injection - 01/15/2022
RCE In Adobe Acrobat Reader For Android(CVE-2021-40724) sunny‏‏‎ (@hulkvision) Google, Adobe RCE, Path traversal, Android bug $10,000 01/14/2022
FB Lite All Users Active Status Changed Neil Mark Ochea (@nmochea) Meta / Facebook Logic flaw - 01/14/2022
XSS Filter Evasion + IDOR JM Sanchez / 0xEchidonut (@jmrcsnchz) - XSS, IDOR $800 01/13/2022
Xiaomi Execute Arbitrary JavaScript Neil Mark Ochea (@nmochea) Xiaomi XSS, HTML injection, Android bug - 01/13/2022
Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969) frycos (@frycos) Microsoft Insecure deserialization - 01/13/2022
C.S.T.I Lead To Account Takeover $$$ M7.Arman (@ArmanSecurity) - CSTI, Account takeover - 01/13/2022
Pwning the portal: from database dump to session hijacking Bitcrack - SQL injection, XSS, CSRF - 01/12/2022
How I downed in 2 minutes — Lucky bug write up Ugroon (@veletisleri) Acronis DoS $0 (OOS) 01/11/2022
Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more Gabriel Sztejnworcel (@sztejnworcel) Microsoft RCE - 01/11/2022
Cross-Origin Resource Sharing (CORS) Misconfiguration leads to User’s PII leaks. Tarikul Islam (@sa1tama0) - CORS misconfiguration - 01/10/2022
Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle’s Shibboleth Johannes Moritz & Robin Peraglie Moodle Session hijacking, Session management flaw, Account takeover, RCE - 01/10/2022
New macOS vulnerability, “powerdir,” could lead to unauthorized user data access Microsoft 365 Defender Research Team Apple Privacy issue, MacOS bug - 01/10/2022
How did I find Log4j vulnerability via Static Code Analysis and receive €€€ bounty? Pranav Gajjar (@Pranav_Gajjar_) - Log4j, RCE - 01/10/2022
Host Header Injection Lead To Account Takeovers M7.Arman (@ArmanSecurity) - Host header injection, Password reset flaw, Account takeover - 01/09/2022
2FA bypass by reading the documentation tomorrowisnew (@tomorrowisnew_) - 2FA bypass $100 01/09/2022
A Tale Of 5250$: How I Accessed Millions Of User’s Data Including Their National ID’s Sam (@__Sam0_0) - AWS misconfiguration, Information disclosure $5,250 01/07/2022
A phishing document signed by Microsoft – part 2 Pieter Ceelen (@ptrpieter) & Dima van de Wouw (@_DaWouw) Microsoft Phishing, RCE - 01/07/2022
Exploiting Redash instances with CVE-2021-41192 Ian Carroll (@iangcarroll), Tuan Anh Nguyen (@haxor31337) & Gal Nagli (@naglinagli) - Privilege escalation, Session management flaw, SSRF $90,000+ 01/06/2022
How I was able to spoof any Instagram username on Instagram shop Nawaf Alkhaldi (@nvmeeet) Meta / Facebook IDOR $1,050+ 01/06/2022
Authorization bypass — Gmail 7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) Google Spoofing - 01/06/2022
Accessing GoDaddy internal instance through an email logic bug. Mostafa Mamdoh GoDaddy Logic flaw, Privilege escalation, Account takeover - 01/05/2022
Breaking Parser Logic: Gain Access To NGINX Plus API — Read/Write Upstreams. zoid (@z0idsec) - Path traversal - 01/05/2022
SQL Injection - The File Upload Playground Jerry Shah (@Jerry) - Unrestricted file upload, SQL injection - 01/04/2022
Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary website Rahul Kankrale (@RahulKankrale) Meta / Facebook XSS, Android bug $1,075 01/03/2022
NPM might be executing malicious code in your CI without your knowledge Rotem Bar (@rotembar) GitHub RCE - 01/03/2022
P5 to P1: Interesting Account Takeover Tushar Sharma (@tusharSharma_0) - Account takeover, Session expiration flaw, Password reset flaw $1,000 01/03/2022
IDOR leads to leak Private Details annonymous - IDOR - 01/03/2022
How i was able to bypass a Pin code Protection Kerolos sameh (@xko2xx) - Authorization flaw - 01/03/2022
Story of YouTube’s Unfixable Ads Bypass MrMax4o4 Google Logic flaw - 01/03/2022
The Story Of How I Bypass SSO Login zer0d - Authentication bypass - 01/02/2022
doorLock: Apple HomeKit Denial of Service Trevor Spiniolas Apple DoS - 01/01/2022
A tale of zero click account takeover Veshraj Ghimire (@GhimireVeshraj) - Account takeover, IDOR - 01/01/2022
Abusing Business Logic of an Application to create backdoor in a form APP Snap Sec (@snap_sec) - Logic flaw - 01/01/2022
One Click To Account Takeover M7.Arman (@ArmanSecurity) - Mass assignment - 01/01/2022

Bug bounty writeups published in 2021

Title & URL Author Bug bounty program Vulnerability Reward $$$ Publication date Alternative link
Fixing the Unfixable: Story of a Google Cloud SSRF David Schütz (@xdavidhu) Google SSRF $4,133.70 12/31/2021
Bug Hunting Journey of 2021 Sudhanshu Rajbhar (@sudhanshur705) - Stored XSS, Open redirect, Token theft, CSRF, Logic flaw, Information disclosure, IDOR, Account takeover $3,200+ 12/31/2021
My first Google HOF RV Sharma Google Broken Access Control $1,337 12/31/2021
Here’s How I Could Read Anyone’s Apple ID Metrics Remotely. Faizan Ahmad Wani Apple Information disclosure - 12/30/2021
Bypassing Identity-Aware Proxy - Google Cloud Vulnerability SebLu Google Authorization flaw, Token theft, OAuth flaw $5,000 12/30/2021
WhatsApp for Android Retains Deleted Contacts Locally Nightwatch Cybersecurity (@nightwatchcyber) Meta / Facebook Privacy issue $0 (Won’t fix) 12/30/2021
How I Am Able To Crash Anyone’s Mozilla Firefox Browser By Sending An Email Sam Mozilla DoS $0 12/30/2021
Google Cloud Shell XSS NDevTK (@ndevtk) Google XSS $5,000 12/30/2021
[IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty Rahul Kankrale (@RahulKankrale) Meta / Facebook IDOR $863 12/29/2021
Story of a weird CSRF bug Sudhanshu Rajbhar (@sudhanshur705) - CSRF - 12/29/2021
Remote Code Execution in Google Cloud Dataflow Mike Brancato (@meatballninja) Google RCE $3,333.70 12/28/2021
Full account takeover vulnerability in Minecraft Abdulrahman Makki (@AMakki1337) Minecraft Account takeover $5,000 12/28/2021
Bounty Evaluation GitHub = $15,000 US Dollars | Rate Limit Taniya Agarwal GitHub Bruteforce, Email verification bypass, Account takeover $15,000 12/28/2021
Common Nginx Misconfiguration leads to Path Traversal MikeChan - Path traversal - 12/28/2021
Bi/ug Bounties and HyperV RCE Research Peter Hlavaty (@rezer0dai) Microsoft Hyper-V RCE $100,000+ 12/27/2021
XSS via file upload Jay Sharma - XSS, Unrestricted file upload - 12/27/2021
How I Bypassed Netflix Profile Lock? Krishnadev P Melevila (@Krishnadev_P_M) Netflix Logic flaw $0 (Won’t fix) 12/27/2021
Turning bad SSRF to good SSRF: Websphere Portal Shubham Shah (@infosec_au) HCL Technologies SSRF N/A (VDP) 12/26/2021
How I Saved Christmas for Google 🎄 0xdroopy (@NikhilK50866227) Google (Waze) Dependency confusion - 12/25/2021
Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)😲 Anurag__Verma - Authentication bypass, IDOR, Lack of rate limiting - 12/25/2021
Information Disclosure leads to sensitive credential($$$) khan mamun (@mamunwhh) - Information disclosure $150 12/25/2021
How I found (and fixed) a vulnerability in Python Adam Goldschmidt (@AdamGolds) Python Web cache poisoning - 12/24/2021
Cache Poisoning at Scale Youstin (@iustinBB) GitHub, GitLab, HackerOne, Shopify, Cloudflare & others Web cache poisoning $40,000 12/23/2021
MS Teams: 1 feature, 4 vulnerabilities Fabian Bräunlein Microsoft SSRF, Information disclosure, DoS, Spoofing $0 (Won’t fix) 12/22/2021
How I was able to bypass WAF and find the origin IP and a few sensitive files Jan Muhammad Zaidi (@hasanakajan) - WAF bypass - 12/22/2021
Sandbox escape + privilege escalation in StorePrivilegedTaskService Sector 7 (@sector7_nl) Apple Local Privilege Escalation, MacOS bug - 12/21/2021
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories Wiz (@wiz_io) Microsoft Security misconfiguration, .git folder disclosure $7,500 12/21/2021
How I found (P2) Broken Authentication with Zero Skill of Hacking yoshi m lutfi (@yoshiahmadlutfi) - Authentication bypass, Account takeover - 12/21/2021
SSD Advisory – Rocket.Chat Client-side Remote Code Execution - RocketChat RCE, MacOS bug N/A (VDP) 12/21/2021
How I earned $$$ by bypassing 2FA Mohamed Taha (@Mohamed12742780) - 2FA bypass, Forced browsing - 12/21/2021 Alternative link
Bring Your Own SSRF – The Gateway Actuator Wyatt Dahlenburg (@wdahlenb) - SSRF, DoS - 12/20/2021
Blackbox Cookie Testing — How I Cracked The Admin’s Cookie Saeed Balquizi - Authentication bypass - 12/20/2021
RCE in Visual Studio Code’s Remote WSL for Fun and Negative Profit Parsia Hackerman (@cryptogangsta) Microsoft RCE $0 (OOS) 12/20/2021
How I was able to reveal page admin of almost any page on Facebook Sudip Shah Meta / Facebook IDOR $4,500 12/20/2021
Stored XSS by bypassing signature Abdulrahman Makki (@AMakki1337) - XSS, Unrestricted file upload $3,500 12/20/2021
Flickr Account Takeover Lauritz (@lauritz) Flickr Account takeover, Authentication flaw $7,550 12/18/2021
Hacked Google-Meet…??! 7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) Google Authorization flaw - 12/18/2021
Exploitation Of CVE-2021-21220 – From Incorrect JIT Behavior To RCE Bruno Keith (@bkth_) & Niklas Baumstark(@_niklasb) Google, Microsoft Browser bug, Memory corruption, RCE $100,000 12/16/2021
Broken Access Control Meareg Microsoft IDOR - 12/16/2021
GHSL-2021-1053: Path traversal in Grafana REST API - CVE-2021-43813, CVE-2021-43815 Alvaro Muñoz (@pwntester) Grafana Labs Path traversal - 12/15/2021
Gumtree – leaking your data and not really listening Alan Monie (@AlanMonie) Gumtree IDOR - 12/15/2021
How I found the Authentication Bypass bug and Earn \(\) Thedarkwayg (@shadow_CLAY) - Session expiration issue $1,000 12/15/2021
Bypassing the macOS Gatekeeper Ron Masas (@RonMasas) Apple Local Privilege Escalation, Gatekeeper bypass - 12/15/2021
How I found XSS vulnerability in Amazon in 5 minutes using shodan Mohamed Taha (@Mohamed12742780) Amazon XSS - 12/15/2021 Alternative link
How I Bypassed Incapsula WAF By Imperva Dawood Ikhlaq - SQL injection - 12/14/2021
Zero Click To Account Takeover M7.Arman (@ArmanSecurity) - Account takeover, Password reset flaw - 12/14/2021
SVG based Stored XSS xaonan44 - Stored XSS - 12/12/2021
A story about a not-so-direct SSRF Preetham Bomma (@cyber01_) - SSRF - 12/12/2021
Open Redirection - QR Code Magic Jerry Shah (@Jerry) - Open redirect $0 (Duplicate) 12/11/2021
Remote Deserialization Bug in Microsoft’s RDP Client through Smart Card Extension (CVE-2021-38666) Valentino Ricotta Microsoft Memory corruption bug $5,000 12/10/2021
Remote ASLR Leak in Microsoft’s RDP Client through Printer Cache Registry (CVE-2021-38665) Valentino Ricotta Microsoft Memory corruption bug $1,000 12/10/2021
ProtoBuffer ReUtilization “New Way to Security Test GoogleCaptcha” ChooK Rapid7 Captcha bypass N/A (VDP) 12/10/2021
Don’t Reply: A Clever Phishing Method In Apple’s Mail App Jon Bottarini (@jon_bottarini) Apple Phishing $5,000 12/09/2021
A phishing document signed by Microsoft – part 1 Pieter Ceelen (@ptrpieter) & Dima van de Wouw Microsoft Phishing, RCE - 12/09/2021
File Upload to RCE Ahmed Magdy (@8Ahmed88Magdy8) - Unrestricted file upload - 12/09/2021
Exploiting S3 bucket with path folder to Access PII info of A BANK Santosh Kumar Sha (@killmongar1996) - AWS misconfiguration, Information disclosure - 12/09/2021
From Finding AWS S3 Bucket to Sensitive Data Exposure Demon (@R29k_) - AWS misconfiguration - 12/09/2021
Account Takeover via Stored XSS Demon (@R29k_) - Account takeover, Stored XSS $1,000 12/09/2021
CVE-2021-43798 - Path Traversal Vulnerability In Grafana & How I found the Grafana zero-day Path Traversal exploit that gave me access to your logs Jordy Versmissen / J0VSEC (@j0v0x0) Grafana Labs Path traversal - 12/08/2021
Another Admin panel Rizwan_siddiqui (@Rizwan_SiDdiqu1) - HTTP response manipulation, Authentication bypass - 12/08/2021
Microsoft Vancouver leaking website credentials via overlooked DS_STORE file CyberNews Team Microsoft Information disclosure - 12/08/2021
Windows 10 RCE: The exploit is in the link Fabian Bräunlein & Lukas Euler Microsoft RCE $5,000 12/07/2021
How I was able to change Reddit acquired Dubsmash’s music library sound tracks’ titles Sandeep Hodkasia (@sandeephodkasia) Reddit IDOR $3,000 12/07/2021
Hacking into Admin Panel of U.S Federal government system C.A.R.S — without credentials. Hazem Brini (@ImJungsuu) U.S. General Services Administration Client-side enforcement of server-side security, Privilege escalation N/A (VDP) 12/07/2021
Microsoft Azure Portal – CSV Injection Christian Becker (@0xchrisb) Microsoft CSV injection - 12/06/2021
SSRF vulnerability in AppSheet - Google VRP David Nechuta (@david_nechuta) Google SSRF $6,267.4 12/05/2021
Accidental IDOR in eLearnSecurity to Knowing Your Address and Cert You Bought. Anugrah SR (@cyph3r_asr) INE IDOR N/A (VDP) 12/05/2021
This is how i was able to See and Delete your Private Facebook Portal photos Abhishek Pathak (@pathleax) Meta / Facebook IDOR - 12/04/2021
How I managed to hack User accounts of a billion-dollar sport platform Vishnuraj - OTP bypass, Bruteforce, Lack of rate limiting - 12/04/2021
My mindset while hunting on Yandex and my SSRF Momen Ali (Cyber Guy) (@theCyberGuy0) Yandex SSRF - 12/04/2021
How I accessed the Sensitive document which I had already deleted Pawan Chhabria (@heybenchmarkkk) - Privacy issue - 12/04/2021
Write Up – XSS Stored In Via XML/SVG File (iOS) – $1,000 USD Omar Espino (@omespino) Slack XSS $1,000 12/03/2021
Disclose Ad Accounts linked with Instagram Accounts Naveen (@NaveenHax) Meta / Facebook Information disclosure, Logic flaw, GraphQL bug $1,500 12/02/2021
Bypassing Box’s Time-based One-Time Password MFA Tal Peleg Box OTP bypass, MFA bypass - 12/02/2021
AWS SageMaker Jupyter Notebook Instance Takeover Gafnit Amiga (@gafnitav) Amazon Self-XSS, CSRF, RCE - 12/02/2021
Exploring Container Security: A Storage Vulnerability Deep Dive Fabricio Voznika & Mark Wolters Kubernetes Race condition, Kubernetes bug - 12/02/2021
Easy SQLi in Amazon subsidiary using Sqlmap Mostafa Mamdoh Amazon SQL injection $1,500 12/01/2021
This shouldn’t have happened: A vulnerability postmortem Tavis Ormandy (@taviso) Mozilla Memory corruption bug - 12/01/2021
AUDI, partner! vict0ni (@vict0ni) Audi Subdomain takeover, Information disclosure N/A (VDP) 12/01/2021
How i was able to bypass Cloudflare WAF for SQLi payload Momen Ali (Cyber Guy) (@theCyberGuy0) - SQL injection, WAF bypass - 12/01/2021
P1 _Bug in Apple that phase “old is Gold” Saurabh Sankhwar (@mr_encryption) Apple Logic flaw $0 (Informative) 12/01/2021
Microsoft Teams – CSV Injection Christian Becker (@0xchrisb) Microsoft CSV injection - 12/01/2021
VMware vCenter earlier versions ( has unauthorized arbitrary file read + ssrf + xss vulnerability Khoa Dinh (@_l0gg) VMware LFI, SSRF, XSS, Arbitrary file read - 11/30/2021
My write-up in hacking IBM’s administration panel and getting SQLi on it Momen Ali (Cyber Guy) (@theCyberGuy0) IBM SQL injection, Broken Access Control - 11/30/2021
NodeBB 1.18.4 - Remote Code Execution With One Shot Sonar (@SonarSource) NodeBB RCE, XSS, Authentication bypass, Arbitrary file read $1,536 11/30/2021
This Microsoft Windows RCE Vulnerability Gives an Attacker Complete Control Malcolm Stagg (@malcolmst) Microsoft Memory corruption bug - 11/30/2021
Play The Opera Please Dhiraj (@RandomDhiraj) Opera Browser bug - 11/29/2021
Price Manipulation Bypass Using Integer Overflow Method Marx Chryz - Payment tampering, Memory corruption bug - 11/29/2021
[] Cross-Site Websockets Hijacking sh1yo (@sh1yo_) Node.js third-party modules Cross-Site Websocket Hijacking (CSWH) - 11/29/2021
SEC-596 sh1yo (@sh1yo_) cPanel Reflected XSS - 11/29/2021
How I got my first bounty on financial sector gateway site by using Previous GraphQL vulnerabilities. Night Hawk - Information disclosure, GraphQL bug $2,500 11/26/2021
SSD Advisory – Chrome Ad Heavy Bypass (via history.back()) Alesandro Ortiz (@AlesandroOrtizR) Chrome Browser bug - 11/26/2021
WordPress Plugin Confusion: How an update can get you pwned & Wordpress Plugin Update Confusion - The full guide how to scan and mitigate the next big Supply Chain Attack Kamil Vavra (@vavkamil) & Gal Nagli (@naglinagli) - Supply chain attack, WordPress plugin confusion, WordPress theme confusion - 11/25/2021
RocketChat - Monitor User Messages Rojan Rijal (@uraniumhacker) RocketChat Authorization flaw N/A (VDP) 11/25/2021
How I Found My First XSS Bug Thedarkwayg (@shadow_CLAY) Atlassian XSS $600 11/25/2021
Unauthenticated Sensitive Information Disclosure at [REDACTED] Rizaldi Wahaz (@wah_haz) - Old components with known vulnerabilities, Information disclosure - 11/25/2021
Multiple Vulnerabilities In Concrete CMS – Part2 (PrivEsc/SSRF/etc) FORTBRIDGE (@FORTBRIDGE1) Concrete CMS Privilege escalation, SSRF N/A (VDP) 11/25/2021
Account Takeover in $Million Company? 0xGodson (@0xGodson_) Fastmail Account takeover, Password reset flaw $0 (Informative) 11/24/2021
ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717) theMiddle (@AndreaTheMiddle) ModSecurity DoS N/A (VDP) 11/24/2021
Finding XSS on and building a proof of concept to leak your PII information Zseano (@zseano) Apple XSS - 11/23/2021 Alternative link
Moodle Blind SQL injection via MNet authentication rekter0 (@rekter0) Moodle SQL injection - 11/23/2021
A business logic error bug worth 600$ Deep Patidar (@itsdeepceh) - Payment tampering $600 11/23/2021
GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks Romain Carnus, Maxime Nadeau, Julien Pineault & Mathieu Novis Microsoft Local Privilege Escalation - 11/22/2021
[BugBounty] XSS with Markdown — Exploit & Fix on OpenSource Lê Thành Phúc - XSS - 11/22/2021
Peeping through a Web-Socket Aditya Verma (@0cirius0) - Cross-Site Websocket Hijacking (CSWH) - 11/21/2021
Open Redirect Vulnerability On Zapier: An Accidental Find Monish Basaniwal Zapier Open redirect $100 11/21/2021
Hacking Apple Security Report System HackrzVijay (@hackrzvijay) Apple Logic flaw, Social engineering $0 (OOS) 11/20/2021
Exploiting OAuth: Journey to Account Takeover Aditya Dixit (@zombie007o) - Account takeover, OAuth flaw, XSS, Weak CSP, CSRF - 11/19/2021
How I accidentally hacked many companies using N/A vulnerability in Atlassian Cloud Valeriy Shevchenko (@Krevetk0Valeriy) Atlassian Information disclosure, Authentication flaw $15,000 11/19/2021
A Story of an Epic Blind Remote Code Execution(RCE) Akash Solanki (@MAALP1225) - RCE, OS command injection - 11/18/2021
A common defect in java system-Memory DoS (include CVE-2021-2344, CVE-2021-2371, CVE-2021-2376, CVE-2021-2378) threedr3am (@threedr3am1) Oracle DoS - 11/18/2021
URL whitelist bypass in & Reacting to myself finding an SSRF vulnerability in Google Cloud David Schütz (@xdavidhu) Google Privilege escalation, URL validation bypass, SSRF $10,401.1 11/17/2021
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory Karl Fosaaen (@kfosaaen) Microsoft Information disclosure - 11/17/2021
Write Up – Apple N/A: PII Information, Full Contact List, Main Phone No. And Main Icloud Email Extracted; Bug Patched: Arbitrary Local File Read Via Zip File And Symlinks On Ios Files App. Omar Espino (@omespino) Apple Arbitrary file read $0 11/17/2021
The tale of CVE-2021–34479 (VSCode XSS) Daniel Santos (@bananabr) Microsoft XSS, CSP bypass - 11/17/2021
Keybase App Vulnerability: Incomplete Cleanup of Messages In Keybase for Android/iOS, CVE-2021-34421 Olivia O’Hara (@oliviaohara), Jackson Henry (@JacksonHHax), John Jackson (@johnjhacking) & Robert Willis (@rej_ex) Keybase Information disclosure - 11/17/2021
Diving into Open-source LMS Codebases Poh Jia Hao (@Chocologicall) Moodle, Chamilo LMS Insecure file upload, Insecure deserialization, RCE, CSRF, SQL injection, Reflected XSS - 11/16/2021
DOS attack in Yahoo, How i was able to deny new users from service? Mostafa Mamdoh Yahoo DoS, Logic flaw $1,000 11/16/2021
Full account takeover through referral code. Mostafa Mamdoh Shipt Authentication flaw, Account takeover $700 11/16/2021
T-Reqs: HTTP Request Smuggling with Differential Fuzzing Bahruz Jabiyev (@BahruzJabiyev), Steven Sprecher, Kaan Onarlioglu & Engin Kirda - HTTP Request Smuggling - 11/15/2021
DOS attack in Yahoo, How i was able to deny new users from service? Mostafa Mamdoh Yahoo DoS $1,000 11/15/2021
How I Found P1 bug Due to Sensitive data exposure And Earn \(\) Piyush shukla (@PiyushShukla__) - Information disclosure - 11/15/2021
Broken Link Hijacking — 404 Google Play Store— xxx$ Bounty Proviesec (@proviesec) - Broken link hijacking - 11/14/2021
Exploiting CSP in Webkit to Break Authentication & Authorization Sachin Thakuri (@sachinnthakuri) & Prakash (@1lastBr3ath) Apple Information disclosure, CSP leak, Account takeover $100,000+ 11/13/2021
Impact of an Insecure Deep Link Yashar Shahinzadeh (@YShahinzadeh) & Аli Dinifаr (@binb4sh) CafeBazaar Insecure deep link - 11/13/2021
Never leave this tip while you hunting Broken Access Control secureITmania (@secureitmania) - Broken Access Control - 11/13/2021
How I got $200 in 30 Seconds. Yash__ HackZ (@HackzYash) - Information disclosure $200 11/12/2021
chaining improper authentication to idor and no rate limit for mass account takeover mohit (@mohit29295572) - Account takeover, Lack of rate limiting, CSRF, IDOR - 11/12/2021
From URL dumps digging to IDOR , BAC, Massive Phishing in Udemy Mostafa Mamdoh Udemy Broken access control, Information disclosure, IDOR, HTML injection $1,300 11/12/2021
Simple SSRF Allows Access To Internal Assets Sam Paredes (@caffeinevulns) - SSRF - 11/11/2021
Write Up – Google VRP Bug Bounty: /etc/environment Local Variables Exfiltrated On Linux Google Earth Pro Desktop App – $1,337 USD Omar Espino (@omespino) Google XSS $1,337 11/11/2021
Unrestricted File Upload Leads to SSRF and RCE Muhammad Adel (@ItsFadinG_) - ImageTragick, Unrestricted file upload, SSRF, RCE - 11/11/2021
Fuzzing Microsoft’s RDP Client using Virtual Channels: Overview & Methodology Valentino Ricotta Microsoft Memory corruption bug $6,000 11/10/2021
ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough Nir Ohfeld (@nirohfeld) & Sagi Tzadik (@sagitz_) Microsoft Cross-tenant vulnerability, Account takeover, Privilege escalation $40,000 11/10/2021
Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond Daniel Thatcher - HTTP Header Smuggling, HTTP Request Smuggling - 11/10/2021
400$ Bounty again using Google Dorks Haris M (@hrsm321) - Directory listing, Information disclosure $400 11/09/2021
Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over Cam (@secretlyhidden1) Google IDOR - 11/09/2021
Bypass Chrome Ad-Heavy detection mechanism 0x0021h (@0x0021h) Google Browser bug - 11/09/2021
How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes Mahmoud Youssef (@0xmahmoudjo0) - SQL injection - 11/07/2021
SONY Hunting I: Discovering Hidden Parameters (5x SWAG) can1337 (@canmustdie) Sony Open redirect N/A (VDP) 11/07/2021
Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri Lauritz (@lauritz) GitHub, Microsoft, StackExchange OAuth flaw, Prototype pollution - 11/06/2021
4 Crits in 48 hours: Unicorn Programs Monke (@pmofcats) - Privilege escalation, Information disclosure, IDOR - 11/06/2021
Bypass video capture limit on Ray-Ban Stories Philippe Harewood (@phwd) Meta / Facebook Logic flaw, Android bug $1,500 11/05/2021
Unauthenticated Access To Cloud Portal — A 🚪 Without 🗝️ Yukesh Kumar (@3th1c_yuk1) - Authentication bypass - 11/05/2021
Multiple Concrete CMS Vulnerabilities ( Part1 – RCE ) FORTBRIDGE (@FORTBRIDGE1) Concrete CMS RCE, Race condition N/A (VDP) 11/05/2021
HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from waybackurls Anurag__Verma DigitalOcean IDOR N/A (VDP) 11/04/2021
Fiverr email restriction bypassed | Bounty 100$ Maruf Hosan Fiverr Logic flaw $100 11/04/2021
A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions Perception Point (@PerceptionPo1nt) Apple Local Privilege Escalation, MacOS bug - 11/03/2021
How i made 500$ with XSS Nassim Chami (@nvccim) - XSS, Account takeover $500 11/01/2021
Never Give Up — Story of Hacking Dutch Government and Earning that Dutch Swag. BabaBounty (@Rohan96867358) Dutch Government IDOR N/A (VDP) 10/31/2021
This is how i was able to Permanently Crash all Mapillary users within minutes Abhishek Pathak (@pathleax) Meta / Facebook Application-level DoS - 10/31/2021
How I found Command Injection via Obsolete PHPThumb Sushant Kamble - OS command injection - 10/30/2021
One misconfiguration to rule them all Sushant Soni (@sushantsoni5392) & Varun (@varun0x1) - Information disclosure, Debug mode enabled $5,000 10/29/2021
How I was able to access a properly Configured S3 Bucket Pawan Chhabria (@heybenchmarkkk) - Leaked AWS keys, Information disclosure - 10/28/2021
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection Microsoft Security Vulnerability Research (MSVR) Apple SIP bypass, Local Privilege Escalation - 10/28/2021
Write Up – XSS Stored In Via Doc File (iOS) Omar Espino (@omespino) Atlassian Stored XSS - 10/28/2021
A journey from XML External Entity (XXE) to NTLM hashes! Shubham Chaskar (@chaskar_shubham) - XXE - 10/28/2021
Apple XAR – Arbitrary File Write (CVE-2021-30833) Richard Warren (@buffaloverflow) Apple Arbitrary file write - 10/28/2021
Unauthenticated Cache Purge Priyansh Bansal (@PriyanshB25) Lenovo Unauthenticated cache purge N/A (VDP) 10/28/2021
Unauthorized access to any user’s account. vikram naidu (@ImVikram7msd) - IDOR, Authentication bypass, Account takeover - 10/28/2021
Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD Sonar (@SonarSource) GoCD Broken authentication, Authentication flaw N/A (VDP) 10/27/2021
Easy SSRF from Wayback Machine Khaled Mohamed (@0xElkomy) - SSRF - 10/27/2021
Use-After-Free in Voice Control: CVE-2021-30902 Write-up 08Tc3wBB (@08Tc3wBB) Apple Memory corruption bug - 10/27/2021
Zimbra “zmslapd” Local Root Exploit. Darren Martyn (@_darrenmartyn) Zimbra Local Privilege Escalation N/A (VDP) 10/27/2021
An Effective 5 min recon leads to a Hall of Fame Renganathan (@IamRenganathan) - Information disclosure - 10/26/2021
Zimbra “nginx” Local Root Exploit Darren Martyn (@_darrenmartyn) Zimbra Local Privilege Escalation N/A (VDP) 10/25/2021
A 7500$ Google sites IDOR Jalal (@r0ckin_) Google IDOR $7,500 10/24/2021
Account Takeover via improper input validation Gaurav Narwani (@gauravnarwani97) & Verneet (@err0rrrrr) - OAuth flaw, Token theft, Account takeover - 10/24/2021
How I was able to revoke your Instagram 2FA Dhiyaneshwaran (@DhiyaneshDK) Facebook (Instagram) Bruteforce, Rate-limiting bypass $5,000 10/23/2021
Google Chrome Vulnerability Worth for $6K: Use After Free (CVE-2021-30573) Security For Everyone / S4E Team (@secforeveryone) Google Memory corruption bug $6,000 10/23/2021
Discourse SNS webhook RCE joernchen (@joernchen) Discourse RCE, Signature validation bypass - 10/23/2021
Tagged User Could Delete Facebook Story Mark Rhoy (@mrkrhy_xyz) Meta / Facebook Logic flaw, Android app bug, Authorization flaw - 10/23/2021
How i Got 3 SQL injection in just 10 minutes. Ahmed Fatouh (@XDev05) - SQL injection - 10/23/2021
A story of another awesome old school hacking that lead to a cool P1 bug Vuk Ivanovic - 403 bypass - 10/22/2021
Moodle - Stored XSS and blind SSRF possible via feedback answer text rekter0 (@rekter0) & Holme (@holme_sec) Moodle Stored XSS, SSRF - 10/22/2021
All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646) Eugene Lim (@spaceraccoonsec) Microsoft RCE, Memory corruption bug - 10/22/2021
Unauthorized access to any Facebook user’s draft profile picture frames Sandeep Hodkasia (@sandeephodkasia) Meta / Facebook IDOR - 10/22/2021
CVE-2021-2471 MySQL JDBC XXE pyn3rd (@pyn3rd) Oracle (MySQL) XXE - 10/21/2021
From staging to 0 click account takeover mohamad mahmoudi (@Lotus_619) Pinterest Account takeover, Logic flaw - 10/19/2021
Exploiting Request forgery on Mobile Applications. Sayed Abdelhafiz (@dPhoeniixx) Pinterest CSRF, Account takeover, Android app bug, iOS app bug - 10/19/2021
A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection Marc Olivier Bergeron Amazon SQL injection, WAF bypass - 10/19/2021
Shells And SOAP: Websphere Deserialization To RCE Wyatt Dahlenburg (@wdahlenb) IBM RCE, Insecure deserialization - 10/18/2021
The Speckle Umbrella story — part 2 Imre Rad (@ImreRad) Google Information disclosure, Logic flaw - 10/18/2021
How I Escalated a Time-Based SQL Injection to RCE JM Sanchez / 0xEchidonut (@jmrcsnchz) Sony SQL injection, RCE - 10/17/2021
Business Logic Errors - A Logic Destruction Jerry Shah (@Jerry) - Logic flaw - 10/17/2021
Exploitation of file’s download parameters to create potential risk of malware delivery: $200 bug! Muhammad Aamir (@Muhammad__Aamir) - CSRF, RCE $200 10/17/2021
Remote code execution in Managed Anthos Service Mesh control plane Anthony Weems Google RCE $6,000 10/15/2021
Write Up – Google VRP N/A: Arbitrary Local File Read (Macos) Via <a> Tag And Null Byte (%00) In Google Earth Pro Desktop App Omar Espino (@omespino) Google Local File Read $0 (Won’t fix) 10/14/2021
500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻 Gowtham_Naidu (@NaiduPonnana) - OTP bypass, Account takeover, Password reset flaw $500 10/13/2021
Abusing Slack’s file-sharing functionality to de-anonymise fellow workspace members Julien Cretel (@jub0bs) Slack XSLeaks $0 (Won’t fix) 10/12/2021
ESET Endpoint Security credentials theft Mehdi Alouache ESET Credentials sent over unencrypted channel $0 (Informative) 10/12/2021
Bypassing required reviews using GitHub Actions Omer Gil (@omer_gil) GitHub Privilege escalation, Logic flaw - 10/12/2021
Hacking YouTube With MP4 KeyboardWarrior (@Keyb0ardWarr10r) Google Logic flaw, DoS $0 (Informative) 10/11/2021
Exploiting HTML-to-PDF Converters through HTML Imports Mohammed Diaa (@mhmdiaa) - XSS, LFI - 10/10/2021
How I Hacked Billion Android Users Social And 3rd Party Account | A Story About 5000$ Bug Karthikeyan (@Karthithehacker) Google Android bug $5,000 10/10/2021
How I got $500 with Open redirect khan mamun (@mamunwhh) - Open redirect $500 10/10/2021
Stumbling across a DOM XSS on tkiela (@svennergr) Google DOM XSS - 10/10/2021
Account Takeover — Story of 2 same issues in a single program but different sub-domains. Himanshu Pdy (@himanshu_pdy_01) - Account takeover - 10/10/2021
Auth Bypass in Google Assistant David Schütz (@xdavidhu) Google Insecure deeplink $8,133.70 10/10/2021
Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage MikeChan - Information disclosure - 10/09/2021
Request Smuggling In Major Crypto Site — road to disappointment CeloIme Prezime - HTTP Request Smuggling $0 10/09/2021
Accessing Apple’s internal UAT Slackbot for fun and non-profit Shail Patel (@shail_official) & Ashish Kunwar (@D0rkerDevil) Apple Authorization flaw $0 10/07/2021
CVE-2021-26420: Remote Code Execution In Sharepoint Via Workflow Compilation - Microsoft RCE - 10/06/2021
Hacking Netflix Eureka! Maxim Tyukov (@maxtyukov) Netflix SSRF, XSS - 10/06/2021
CSRF to one tray Red-bull Mohammed Saneem Redbull CSRF N/A (VDP) 10/06/2021
[EN] Stored XSS in the administrator’s panel due to misuse of MarkupSafe Aethlios (@AethliosIK) pass Culture Stored XSS - 10/06/2021
How I got access to many PIIs through a source code leak Supras (@LdrTom) - Information disclosure - 10/05/2021
CVE-2021-26084 snowyyowl (@bennyyjacob) Atlassian RCE - 10/05/2021
CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass Cristian Giustini Forma LMS Authentication bypass N/A (Responsible disclosure) 10/05/2021
Bypassing 403 Protection To Get Pagespeed Admin Access Prajit Sindhkar (@PrajitSindhkar) - 403 bypass $200 10/04/2021
$600 for IDOR (File or Folder Download) Inderjeet Singh - encodedguy (@3nc0d3dGuY) - IDOR $600 10/03/2021
A short story of Content Spoofing to HTML Injection in Apple using Dangling Markup Injection Rishu Ranjan (@tweetit_rrj) Apple HTML injection, Dangling Markup Injection - 10/03/2021
Pre-Auth SSRF To Full MailBox Access (Microsoft Exchange Server Exploit) Vanshal Gaur (@VanshalG) - SSRF - 10/02/2021
The Discovery Of Gatekeeper Bypass CVE-2021-1810 & Analysis Of CVE-2021-1810 Gatekeeper Bypass Rasmus Sten (@pajp) Apple Logic flaw - 10/01/2021
Ping’ing XMLSec tint0 (@_tint0) Ping, Netflix, Paypal XSLT, XXE - 09/30/2021
Expect The Unexpected: Discovering fresh ZeroDay for Bounty SinSin (@sin_khe) - Logic flaw, Information disclosure - 09/30/2021
How I found bug on Google Cloud Anuragbhoir11 Google OTP bypass - 09/30/2021
Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts Youssef Sammouda (@samm0uda) Meta / Facebook Account takeover, Android app bug $10,000 09/29/2021
Force Browsing bug at Facebook business plan ($500 Bounty) Dewanand Vishal (@dewcode91) Meta / Facebook Authorization flaw, Forced browsing $500 09/29/2021
Telegram users’ privacy has been violated again. Messenger representatives demand not to disclose details ne555 Telegram Privacy issue - 09/29/2021
“A tale of making internet pollution free” - Exploiting Client-Side Prototype Pollution in the wild Sergey Bobrov (@black2fan), s1r1us (@s1r1u5_), Terjanq (@terjanq), Beomjin Lee (@po6ix), Masato Kinugawa (@kinugawamasato), Nikita Stupin (@_nikitastupin), Rahul Maini (@iamnoooob), Harsh Jaiswal (@rootxharsh), Mikhail Egorov (@0ang3el), Melar Dev (@melardev) Apple, Atlassian, Mozilla, HubSpot, Segment Analytics & others Prototype pollution, XSS $12,600+ 09/28/2021
Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS) Bobby Rauch / Bobbyr Apple Stored XSS - 09/28/2021
DeepSurface Security Advisory: LPE in Firefox on Windows Robert Chen Mozilla Local Privilege Escalation $0 (Won’t fix) 09/28/2021
Bypass of biometrics & password security functionality for Android Dheeraj Madhukar (@Dheerajmadhukar) CoinDCX Authentication bypass, Android app bug - 09/27/2021
CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux sickcodes (@sickcodes) Tor Verbose logging $0 (Informative) 09/27/2021
Improper phone number validation to account takeover shesha sai_c (@Cyb3r_4ss4s1n) - Logic flaw, OTP bypass, Account takeover - 09/27/2021
Attack Surface Analysis - Part 3 - Resurrected Code Execution Parsia Hackerman (@cryptogangsta) - RCE - 09/26/2021
Telegram bug in terminated sessions Hackintosh5 Telegram Session expiration issue - 09/24/2021
Remote Command Execution in Visual Studio Code Remote Development Extension Abdel Adim smaury Oisfi (@smaury92) Microsoft RCE - 09/24/2021
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program Denis Tokarev / illusionofchaos Apple Information disclosure, Local Privilege Escalation, Privacy issue - 09/24/2021
$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser Renwa (@RenwaX23) Opera XSS, RCE $8,000 09/24/2021
Bug-Bounty | FASTMAIL [ : account takeover] Mohammed ELdawody Fastmail Account takeover, Password reset flaw - 09/24/2021
Bug-Bounty | FASTMAIL [ Privileges Escalation > Organization Takeover] Mohammed ELdawody Fastmail Privilege escalation, Logic flaw - 09/24/2021
Facebook Messenger for MacOS contained valid hardcoded FB access token (employee’s token?) Dzmitry Lukyanenka (@vulnano) Meta / Facebook Hardcoded token $625 09/23/2021
Pwn2Own 2021: Parallels Desktop Guest To Host Escape Benjamin McBride (@bdmcbri) Parallels VM escape - 09/23/2021
Super Admin panel without Credentials 😎 Rizwan_siddiqui (@Rizwan_SiDdiqu1) - Authentication bypass N/A (VDP) 09/22/2021
Autodiscovering the Great Leak Amit Serper (@0xAmit) Microsoft Domain name collision - 09/22/2021
mXSS in Guilherme Keerok (@k33r0k) & Luan Herrera (@lbherrera_) Mozilla XSS $0 (OOS) 09/22/2021
A fever Worth 750$- [Accessing Private Projects ] Shakti Mohanty (@3ncryptSaan) Mozilla IDOR, Information disclosure $750 09/22/2021
Cookie Stealing via Clickjacking using Burp collaborator Anurag__Verma - Clickjacking - 09/22/2021
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through Markus Wulftange (@mwulftange) Citrix Systems RCE, Path traversal - 09/21/2021
Mama Always Told Me Not to Trust Strangers without Certificates Adam (@AdamOfDc949) Netgear MiTM, RCE - 09/21/2021
5 RCEs in npm for $15,000 Robert Chen (@NotDeGhost) & Philip - RCE $15,000 09/20/2021
Unlimited report user in Instagram (Facebook) leads to abuse risk. Mano Prasanth Meta / Facebook Lack of rate limiting $0 (Informative) 09/20/2021
Vertical Privilege escalation Saddam Hussain (@wisdomfreak1) - Privilege escalation - 09/19/2021
Chaining bugs for better bounties Manas Harsh (@ManasH4rsh) - SSRF, XSS, Information disclosure $600 09/19/2021
Admin access !! th3.d1p4k (@DipakPanchal05) - Privilege escalation, Broken Access Control - 09/19/2021
A small change, and things go in your hand : Story of a $250 bounty Fardeen Ahmed (@fardeenahmed411) - Information disclosure $250 09/18/2021
From phpinfo page to many P1 bugs and RCE. [Symfony] Abdelrahman Khaled - File disclosure, Information disclosure, RCE - 09/18/2021
From Google Dorking to Information Disclosure MikeChan - Information disclosure, Lack of authentication N/A (VDP) 09/18/2021
All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035) Eugene Lim (@spaceraccoonsec) Apache OpenOffice RCE, Memory corruption bug - 09/17/2021
How to have free Internet WIFI on United Airlines flights Philippe Delteil (@PhilippeDelteil) United Airlines Payment tampering, Logic flaw - 09/17/2021
A Small Tale of Account Takeover … Saugat Pokharel (@saugatpk5) - IDOR, Account takeover - 09/16/2021
Weaponizing Reflected XSS to Account Takeover Hassan Shahid (@pwnsauc3) - XSS, Account takeover - 09/16/2021
How I was able to find 100+ XSS in United nations Bug Bounty Programr mrpentestguy (@MR_iambatman) United Nations XSS N/A (VDP) 09/16/2021
This is why you shouldn’t trust your Federated Identity Provider Soufiane Habti (@wld_basha) - OAuth flaw, Account takeover, Authentication bypass $1,500 09/15/2021
A Facebook bug that exposes email/phone number to your friends Saugat Pokharel (@saugatpk5) Meta / Facebook Information disclosure, Logic flaw $19,250 09/15/2021
How I Was Able To Send SMS From Google To Anyone | $$$ Google Vulnerability: Raidh Ĥere (@asterfiest) Google Content spoofing - 09/15/2021
How I hacked worldwide Tiktok users s3c (@s3c_krd) TikTok IDOR $7,500 09/15/2021 Alternative link
Microsoft Azure Portal – Persistent Cross-Site Scripting Christian Becker (@0xchrisb) & Sven Schlüter (@secsven) Microsoft Stored XSS - 09/15/2021
OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers Nir Ohfeld (@nirohfeld) Microsoft Local Privilege Escalation, RCE - 09/14/2021
10 golden minutes for taking over a account Seqrity (@seqrity9) Lack of rate limiting, Bruteforce, Session expiration issue $400 09/14/2021
Hacking CloudKit - How I accidentally deleted your Apple Shortcuts Frans Rosén (@fransrosen) Apple Logic flaw(s) $64,000 09/13/2021
Escalating Azure Privileges with the Log Analytics Contributor Role Karl Fosaaen (@kfosaaen) Microsoft Logic flaw(s) - 09/13/2021
$3133.70 Google Dialogflow IDOR Vulnerability Raidh Ĥere (@asterfiest) Google IDOR $3,133.70 09/12/2021
Exposing Millions of IRCTC Passengers’ ticket details. Renganathan (@IamRenganathan) IRCTC IDOR N/A (VDP) 09/12/2021
$5000 Google IDOR Vulnerability Writeup Raidh Ĥere (@asterfiest) Google IDOR $5,000 09/11/2021
How I found my first AEM related bug. Vedant Tekale (@_justYnot) - LFR - 09/11/2021
Bypassing GCP Org Policy with Custom Metadata & GCP AI Notebooks Vulnerability - Remediation Kat Traxler (@NightmareJS) Google Authorization flaw $1,337 09/10/2021
How I Was Able to delete any facebook story where am I mentioned or tagged Sank Dahal (@sank68034756) Meta / Facebook Logic flaw $1,000 09/10/2021
Mistuned Part 1: Client-side XSS to Calculator and More, Mistuned Part 2: Butterfly Effect & Part 3 CodeColorist (@codecolorist) Apple XSS, Memory corruption bug, iOS bug - 09/10/2021
Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances Unit 42 (@Unit42_Intel) Microsoft Container takeover, Container escape, Privilege escalation - 09/09/2021
Change home directory and bypass TCC aka CVE-2020-27937 Wojciech Reguła (@_r3ggi) Apple Privacy issue, MacOS bug - 09/09/2021
GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink Justin Steven (@justinsteven) GitHub Logic flaw, Information disclosure - 09/08/2021
Spook.js: Attacking Google Chrome’s Strict Site Isolation via Speculative Execution and Type Confusion Ayush Agarwal, Sioli O’Connell, Jason Kim, Shaked Yehezke, Daniel Genkin, Eyal Ronen & Yuval Yarom Google Browser bug, Side-channel attack, Site Isolation bypass - 09/08/2021
Account Takeover via XSS in e-signature feature worth 2500$ Gökhan Güzelkokar (@gkhck_) - XSS, Account takeover $2,500 09/08/2021
Facebook email disclosure and account takeover Rikesh Baniya / NotRickyy (@rikeshbaniya) Meta / Facebook Information disclosure, Account takeover - 09/08/2021
Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser Renwa (@RenwaX23) Opera Stored XSS, Local File Read $4,000 09/08/2021
Accessing Grofers Grafana Instance Using Shodan Lohith Gowda M (@lohigowda_in) Grofers Weak credentials $25,000 09/08/2021
5 Different Vulnerabilities in Google’s Threadit Thomas Orlita (@ThomasOrlita) Google DOM XSS, Clickjacking, Privilege escalation, Information disclosure - 09/07/2021
SSRF in PDF export with PhantomJs أنس روبي (@xhzeem) - SSRF, XSS, LFI - 09/07/2021
Full structure takeover to many brands of company Abdelrahman Khaled - Directory listing, Information disclosure - 09/06/2021
SSD Advisory – NETGEAR D7000 Authentication Bypass - Netgear Authentication bypass - 09/06/2021
2 CSRF 1 IDOR on Google Marketing Platform apapedulimu / Nosa Shandy (@LocalHost31337) Google IDOR, CSRF $3,633.70 09/06/2021
How I can take over any user’s account with their mobile number Sushmitha Katikitala - Account takeover, OTP bypass, Authentication bypass - 09/06/2021
Burp Suite RCE Wfox PortSwigger RCE, Browser bug - 09/06/2021
Eye for an eye: Unusual single click JWT token takeover Yurii Sanin (@SaninYurii) JetBrains Open redirect, JWT bug, Account takeover - 09/05/2021
Business Logic Errors - Must Vote Jerry Shah (@Jerry) - Logic flaw $0 (Duplicate) 09/05/2021
Bypassed! and uploaded a sweet reverse shell Ajay Sharma (@security_donut) - Unrestricted file upload - 09/05/2021
How i hacked BBC mail servers Momen Ali (Cyber Guy) (@theCyberGuy0) BBC Information disclosure, Open mail relay N/A (VDP) 09/04/2021
More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers Youssef Sammouda (@samm0uda) Meta / Facebook Account takeover $126,000 09/03/2021
How @Mailru traeted my report on their program Aý Oùb (@Yukusawa18) AWS misconfiguration $150 09/03/2021
IDOR Vulnerability In GraphQL Api On Website Aidil Arief - IDOR, GraphQL bug - 09/03/2021
Google Cloud Build — under the hood Imre Rad (@ImreRad) Google - - 09/02/2021
Play the music and bypass TCC aka CVE-2020-29621 Wojciech Reguła (@_r3ggi) Apple Privacy issue, MacOS bug - 09/02/2021
RCE By Code Injection | Perl Reverse Shell Abdulrahman-Kamel - RCE, Code injection - 09/02/2021
ZDI-21-1053: Bypassing Windows Lock Screen Abdelhamid Naceri (@KLINIX5) Microsoft Authentication bypass, Lock screen bypass - 09/02/2021
Your Vulnerability Is In Another OEM! Lucas Georges, Julient Boutet & Thomas Chauchefoin Western Digital Memory corruption bug, RCE - 09/02/2021
SQL injection in harvard subdomain Brandon Roldan (@tomorrowisnew_) Harvard University XSS, SQL injection - 09/02/2021
Breaking Application’s Logic to DOS Attack Abhijeet Singh (@abhiunix) - IDOR, DoS - 09/02/2021
chaining bugs from self XSS to account takeover Behnam Yazdanpanah (@abhiunix) - Self-XSS, WAF bypass, CSRF, Account takeover - 09/02/2021
How I Found Multiple XSS in Hidden Legacy Pages Marx Chryz - XSS $1,000 09/02/2021
Hacking Dutch Government For a lousy T-shirt Veshraj Ghimire (@GhimireVeshraj) Dutch Government IDOR, Information disclosure N/A (VDP) 09/02/2021
CVE-2021-2429: A Heap-based Buffer Overflow Bug In The Mysql Innodb Memcached Plugin - Oracle (MySQL) Memory corruption bug - 09/02/2021
SQL injection in harvard subdomain Brandon Roldan (@tomorrowisnew_) Harvard University SQL injection - 09/01/2021
Now Patched Vulnerability in WhatsApp could have led to data exposure of users Dikla Barda & Gal Elbaz Facebook (WhatsApp) Memory corruption bug - 09/01/2021
Full PoC | Metasploit Pro Trial License Request Limit Bypass ChooK Rapid7 Privilege escalation, Logic flaw N/A (VDP) 08/31/2021
Dropping root shell in a Crypto Exchange for Fun and Profitn’t Nirmal Thapa (@tnirmalz) ChangeNOW RCE $1,000 08/31/2021
Bypassing 2-Factor Authentication for Facebook Business Manager (Bounty: 1000 USD) Shubham Bhamare (@theshubh77) Meta / Facebook 2FA bypass $1,000 08/31/2021
Broken Access Control Leads To Change Of Admin Details V3D (@v3d_bug) - Privilege escalation, Client-side enforcement of server-side security - 08/31/2021
CVE-2021-39165: A Bug Bounty Journey from a Laravel SQL Injection Vulnerability Xuan Tuyen - SQL injection - 08/30/2021
Proxytoken: An Authentication Bypass In Microsoft Exchange Server Xuan Tuyen Microsoft Authentication bypass - 08/30/2021
I owe your Request | HTTP Request Smuggling leads to Full Accounts takeover Muhammad Adel (@ItsFadinG_) - HTTP Request Smuggling - 08/30/2021
Two account takeover bugs worth $4300 🎁 Usama Varikkottil (@usama_dev) - Account takeover, Privilege escalation, 403 bypass, IDOR $4,300 08/29/2021
How MarkMonitor left >60,000 domains for the taking Ian Carroll (@iangcarroll) - Subdomain takeover - 08/29/2021
Hunting for XSS with CodeQL Daniel Santos (@bananabr) GitLab XSS $500 08/29/2021
What would you do if Oracle’s mailing server sent you this? I am Broot Oracle HTML injection - 08/29/2021
ATO of WordPress Website “4 digits €€€€ Bounty in 5 Minute!” Ritesh Gohil (@RiteshG37659480) - Exposed registration page, Account takeover - 08/29/2021
Information disclosure via api misconfiguration Rizwan_siddiqui (@Rizwan_SiDdiqu1) - Information disclosure - 08/29/2021
Bug Bounty: “My Remote Code Execution” 0xJin (@0xJin) - Default credentials, RCE - 08/29/2021
Cache Poisoning via SelfXSS + Path Parameter ElMahdi Mrhassel (@ElMrhassel) - XSS, Web cache poisoning - 08/28/2021
SSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL Injection Caesar Evan Santoso - WAF bypass, SSRF, SQL injection - 08/28/2021
Exploiting Devops -Leak Source codes Shivbihari Pandey (@ninja_pandit_) - Information disclosure - 08/28/2021
How I Scored 2K Bounty via an IDOR Sicksec (@OriginalSicksec) IDOR $2,000 08/27/2021
How did I earned 6000$ from tokens and scopes in one day Corraldev (@javier_corralg) - Authorization flaw, Privilege escalation $6,000 08/27/2021
ChaosDB: Critical Vulnerability in Microsoft Azure Cosmos DB Nir Ohfeld (@nirohfeld) & Sagi Tzadik (@sagitz_) Microsoft Account takeover, Local Privilege escalation $40,000 08/26/2021
Oauth client secret leak and possible IDOR leading to PII Disclosure Monke (@pmofcats) & Bend Theory (@bendtheory) - IDOR, OAuth flaw, Information disclosure - 08/26/2021
Reflective XSS via search box [Bypassing Cloudflare WAF]. Friendly (@SkeletorKeys) - Reflected XSS - 08/26/2021
‘Websocket Hijacking’ to steal Session_ID of victim users Sunil Yedla (@sunilyedla2) - Cross-Site WebSocket Hijacking (CSWH) - 08/25/2021
Pwn2Own Vancouver 2021 :: Microsoft Exchange Server Remote Code Execution Steven Seeley (@steventseeley) Microsoft RCE, MiTM - 08/25/2021
Business Logic Ratings Bug Maxwell Dulin (@Dooflin5) - Logic flaw - 08/25/2021
Retrieve Archived Stories Of Any Public Instagram Account. Naveen Facebook (Instagram) IDOR, GraphQL bug $0 (Duplicate) 08/25/2021
Vulnerability in Bumble dating app reveals any user’s exact location Robert Heaton (@RobJHeaton) Bumble Information disclosure, Logic flaw $2,000 08/25/2021
The Nomulus rift Imre Rad (@ImreRad) Google Insecure deserialization - 08/25/2021
“How Companies Need to Widen There Scopes” amnotacat - RCE, Components with known vulnerabilities - 08/25/2021
How I found a primitive but critical broken access control vulnerability in YouTrack (CVE-2020–24618) Yurii Sanin (@SaninYurii) JetBrains Information disclosure - 08/25/2021
One Endpoint, Two Account Takeovers Yashar Shahinzadeh (@YShahinzadeh) - Account takeover - 08/24/2021
[$5K] Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO) Aditya Sharma (@Assass1nmarcos) - Account takeover, Password reset flaw, Information disclosure $5,000 08/24/2021
How i was able to steal private files of any user on Larksuite Imran Nissar (@Imrannissar3) - IDOR - 08/24/2021
By Design: How Default Permissions on Microsoft Power Apps Exposed Millions UpGuard Team (@upguard) Microsoft Information disclosure - 08/23/2021
Hey Google ! - Delete my Data Properly — #GoogleVRP Sriram Kesavan (@sriramoffcl) Google Logic flaw - 08/23/2021
Zoom RCE from Pwn2Own 2021 Thijs Alkemade (@xnyhps) & Daan Keuper Zoom RCE, Memory corruption bug $200,000 08/23/2021
Server Side Request Forgery with huge impact in production application Gökhan Güzelkokar (@gkhck_) - SSRF - 08/23/2021
Story Of Unexpected Bugs Neh Patel - IDOR, XSS - 08/22/2021 Stored Cross-Site Scripting Tyle Butler (@tbutler0x90) Stored XSS, Authentication bypass, IDOR $40 08/22/2021
How I was able to get 1000$ bounty from a ds-store file? Khaled Mohamed (@0xElkomy) - Information disclosure, Debugging enabled €1,000 08/21/2021
Playing With s3 Leaks Aswin Thambi Panikulangara (@r0074g3n7) - AWS misconfiguration - 08/21/2021
How I found my first Subdomain Takeover vulnerability Monish Basaniwal - Subdomain takeover, CSRF €375 08/20/2021
How I got RCE In The World Largest Russian Company Sicksec (@OriginalSicksec) RCE - 08/20/2021
Disclose WhatsApp Number of Instagram Accounts Despite Setting Set to be Hidden Naveen (@NaveenHax) Meta / Facebook Information disclosure, Logic flaw $1,000 08/19/2021
Account Takeover via Access Token Leakage Tuhin Bose (@tuhin1729_) - IDOR, Information disclosure, Account takeover - 08/19/2021
From Pwn2Own 2021: A New Attack Surface On Microsoft Exchange - Proxyshell! Orange Tsai (@orange_8361) Microsoft RCE, Privilege escalation $200,000 08/18/2021
How to Hack Apple ID Zemnmez (@zemnmez) Apple XSS, Account takeover $10,000 08/17/2021
Confirming any new Email Address bug in Facebook (Part-4) Lokesh Kumar (@lokeshdlk77) Meta / Facebook Rate-limiting bypass $3,449 08/17/2021
Dangling DNS: Announcekit Mohamed Elbadry (@_melbadry9) - Subdomain takeover - 08/16/2021
Two weeks of securing Samsung devices: Part 2 Oversecured (@OversecuredInc) Samsung Arbitrary file write, Arbitrary file read, Vulnerable Android content provider $18,040 08/16/2021
CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware /Brave-Browser/tor/data/tor.log sickcodes (@sickcodes) Brave Software Privacy issue, Information disclosure $400 08/16/2021
A Bug’s Life: CVE-2021-21225 & Exploiting CVE-2021-21225 and disabling W^X Brendon Tiszka (@btiszka) Google Browser bug $22,000 08/16/2021
Why u should use burp to test Path Traversal Vulnerability and also get RXSS Yasser Mohammed (@boomneroli) - Path traversal, XSS, CSRF, Account takeover $700 08/16/2021
Second Order Subdomain Takeovers – They DO Exist! Alun Jones (@ftp_alun) Microsoft Subdomain takeover, Broken link hijacking - 08/15/2021
1st Bug Bounty WriteUp: Open Redirect To XSS on Login Page Nassim Chami (@nvccim) - Open redirect, XSS - 08/15/2021
Simple HTML Injection to $250 Ahmad Halabi (@Ahmad_Halabi_) - Account takeover, Mass assignment $600 08/14/2021
Finding multiple SSRF with aws metadata access on A BANK system Santosh Kumar Sha (@killmongar1996) - SSRF - 08/14/2021
Bypass Google Captcha+Parameter Pollution Leads to send email to any user on behalf of “Organization” with any desired content viral bhatt (@viralbhatt100) - HTTP Parameter Pollution, Captcha bypass - 08/14/2021
Facebook Bug:Invite user to Like a Page even after they decline the Page Like Invite Circle Ninja (@circleninja) Meta / Facebook Logic flaw $0 (Informative) 08/14/2021
How we was able to takeover whole organization via Privilege Escalation Yasser Mohammed (@boomneroli) - Privilege escalation, Authorization flaw $500 08/13/2021
How I found read/write access to the personal data of 3 million users of an E-commerce website? Prashant Singh / SecGeek_one0one - IDOR - 08/13/2021
Blind SSRF in URL Validator Yash Kandekar (@Neutron__) - Blind SSRF - 08/12/2021
Taking Over Employee Accounts by Managers with Zero Employee Interaction Chaitanya Rajhans (@Chaitanya_024) - HTML injection $250 08/12/2021
How I Bought a £240.00 Annual Subscription for Bargain £0.01 Craig Hays (@craighays) - Payment tampering, Logic flaw - 08/11/2021
OVE-20210809-0001 Visual Studio Code .ipynb Jupyter Notebook XSS (Arbitrary File Read) Justin Steven (@justinsteven) Microsoft XSS $0 (OOS) 08/11/2021
Multiple Vulnerabilities In cPanel/WHM Adrian Tiron (@adrian__t) cPanel XXE, Stored XSS, Privilege escalation, CSRF, Cross-Site WebSocket Hijacking (CSWH) - 08/10/2021
Fuzzing + IDOR = Admin TakeOver Gonzalo Carrasco (@0xCGonzalo) - IDOR, Account takeover - 08/09/2021
What is BOLA? 3-digit bounty from Topcoder ($$$) can1337 (@canmustdie) Topcoder IDOR - 08/09/2021
CVE-2021-25738 Jordy Versmissen / J0VSEC (@j0v0x0) Kubernetes RCE $1,000 08/07/2021
CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation Of Privilege (EOP) bohops (@bohops) Intel Local Privilege Escalation - 08/07/2021
Size Matters — CVE-2021–0485 (High) +Ch0pin (@Ch0pin) Google (Android) Local Privilege Escalation - 08/07/2021
Access to CrowdTangle Deletion Framework API Philippe Harewood (@phwd) Meta / Facebook Authorization flaw, GraphQL bug - 08/07/2021
View the country of a private Instagram User Philippe Harewood (@phwd) Meta / Facebook Information disclosure $0 (Informative) 08/07/2021
Access to CrowdTangle Deletion Framework API Philippe Harewood (@phwd) Meta / Facebook Information disclosure, Logic flaw, GraphQL bug $0 (Informative) 08/07/2021
Do you like to read? I can take over your Kindle with an e-book Slava Makkaveev Amazon Memory corruption bug, RCE, Local Privilege Escalation - 08/06/2021
Account Takeover (User + Admin) Via Password Reset Hemant Patidar (@HemantSolo) - Account takeover, Password reset flaw, Logic flaw $200 08/05/2021
How I found Open Redirect on Jefferson Gonzales (@gonzxph) Hashnode Open redirect N/A (Responsible disclosure) 08/05/2021
PostMessage Xss vulnerability on private program Youghourta Ghannei (@YoughartaG) - XSS, postMessage bug - 08/03/2021
How the use of hidden form fields lead to Email verification bypass Yash Swarup (@wazirsec) - Email verification bypass, Client-side enforcement of server-side security - 08/03/2021
How I Scored 1K Bounty Using Waybackurls Sicksec (@OriginalSicksec) - Information disclosure $1,000 08/02/2021
Detecting Jackson deserialization vulnerabilities with CodeQL Artem Smotrakov (@artem_smotrakov) GitHub Insecure deserialization $4,500 08/02/2021
Facebook Messenger for android indirect thread deletion vulnerability. Rahul Kankrale (@RahulKankrale) Meta / Facebook Insecure deeplink - 08/02/2021
how to be popular yan (@bcrypt) OkCupid CSRF, Type confusion - 08/02/2021
CVE-2020–15823: Server-Side Request Forgery (SSRF) in JetBrains YouTrack Yurii Sanin (@SaninYurii) JetBrains SSRF - 08/02/2021
~/BugBounty/IDOR/”How I was able to exfiltrate any user’s credit coupons” Jai Sharma (@ja1sharma) - IDOR - 08/02/2021
Privilege Escalation | stealing user’s point | Bugcrowd Abhind Abhi - IDOR, Privilege escalation - 08/02/2021
Tale of XSS in Angular Sicksec (@OriginalSicksec) - Reflected XSS - 08/02/2021
Blind XXE Leads to Internal Port Scanning Through SSRF Sam Paredes (@caffeinevulns) - XXE, SSRF - 08/01/2021
Multi Domain DOM Cross Site Scripting Sam Paredes (@caffeinevulns) - DOM XSS - 08/01/2021
The journey from Google Honorable Mention to Hall of Fame. Akash basnet (@noneofyou007) Google Referer leakage, Information disclosure, Password reset flaw - 08/01/2021
Missing permission check for Facebook gaming community invites Philippe Harewood (@phwd) Meta / Facebook Information disclosure, Authorization flaw - 08/01/2021
Bug Bounty Stories #1: Tale of CSP bypass in an electron app! SecurityGOAT (@RuntimeSecurity) - CSP bypass - 07/31/2021
From Hobby to Hacking Muhammad Syahrul Haniawan (@b0x_in) - Unrestricted file upload, RCE, Lack of authentication - 07/31/2021
How I escalate my Self-Stored XSS to Account Takeover with the help of IDOR Jefferson Gonzales (@gonzxph) HackerEarth Self-XSS, IDOR, Account takeover - 07/31/2021
How I bypassed website using Akamai waf Yusif Cəfərov (@yusifceferov_) - XSS - 07/31/2021
Facebook Vulnerability: Expose Group Member — $3000 Muhammad Sholikhin (@MuhammadLikhin) Meta / Facebook IDOR $3,000 07/30/2021
XXE in Public Transport Ticketing Mobile APP Nikhil (niks) (@niksthehacker) - XXE, RCE - 07/30/2021
Account takeover via stored xss vikram naidu (@ImVikram7msd) - Stored XSS $1,000 07/30/2021
Google Bug Bounty: $500 worth client-side DoS on Google Keep Tommaso De Ponti (@heytdep) Google Application-level DoS $500 07/30/2021
Gaining Access To GCP Of Google Stadia — 500$ Bounty Sebastien Kaul Google Information disclosure $500 07/29/2021
How I found my first IDOR in HackerOne N1GHTMAR3 (@n1ghtmar3_2421) - IDOR - 07/29/2021
How I could have hacked your medium account by phishing your FB, Twitter & Google credentials. Renganathan (@IamRenganathan) Medium Open redirect, OAuth flaw - 07/29/2021
Chaining Open Redirect with XSS to Account Takeover Radian ID - Open redirect, XSS, Account takeover - 07/29/2021
How I earned \(\) by Amazon S3 Bucket misconfigurations? Abdullah Mohamed (@3bodymo_) - AWS misconfiguration, Subdomain takeover - 07/29/2021
Information Disclosure to Account Takeover Sunil Yedla (@sunilyedla2) - Information disclosure, OAuth flaw, Account takeover, Authentication bypass - 07/28/2021
Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth Johannes Moritz & Robin Peraglie Moodle RCE, PHP Object Injection - 07/27/2021
XSS-Special-Cases: XSS That Works only in mobile Devices 0xdln (@0xdln) - XSS - 07/27/2021
Abusing JSON Web Token to steal accounts — 3000$ Filipe Azevedo (@filipaze_) - IDOR $3,000 07/27/2021
Telegram Report: SSRF leads to DOS attack [Reports that didn’t make it] Philippe Delteil (@PhilippeDelteil) Telegram SSRF, DoS - 07/27/2021
You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures & Slides Tommaso Innocenti (@innotommy), Seyed Ali Mirheidari, Amin Kharraz (@amin_kharaz), Bruno Crispo & Engin Kirda - Password reset flaw, Host header injection, CSRF, Account takeover - 07/26/2021
XXE Case Studies cinzinga (@cinzinga_) - XXE - 07/26/2021
Apple Hall Of Fame for a Small Misconfiguration || Unauth Cache Purging Prajit Sindhkar (@PrajitSindhkar) Apple Unauthenticated cache purge $0, HoF 07/26/2021
Mattermost Server v5.32 > v5.36 Reflected XSS in OAuth flow zi0Black (@zi0Black) Mattermost Reflected XSS, OAuth flaw $900 07/26/2021
Bug Chain leads to Mass Account Takeover! Shubhayu Majumdar (@shubhayu64) - Information disclosure, Password reset flaw, Account takeover - 07/26/2021
Easy Bounty With Exposed Buckets & Blobs mr.d0x (@mrd0x) - Misconfigured cloud storage $1,450 07/26/2021
How I found a bug in Apple within just in 5min. Akash basnet (@noneofyou007) Apple XSS - 07/25/2021
Not valid bug that leads to us a multiple Valid Report in Facebook Kent Jarold Abulag (@wkemenhehehegsg) Meta / Facebook Information disclosure $1,000 07/25/2021
eBay XSS demo and guide to spear phishing MLT (@0dayWizard) Ebay XSS - 07/24/2021
How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools Orwa Atyat (@GodfatherOrwa) Meta / Facebook SSTI, SQL injection, Authentication bypass, Privilege escalation, Reflected XSS - 07/23/2021
Story OF MY 3RD Bounty From Facebook Aashish Jung Kunwar (@WhoisAasis) Meta / Facebook Irremovable users, Logic flaw $500 07/23/2021
FragAttacks Mathy Vanhoef (@vanhoefm) Internet Bug Bounty Wifi vulnerability $750 07/23/2021
Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm Craig Hays (@craighays) - Weak crypto - 07/22/2021
Unauthenticated Access To MongoDB Database of Oracle Corporation Pratikkhalane (@KhalanePratik) Oracle Lack of authentication, Exposed administrative interface - 07/22/2021
Escalating Self-XSS To Stored XSS via Image injection + IDOR Demon (@R29k_) - Self-XSS, Stored XSS, IDOR - 07/21/2021
Guest Blog Post - Attacking the DevTools David Erceg (@david_erceg) Microsoft Browser bug $36,000 07/21/2021
XSS-Through-Fuzzing-Default-IIS 0xdln (@0xdln) - Reflected XSS - 07/20/2021
How I was able Find mass leaked AWS s3 bucket from js File Santosh Kumar Sha (@killmongar1996) - AWS misconfiguration - 07/20/2021
Hacking Xiaomi’S Android Apps - Part 1 Ameya (@iamTakeMyHand) Xiaomi Android app bug, Information disclosure, Open redirect, Privacy issue - 07/19/2021
How I Bypassed a tough WAF to steal user cookies using XSS! Asem Eleraky (@melotover) - XSS, WAF bypass - 07/19/2021
Facebook Vulnerability: $1500 for Removing Document Cover Muhammad Sholikhin (@MuhammadLikhin) Meta / Facebook Authorization flaw, IDOR $1,500 07/18/2021
Account Takeover + A Bonus Vulnerability Vikash Maurya - Account takeover, Session fixation - 07/18/2021
RCE via WebDav - Power Of PUT Jerry Shah (@Jerry) - Default credentials, RCE - 07/18/2021
IIS-Default-Page-to-Information-Disclosure 0xdln (@0xdln) - Information disclosure - 07/17/2021
Remote code execution in cdnjs of Cloudflare RyotaK (@ryotkak) Cloudflare RCE, Path traversal - 07/16/2021
Logical Flaw Resulting Path Hijacking Veshraj Ghimire (@GhimireVeshraj) - Namespace attack - 07/16/2021
How i was able to bypass Cloudflare for XSS! hosein vita (@HoseinVita) - XSS - 06/16/2021
RFD Vulnerability And Content-Disposition Header Bypass Story! Kabilan S (@kabilan1290) - Reflected File Download - 07/14/2021
Stored XSS in Google Doubleclick Studio [Google Research Grant] Jasminder Pal Singh (@Singh_Jasminder) Google Stored XSS $0 07/14/2021
How I found Blind SQL Injection just by browsing and getting a unique URL Jawad Mahdi (@hunter0x1) - SQL injection - 07/14/2021
Credential stuffing in Bug bounty hunting Valeriy Shevchenko (@Krevetk0Valeriy) - Credential stuffing $8,300 07/14/2021
($380) XSS STORED in Bigo Bug Bounty Program Aidil Arief Bigo XSS $380 07/14/2021
Forced Browsing to Access Admin Panel the_unluck_guy (@7he_unlucky_guy) - Forced browsing - 07/13/2021
Unencrypted HTTP Links to Google Scholar in Search David Schütz (@xdavidhu) Google MiTM - 07/13/2021
Part 2: Dive into Zoom Applications Rakesh Thodupunoori (@rakesh_3895) Zoom CSRF, Account takeover, Information disclosure, Session expiration issue, Authorization bug, Logic flaw - 07/13/2021
Apple Security Bounty: A personal experience Nicolas Brunner Apple Permission issue, iOS bug $0 07/13/2021
Broken Access control bug : Bypassing 403’s by finding another endpoint that do the same thing. tomorrowisnew (@tomorrowisnew_) - Broken Access Control, 403 bypass - 07/12/2021
Trick to bypass rate limit of password reset functionality Abdulrahman-Kamel - Rate limiting bypass - 07/12/2021
Pre-Denial Of Service (set-up 2FA on unverified account) Vikash Maurya - Application-Level DoS - 07/11/2021
Critical Bug Bounty Reports: Part 1 Greg Gibson - Account takeover, Password reset flaw, RCE, Information disclosure - 07/11/2021
Reflected XSS Through Insecure Dynamic Loading Greg Gibson - XSS - 07/11/2021
Whose app are you downloading? Link hijacking Binance’s shortlinks through AppsFlyer Sam Curry (@samwcyo) Broken link hijacking - 07/10/2021
SA-CONTRIB-2021-036 NotSoSAML – Privilege Escalation via XML Signature Wrapping on MiniorangeSAML Drupal Plugin Cristian Giustini - Privilege escalation, SAML bug, Authentication flaw N/A (Responsible disclosure) 07/09/2021
Account Takeovers — Believe the Unbelievable Nikhil (niks) (@niksthehacker) - Account takeover, Session management flaw, Weak credentials, Components with known vulnerabilities, Password reset flaw $5,751 07/09/2021
Facebook Email/phone disclosure using Binary search Rikesh Baniya / NotRickyy (@rikeshbaniya) Meta / Facebook Password reset flaw, Information disclosure, Bruteforce - 07/09/2021
Discovering Zero-Day Vulnerabilities in McAfee Products mr.d0x (@mrd0x) McAfee Local Privilege Escalation - 07/09/2021
IDOR on David Schütz (@xdavidhu) Google IDOR $0 (Won’t fix) 07/08/2021
CVE-2021-22555: Turning \x00\x00 into 10000$ Andy Nguyen (@theflow0) Google Memory corruption bug, Local Privilege Escalation $10,000 07/07/2021
Mass Assignment exploitation in the wild – Escalating privileges in style Gal Nagli (@naglinagli) - Mass assignment, Privilege escalation - 07/07/2021
Let’s cancel the subscription (informative) Adnan Malik (@adnanmalikinfo) - Logic flaw, Payment tampering $0 (Informative) 07/07/2021
Kaspersky Password Manager: All your passwords are belong to us Jean-Baptiste Bédrune Kaspersky Weak crypto - 07/06/2021
Exploiting Auto-save Functionality To Steal Login Credentials Saad Ahmed (@XSaadAhmedX) - HTML injection - 07/06/2021
Solarwinds Serv-U 15.2.3 Share URL XSS (CVE-2021-32604) Victor Kahan SolarWinds XSS - 07/06/2021
Blind XSS in Apple School- Enrollment Data Disclosure hackrzvijay (@hackrzvijay) Apple Blind XSS $5,000 07/05/2021
View Other User Private Livestream Data Geva (@Geva_7) Meta / Facebook IDOR - 07/03/2021 email address leak Philippe Harewood (@phwd) Meta / Facebook Information disclosure, GraphQL bug $3,750 07/02/2021
Testing Cookies worth $500 Sankalpa Acharya (@sankalpa_02) - Account takeover, IDOR $500 06/30/2021
Finding DOM Polyglot XSS in PayPal the Easy Way Gareth Heyes (@garethheyes) Paypal DOM XSS, CSP bypass - 06/30/2021
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) Michael Stepankin (@artsploit) - RCE, Insecure deserialization - 06/29/2021
How I was able to Takeover Accounts on Jefferson Gonzales (@gonzxph) Foxit Password reset flaw, Account takeover N/A (VDP) 06/29/2021
gcp-dhcp-takeover-code-exec Imre Rad (@ImreRad) Google DHCP flood, VM takeover - 06/28/2021
How I found my first Chrome bug (CVE-2021–21210) Daniel Santos Google (Chrome) NAT Slipstreaming - 06/28/2021
Diving into Dependabot along with a bug in npm tyage (@tyage) GitHub SSRF, RCE $8,117 06/27/2021
Taking over Uber accounts through voicemail Shubham Shah (@infosec_au) Uber Account takeover $0 (Informative) 06/27/2021
Misconfigured $3 Bucket - A Semi Opened Environment Yukesh Kumar (@3th1c_yuk1) Redbull AWS misconfiguration N/A (VDP) 06/27/2021
Escalating XSS to Arbitrary File Read Pethuraj (@Pethuraj) - XSS, LFI - 06/27/2021 site-wide CSRF due to missing checking Youssef Sammouda (@samm0uda) Meta / Facebook CSRF $500 06/27/2021
Disclose unconfirmed email/phone of a Facebook user Youssef Sammouda (@samm0uda) Meta / Facebook Information disclosure $500 06/27/2021
Some ways to find more IDOR Thái Vũ (@thaivd98) - IDOR - 06/26/2021
Gaining access to protected components DavMehtab Zafar (@0xmzfr) - Vulnerable Android content provider - 06/25/2021
From Information Disclosure to interesting Privilege Escalation David Shaul (@dudy2kk) - Information disclosure, Account takeover, Privilege escalation - 06/25/2021
PII Leakage - Revealing Secrets Jerry Shah (@Jerry) - Information disclosure - 06/25/2021
A supply-chain breach: Taking over an Atlassian account Dikla Barda, Yaara Shriki, Roman Zaikin (@R0m4nZ41k1n) & Oded Vanunu (@Od3dV) Atlassian XSS, CSRF - 06/24/2021
Flywheel Subdomain Takeover Smaran Chand (@smaranchand) - Subdomain takeover - 06/24/2021
MSRC is confused! 😕 Ricardo Iramar dos Santos (@ricardo_iramar) Microsoft Dependency confusion $0 06/24/2021
Microsoft Store free purschase vulnerabilites Marlon Fabiano (@astrounder) Microsoft Payment tampering, Logic flaw - 06/24/2021
Three Microsoft Store vulnerabilites Marlon Fabiano (@astrounder) Microsoft Payment tampering, Logic flaw - 06/24/2021
How i was able to get Appreciation from the organization of a website just by changing a sign..!!! Fardeen Ahmed (@fardeenahmed411) - Information disclosure, Source code disclosure - 06/23/2021
Generate online votes using Race Condition Vulnerability in Woobox Web Application (Write Up) Evan Ricafort (@evanricafort) Woobox Race condition - 06/23/2021
Cracking Encrypted Credit Card Numbers Exposed By API Craig Hays (@craighays) - Information disclosure, Weak crypto - 06/22/2021
Stored XSS via Invite leading to Mass Account Takeover at Opera. Samrat Gupta (@Sm4rty_) Opera Stored XSS - 06/20/2021
Unprivileged User with Read/Write permission to User Access can escalate their role to ADMIN — Privilege Escalation Ertugrul Ozdemir (@ertugrulphp) - Privilege escalation - 06/20/2021
How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It Laxman Muthiyah (@laxmanmuthiyah) Apple Account takeover, 2FA bypass, Rate-limiting bypass, Race condition $18,000 06/19/2021
Full Local File Read via Error Based XXE using XLIFF File / Tomi (@mastomii) - XXE - 06/19/2021
Zero Click account Takeover Zahir Tariq (@ZahirTariq3) - Account takeover, Password reset flaw - 06/19/2021
Exploiting File Upload Functionality in Unique Way. Rohit Soni - Unrestricted file upload - 06/19/2021
Accessing Restricted Documents With Extra JSON Body Content Imran Huda (@imranHudaA) - Mass-assignment, Authorization flaw $500 06/18/2021
Account takeover via stored XSS with arbitrary file upload 0xbadb00da (@0xbadb00da) - Insecure file upload, XSS, Account takeover - 06/18/2021
M1 Macs GateKeeper bypass aka CVE-2021-30658 Wojciech Reguła (@_r3ggi) Apple Local Privilege Escalation - 06/18/2021
How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506] & Video PoC Th3Pr0xyB0y (@Th3Pr0xyB0y) & Shivam Kumar Singh (@MrRajputHacker) Microsoft Universal XSS $20,000 06/17/2021 Alternative link
HTML Injection and a dream in Google Chrome for Linux (Write Up) Evan Ricafort (@evanricafort) Google HTML injection $0 (Informative) 06/17/2021
Crashing your LinkedIn app with a connection request. Renganathan (@IamRenganathan) LinkedIn Application-Level DoS - 06/17/2021
Why dynamic code loading could be dangerous for your apps: a Google example Oversecured (@OversecuredInc) Google Arbitrary file write, Insecure intents - 06/17/2021
Part-1 Dive into Zoom Applications Rakesh Thodupunoori (@rakesh_3895) Zoom CSRF, Payment bypass, Logic flaw, Account takeover, Privilege escalation $22,000 06/16/2021
Story of Google Hall of Fame and Private program bounty worth \(\) Basavaraj Banakar (@basu_banakar) Google Exposed registration page - 06/16/2021
One-click DOS via Response Manipulation Akhil - Logic flaw - 01/16/2021
Authentication Bypass | Easy P1 in 10 minutes Anirudh Makkar (@anirudhmakkar) - Authentication bypass, Forced browsing - 06/16/2021
This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them Mayur Fartade (@mayurfartade) - IDOR, GraphQL bug $30,000 06/15/2021
Importance of burp history analysis to bypass 403 Vuk Ivanovic - 403 bypass - 06/15/2021
Exploiting outdated Apache Airflow instances & Blast Radius: Apache Airflow Vulnerabilities Ian Carroll (@iangcarroll) - Session management flaw $13,000 06/14/2021
Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs Evan Grant (@stargravy) Microsoft postMessage bug, Token theft - 06/14/2021
Blind Command Injection - It hurts Jerry Shah (@Jerry) - Command injection, RCE - 06/14/2021
An exciting journey to find SSRF , Bypass Cloudflare , and extract AWS metadata ! hosein vita (@HoseinVita) - SSRF - 06/13/2021
User’s location diclosure in the “Nearby Friends” feature. $15,500 Bounty Yavor Rusev / Явор Русев Meta / Facebook Information disclosure $15,500 06/13/2021
[Google VRP] Privilege escalation on lalka (@0x01alka) Google Authorization flaw, Logic flaw $3,133.70 06/13/2021
Story of Account Takeover : Using Social Login with Mass Assignment Vulnerability to hack accounts ! Mohammad Kaif - Mass assignment, Account takeover - 06/13/2021
How I found the silliest logical vulnerability for $750 that no one found for 3 years Sina Kheirkhah (@Sin_Khe) - Logic flaw $750 06/12/2021
How I was able to bypass the admin panel without the credentials. Pratikkhalane (@KhalanePratik) - Information disclosure $500 06/12/2021
Bypassing 2FA using OpenID Misconfiguration Youstin (@iustinBB) - 2FA bypass, Authentication flaw - 06/11/2021
Two weeks of securing Samsung devices: Part 1 Oversecured (@OversecuredInc) Samsung Arbitrary file write, Insecure intents $20,690 06/10/2021
Second Order Race Condition Prasoon Gupta (@0xdekster) - Race condition $1,000 06/10/2021
Unexpected IDOR Vulnerability in [REDACTED] - [redacted].net (Write Up) Evan Ricafort (@evanricafort) - IDOR $2 06/10/2021
Author spoofing in Google Colaboratory Zohar Shachar Google Logic flaw $500 06/09/2021
How i was able to bypass parental pin of showmax abdulsec (@moodiAbdoul) Showmax Authorization flaw $200 06/09/2021
Story of my first cash bounty on hackerone. Vedant Tekale (@_justYnot) - SSRF, XSS - 06/07/2021
How I could have accessed all your private videos/photos saved inside your device without even unlocking it? Samip Aryal (@samiparyal_) Meta / Facebook Authorization flaw, Logic flaw $3,150 06/06/2021
How Github recon help me to find NINE FULL SSRF Vulnerability with AWS metadata access Santosh Kumar Sha (@killmongar1996) - SSRF - 06/06/2021
Shopify Multipass Misconfiguration Ahmed A. Sherif - Authentication flaw, Logic flaw - 06/05/2021
Pop-Ups in a good-world Guilherme Keerok (@k33r0k) Imgur XSS - 06/04/2021
Executing CSRF With Phone Validation Greg Gibson - CSRF - 06/04/2021
403 Forbidden Bypass th3.d1p4k (@DipakPanchal05) - OTP bypass, Exposed registration page, XSS - 06/04/2021
How I was able to see likes and dislikes count even though is hidden by victim | YouTube #3 R ando (@Rando02355205) Google Broken Acces Control - 06/04/2021
Android: Exploring vulnerabilities in WebResourceResponse Oversecured (@OversecuredInc) Amazon Arbitrary file read - 06/03/2021
Server Side Request Forgery - A Forged Document Jerry Shah (@Jerry) - SSRF, File upload bug $500 06/03/2021
Bypassing LFI (Local File Inclusion) Abhishek (@abhishake21) - LFI - 06/03/2021
XSS in the AWS Console Nick Frichette (@frichette_n) Amazon XSS, CSP bypass, CSTI - 06/02/2021
Exploiting Open Redirect - Whitelist Bypass Using Salesforce Environment Gaurav Nayak (@4auvar) - Open redirect, Token theft - 06/02/2021
Huawei LTE USB Stick E3372: From File Overwrite to Code Execution Martin Rakhmanov (@mrakhmanov) Huawei Local Privilege Escalation - 06/02/2021
Escalating SSRF to Accessing all user PII information by aws metadata Santosh Kumar Sha (@killmongar1996) - SSRF - 06/01/2021
CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads Justin Taft Synology CRLF injection - 06/01/2021
Facebook Page Admin Disclosure Kunjan Nayak (@kunjannayak5) Meta / Facebook Information disclosure $500 05/31/2021
AppCache’s forgotten tales Luan Herrera (@lbherrera_) Google (Chrome) Browser bug $10,000 05/31/2021
Escalating SSRF to Accessing all user PII information by aws metadata Santosh Kumar Sha (@killmongar1996) - SSRF - 05/31/2021
runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465) Etienne Champetier / champtar Google Kubernetes bug, Container breakout - 05/30/2021
Metadata service MITM allows root privilege escalation (EKS / GKE) Etienne Champetier / champtar Google Kubernetes bug, Privilege escalation, MiTM - 05/30/2021
Account Takeover via iFrame Injection xbforce (@xbforce) - Iframe injection, Account takeover - 05/29/2021
The beauty of chaining client-side bugs Master SEC (@MasterSEC_AR) - CRLF, XSS, CSP bypass, DoS, CSTI - 05/29/2021
CafeBazaar and Subdomain Takeover Sina Kheirkhah (@Sin_Khe) CafeBazaar Subdomain takeover - 05/29/2021
Github, The Goldmine for P1s and P2s - Sensitive Information Exposure via Github by a Company Employee Savir Suda (@savxiety) - Information disclosure - 05/28/2021
Hey WAF! Better Luck Next Time! 👽 Akash Rox Starz - SQL injection - 05/28/2021
How I hacked a Target again and again… Aditya Verma (@0cirius0) - OAuth bug, Account takeover, XSS, Broken Access Control - 05/27/2021
Bypassing restricted port protection in WebKit David Schütz (@xdavidhu) Apple Browser bug - 05/26/2021
GitLab Arbitrary File Read & Write through Kroki - CVE-2021-22203 Anh Duc Nguyen (@ledz1996) - Arbitrary file read $5,600 05/25/2021
Stored XSS with two different parameters Joel Cantu (@InfosecRintox) - Reflected XSS - 05/25/2021
Patch Gapping a Safari Type Confusion Theori (@theori_io) Apple Memory corruption bug - 05/25/2021
Chaining XSS with authentication issues to turn it into full account takeover N1GHTMAR3 (@n1ghtmar3_2421) - XSS, Account takeover - 05/24/2021
Content Spoofing Vulnerability in Shibboleth Service Provider Toni Huttunen - Content spoofing N/A 05/24/2021
Disclose leads form details of any Facebook Business Account or Facebook Page (Bug Bounty) Amine Aboud (@amineaboud) Meta / Facebook IDOR, GraphQL bug - 05/23/2021
CORS misconfig that worths USD200 MikeChan - CORS misconfiguration $200 05/23/2021
Finding and Exploiting Unintended Functionality in Main Web App APIs Bend Theory (@bendtheory) - IDOR, Information disclosure, Privilege escalation $4,000 05/21/2021
Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device (500$) Rohit kumar (@rohitcoder) Meta / Facebook Information disclosure $500 05/21/2021
CSRF from which we can create a support ticket in Victim’s Account (500$) Rohit kumar (@rohitcoder) Meta / Facebook CSRF $500 05/21/2021
How I turned 0000 into $600: Phone Verification Bypass Shrirang Diwakar - OTP bypass $600 05/21/2021
403 Forbidden Bypass th3.d1p4k (@DipakPanchal05) - 403 bypass, Forced browsing - 05/21/2021
Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps Youssef Sammouda (@samm0uda) Meta / Facebook SSO bug, Authentication flaw, Account takeover $12,000 05/20/2021
XSS via postMessage in Guilherme Keerok (@k33r0k) Mozilla XSS, postMessage bug $500 05/20/2021
Third-Party Apps were still getting your private Facebook data even after their access expiry. Samip Aryal (@samiparyal_) Meta / Facebook Logic flaw $1,000 05/20/2021
Writeups: Facebook Whitehat program(2021): Instagram Live setting bug Takashi Suzuki Meta / Facebook Logic flaw $537 05/20/2021
SSRF in PDF Renderer using SVG / Tomi (@mastomii) - SSRF $2,150 05/19/2021
Time-Based SQL Injection to Dumping the Database Naveen J (@thevillagehackr) - SQL injection, Android app bug - 05/19/2021
DOS & Stored HTML Injection Bug Bounty Writeup RiotSecurityTeam (@RiotSecTeam) - DoS, HTML injection - 05/19/2021
Finding my First Critical Web Cache Poisoning Yasser Khan (@N3T_hunt3r) - Web cache poisoning - 05/18/2021
Path Traversal in MobileSafari David Schütz (@xdavidhu) Apple Path traversal - 05/18/2021
Drupal Insecure Default Leads To Password Reset Poisoning Bogdan Tiron (@Bogdan___T) Drupal Password reset flaw, Host header injection N/A (VDP) 05/17/2021
Just Gopher It: Escalating a Blind SSRF to RCE for $15k SirLeeroyJenkins (@SirLeeroyJenkin) - SSRF, RCE $15,000 05/17/2021
Clickjacking in Nearby Devices Dashboard David Schütz (@xdavidhu) Google Clickjacking - 05/17/2021
My Fourth Account takeover through password reset Omar Hamdy (@seaman00o) - Account takeover, Password reset flaw - 05/17/2021
How i hijacked 12 Subdomains in one Program Naveen kumawat (@nvk0x) - Subdomain takeover - 05/17/2021
Auth Bypass in David Schütz (@xdavidhu) Google Broken Access Control $5,000 05/16/2021
MSSQL Injection In JSON Request Kailash (@Corrupted_brain) - SQL injection - 05/16/2021
Edmodo Bug Bounty Writeup Pethuraj (@Pethuraj) Edmodo XSS $0 (Duplicate) 05/16/2021
How to prevent more than 200 million users from using Google services Omar Hashem (@OmarHashem666) Google Logic flaw - 05/16/2021
2FA Bypass via Forced Browsing Akhil - 2FA bypass - 05/15/2021
Mass Assignment exploitation in the wild - Escalating privileges in style Gal Nagli (@naglinagli) - Mass assignment, Privilege escalation - 05/14/2021
One-click reflected XSS in due to unfiltered URI schemes leads to account takeover Youssef Sammouda (@samm0uda) Meta / Facebook Reflected XSS, Account takeover $9,600 05/13/2021
Blind XSS on Google Internal System Kailash (@Corrupted_brain) Google Blind XSS $5,000 05/13/2021
Counter-Strike Global Offsets: reliable remote code execution brymko (@brymko), dezk (@cffsmith) & Simon Scannell (@scannell_simon) Valve RCE - 05/13/2021
How I find my first Stored XSS Filipe Azevedo (@filipaze_) - Stored XSS - 05/13/2021
My story of hacking Dutch Government Tuhin Bose (@tuhin1729_) Dutch Government XSS N/A (VDP) 05/12/2021
CVE-2020-35580 hateshape (@hateshaped) - LFI - 05/11/2021
CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Intezer Microsoft Privilege escalation - 05/11/2021
2FA Verification Bypass in Shapeshift [] (Write Up) Evan Ricafort (@evanricafort) Shapeshift 2FA bypass - 05/10/2021
Stored XSS to Organisation Takeover Zaid Bhat (@zaidozaid) - Stored XSS - 05/10/2021
Simple logical Bug turned into a bounty Sndp Giri Meta / Facebook Logic flaw $500 05/10/2021
Exploiting Activity in medium android app Raju kumar (@MrCyberwarrior) Medium Insecure intents - 05/10/2021
Unauthorized access to Django Admin Dashboard by endpoint leaked on GitHub Santosh Kumar Sha (@killmongar1996) - Lack of authentication, Forced browsing - 05/10/2021
Microsoft bug bounty writeup th3.d1p4k (@DipakPanchal05) Microsoft Information disclosure - 05/08/2021
Workplace by Facebook | Unauthorized access to companies environment — $27,5k Marcos Ferreira (@mvinni_) Meta / Facebook Authorization flaw, Logic flaw, IDOR $27,500 05/07/2021
Apple Bug bounty writeups XSS(2021) Takashi Suzuki Apple XSS - 05/07/2021
Identify a Facebook user by his phone number despite privacy settings set Youssef Sammouda (@samm0uda) Meta / Facebook Privacy issue, Information disclosure $9,000 05/06/2021
CVE-2021-1815 – MacOS Local Privilege Escalation Via Preferences Offensive Security (@offsectraining) Apple Local Privilege Escalation - 05/06/2021
How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit - Google RCE - 05/05/2021
Account takeover of Instagram accounts due to unrestricted permissions of third-party application’s generated tokens Youssef Sammouda (@samm0uda) Meta / Facebook OAuth flaw, Authorization flaw, Account takeover $18,000 05/05/2021
How I Found Sql Injection on (h1) in 5 minute $350 Ahmad A Abdulla (@lu3ky13) Automattic SQL injection $350 05/05/2021
XSS Through Parameter Pollution Saajan Bhujel (@saajanbhujel11) - Open redirect, XSS, HTTP Parameter Pollution - 05/05/2021
Injecting Punycode URL Within the Arbitrary Text via Comment Box In Google Photo Sharing Option Divyanshu Shukla (@justm0rph3u5) Google HTML injection $0 (OOS) 05/05/2021
ExifTool CVE-2021-22204 - Arbitrary Code Execution William Bowling / vakzz (@wcbowling) GitLab RCE $20,000 05/04/2021
Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida & Exploiting the Source Engine (Part 1) Geebz (@Gbps111) Valve RCE $7,500 05/04/2021
Deep Dive into Open Source Bug Bounty Ritik Sahni (@ritiksahni22) - CSRF - 05/03/2021
Finding known exploits for bugbounties. ipanda (@ipanda915) - RCE $0 (Duplicate) 05/03/2021
IDOR Leads To Leak Any Uber Eats Restaurant Analytics Prial Islam Khan (@prial261) Uber IDOR $2,000 05/02/2021
Basic recon to RCE Joshua Martinelle (@J0_mart) - Insecure deserialization, RCE - 05/02/2021
Chaining CSRF with XSS to deactivate Mass user accounts by single click Santosh Kumar Sha (@killmongar1996) - CSRF, XSS - 05/02/2021
SSRF Through PDF Generation Joshua Martinelle (@J0_mart) - SSRF - 05/01/2021
How I found my first RCE? ipanda (@ipanda915) - RCE - 05/01/2021
How I got $400 for my first SSRF bug? Usama Varikkottil (@usama_dev) - SSRF $400 05/01/2021
Password reset code brute-force vulnerability in AWS Cognito Pentagrid (@pentagridsec) Amazon Password reset flaw, Brute force, Rate limiting bypass, Account takeover - 04/30/2021
Facebook account takeover due to unsafe redirects after the OAuth flow Youssef Sammouda (@samm0uda) Meta / Facebook OAuth flaw, Open redirect, Account takeover $28,800 04/30/2021
My first OOB XXE exploitation Joshua Martinelle (@J0_mart) - XXE - 04/30/2021
How I was able to Retrieve your Personal Documents using the Wayback Machine! Savir Suda (@savxiety) - Privacy issue, Information disclosure - 04/30/2021
Exploiting memory corruption vulnerabilities on Android Oversecured (@OversecuredInc) Paypal Memory corruption bug $1,100 04/30/2021
A tale of Html to Pdf converter ssrf and various bypasses Jatin Aesthetic (@techyfreakk) - SSRF - 04/29/2021
De-anonymising Anonymous Animals in Google Workspace David Schütz (@xdavidhu) Google Privacy issue, Information disclosure - 04/29/2021
The False Oracle — Azure Functions Padding Oracle Issue polarply (@polarply) Microsoft Padding oracle attack, Privilege escalation - 04/28/2021
How did I earn €€€€ by breaking the back-end logic of the server Dewanand Vishal (@dewcode91) - Logic flaw, Information disclosure - 04/28/2021
Reflected DOM-based XSS on DomaiNesia N45HT DomaiNesia XSS - 04/27/2021
Exploiting XSS via Markdown on Xiaomi N45HT Xiaomi XSS - 04/27/2021
WordPress 5.7 XXE Vulnerability Sonar (@SonarSource) WordPress XXE $600 04/27/2021
Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol Antonio Cocomazzi (@splinter_code) & Andrea Pierini (@decoder_it) Microsoft Local Privilege Escalation - 04/26/2021
Reflected XSS on Microsoft N45HT Microsoft Reflected XSS - 04/25/2021
From Wayback Machine To Account Takeover Demon (@R29k_) - Open redirect, Account takeover $800 04/25/2021
Supply Chain Attacks via Releases Nightwatch Cybersecurity (@nightwatchcyber) GitHub Logic flaw $0 04/25/2021
How I found Cross-Site-Scripting (Reflected) on more than 300 systems! MR SINISTER (@KabirSuda) - Reflected XSS - 04/25/2021
From Wayback Machine To Account Takeover Demon (@R29k_) - Account takeover, Password reset flaw, Open redirect - 04/25/2021
RCE via Internal Access to Adminer Database Management (Critical) Ahmad Halabi (@Ahmad_Halabi_) - RCE - 04/24/2021
AWS internal metadata accessed through SSRF by Chaining an Open Redirect bug Santosh Kumar Sha (@killmongar1996) - SSRF, Open redirect - 04/24/2021
Page Owners Can’t remove or change page roles of deactivated users (or if Attacker blocks the page owner) in Facebook Lite, Facebook for Android and Baibhav Anand (@SpongeBhav) Meta / Facebook Logic flaw $525 04/22/2021
Brave — Stealing your cookies remotely Pedro Oliveira (@kanytu) Brave Arbitrary file read $500 04/22/2021
Telegram bug bounties: XSS, privacy issues, official bot exploitation and more… Davide, Andrea & Giuseppe Telegram XSS, Authorization flaw, DoS - 04/22/2021
PrivateDrop: Breaking and Fixing Apple AirDrop Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute & Christian Weinert Apple Privacy issue, Information disclosure - 04/21/2021
New Clubhouse Security Vulnerabilities Could Happen to Any Growing Unicorn Katie Moussouris (@k8em0) Clubhouse Logic flaw - 04/21/2021
Remote code execution in Homebrew by compromising the official Cask repository RyotaK (@ryotkak) Homebrew RCE - 04/21/2021
Got Nice catch by Google Parth Desani (@DesaniParth) Google OAuth flaw, Open redirect, CSRF $0 (Early acquisition) 04/22/2021
How I was able to inject XSS payload into any user’s mailbox Gaurav Popalghat (@N008x) - XSS - 04/21/2021
CVE-2021-30481: Source engine remote code execution via game invites floesen (@floesen_) Valve RCE, Integer underflow $8,000 04/2O/2021
Playing With iframes: Bypassing Content-Security-Policy JM Sanchez / 0xEchidonut (@jmrcsnchz) - CSP bypass, Open redirect, HTML injection - 04/2O/2021
Auth Bypass in Google Workspace Real Time Collaboration David Schütz (@xdavidhu) Google Authentication bypass, Information disclosure - 04/2O/2021
IDOR leads to leaked the likes count even though is hidden by victim | YouTube ($XXXX) R ando (@Rando02355205) Google IDOR, Logic flaw - 04/2O/2021
Blind SSRF to Port Scanning through response time Harish - SSRF - 04/19/2021
Unauthorized access to admin setpassword page BY bypassing 403 Forbidden Santosh Kumar Sha (@killmongar1996) - Authorization flaw - 04/18/2021
(POC) Untrim any live video on Facebook Ahmad Talahmeh Meta / Facebook Authorization flaw $2,875 04/18/2021
Exploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty program Jadek Mark (@mase289) - Unrestricted file upload, RCE - 04/18/2021
Pwning your assignments: Stored XSS via GraphQL endpoint Kartik Sharma (@dominat0r98) - Stored XSS, GraphQL bug $2,881 04/18/2021
Misconfiguration in Change-password Functionality Leads to Account Takeover Mahmoud Radwan (@0x___2m) & Mahmoud samaha (@0x__2m) - IDOR, Logic flaw, Password reset flaw, Account takeover - 04/18/2021
XSS via Exif Data - The P2 Elevator Jerry Shah (@Jerry) - Stored XSS - 04/18/2021
Discoure themes OS Command Injection joernchen (@joernchen) Discourse RCE, OS command injection - 04/18/2021
(POC) Remove any Facebook’s live video ($14,000 bounty) Ahmad Talahmeh Meta / Facebook Logic flaw $14,000 04/17/2021
Lets Learn English - Hacking 10M+ Users Aseem Shrey (@AseemShrey) - AWS misconfiguration, Insecure Firebase database, OTP bypass, Account takeover, Logic flaw - 04/17/2021
(POC) Update business fyi message as Facebook page analyst Ahmad Talahmeh Meta / Facebook IDOR, GraphQL bug $750 04/17/2021
How I earned \(\) through Stored XSS Harish - Stored XSS, CSTI $3,205 04/16/2021
Fun sql injection — mod_security bypass Y000 (@Y000) - SQL injection - 04/16/2021
Allow arbitrary URLs, expect arbitrary code execution Fabian Bräunlein & Lukas Euler Nextcloud, Telegram, VLC RCE - 04/15/2021
How I got 9000 USD by hacking into iCloud Alexandre Fernandes (@fernale) Apple XSS $9,000 04/15/2021
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027) CENSUS Facebook (WhatsApp) Man-in-the-Disk - 04/14/2021
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Microsoft Azure Sphere Cisco Talos Microsoft RCE - 04/14/2021
Google Photos : Theft of Database & Arbitrary Files Android Vulnerability Rahul Kankrale (@RahulKankrale) Google Improper Export of Android Application Components $1,337 04/13/2021
Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution T. Shiomitsu Cisco Authentication bypass, OS command injection, RCE - 04/13/2021
Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion arbenn (@arbennsh) & 0xcela (@0xcela) - LFI, Information disclosure - 04/13/2021
You Talking To Me? Li JianTao (@cursered) Google RCE, Browser bug $0 (Duplicate) 04/12/2021
ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 Chris Williams (@HawaiiFive0day) Tesla, Google RCE, Browser bug - 04/12/2021
Unauthenticated Account Takeover Through Forget Password Nikhil (niks) (@niksthehacker) - Password reset flaw, Account takeover, Information disclosure - 04/12/2021
Stored XSS on the DuckDuckGo search results page Monke (@pmofcats) DuckDuckGo Stored XSS - 04/10/2021
Cookie poisoning leads to DoS and Privacy Violation Benjamin Walter CS Money DoS, SSRF $700 04/09/2021
Auth Issues Uranium238 (@uraniumhacker) Google Authentication flaw, Logic flaw - 04/09/2021
(CRITICAL) Blind Storage XSS — My first Bug Bounty 💰 Benjamin Walter CS Money Blind XSS $1,000 04/08/2021
What if you could deposit money into your Betting account for free? Oh wait where has this 25k came from… Mikey (@mikey96_bh) - Logic flaw $10,000 04/07/2021
Chaining an Blind SSRF bug to Get an RCE Santosh Kumar Sha (@killmongar1996) - Blind SSRF, RCE - 04/07/2021
I Built a TV That Plays All of Your Private YouTube Videos David Schütz (@xdavidhu) Google CSRF $6,000 04/05/2021
Apple TV for Fire OS code execution Razvan Sima (@0xraaz) Apple RCE, Insecure storage, Man-in-the-Disk attack - 04/05/2021
Cloud Based Storage Misconfigurations -> Critical Bounties Mikey (@mikey96_bh) - Cloud storage misconfiguration $7,500 04/05/2021
Weird and very easy authentication bypass found with Google dorking GrumpinouT (@RVerwilghen) - Authentication bypass - 04/05/2021
Intro to Open-source Bug Bounty Arjun Shibu (@0xsegf) Mailtrain Directory traversal - 04/05/2021
CSRF in YouTube Leanback API David Schütz (@xdavidhu) Google CSRF - 04/05/2021
Breaking GitHub Private Pages for $35k Robert Chen (@NotDeGhost) & Philip Github XSS, CRLF, Web cache poisoning $35,000 04/04/2021
Remote code execution through unsafe unserialize in PHP Sjoerd Langkemper - Insecure deserialization, RCE - 04/04/2021
Journeys in Quoteless and Multi Reflection XSS Bend Theory (@bendtheory) - XSS $250 04/04/2021
RCE on Starbucks Singapore and more for $5600 Kamil Onur Özkaleli (@ko2sec) Starbucks RCE, Unrestricted file upload $5,600 04/03/2021
Code execution as root via AT commands on the Quectel EG25-G modem nns Quectel OS command injection, RCE $2,000 04/03/2021
Gain write permission of repositories with a bug in GitHub Actions tyage (@tyage) GitHub Broken Access Control, Logic flaw $25,000 04/02/2021
Automate Cache Poisoning Vulnerability - Nuclei Mohamed Elbadry (@_melbadry9) - Web cache poisoning, Stored XSS $1,500 04/02/2021
This Man Thought Opening A TXT File Is Fine, He Thought Wrong. MacOS CVE-2019-8761 Paulos Yibelo (@PaulosYibelo) Apple MacOS bug, HTML injection - 04/02/2021
Bragging Rights: Let’s head back to bug bucket Manas Harsh (@ManasH4rsh) - XSS, IDOR, 2FA bypass $951 04/02/2021
XSS in Large Messenger and Payment App - a Shout Out to Parameter Guessing Lauritz (@lauritz) - XSS, HTLML injection - 04/02/2021
Play a game, get Subscribed to my channel - YouTube Clickjacking Bug | #GoogleVRP GoogleSriram Kesavan (@sriramoffcl) - Clickjacking $100 04/02/2021
Who Contains the Containers? James Forshaw (@tiraniddo) Microsoft Local privilege escalation - 04/01/2021
Facebook account takeover due to a wide platform bug in ajaxpipe responses Youssef Sammouda (@samm0uda) Meta / Facebook Account takeover $30,000 04/01/2021
Facebook account takeover due to a bypass of allowed callback URLs in the OAuth flow Youssef Sammouda (@samm0uda) Meta / Facebook Account takeover, OAuth flaw, Open redirect $12,000 04/01/2021
Zero click vulnerability in Apple’s macOS Mail Mikko Kenttälä (@Turmio_) Apple Account takeover, Information disclosure, RCE - 04/01/2021
GKE Autopilot Node Compromise via Race Condition Anthony Weems Google Container escape $1,337 04/01/2021
Download Facebook internal mobile builds Philippe Harewood (@phwd) Meta / Facebook Information disclosure $6,000 03/31/2021
My first Bug report at Facebook 2021 Kent Jarold Abulag (@wkemenhehehegsg) Meta / Facebook Logic flaw, Authorization flaw - 03/31/2021
Missing CORS leads to Complete Account Takeover Niraj Modi (@nirajmodi51) - Missing CORS, CSRF, Account takeover - 03/30/2021
I felt like there were no more bugs left after winning € 2000 … But an email worth €750 changed my mind Thexssrat (@theXSSrat) - Broken Access Control, IDOR €2750 03/30/2021
A weird XSS gato the wizard - Reflected XSS - 03/30/2021
CSRF to Full Account Takeover Ashraf Harb (@ashrafharb97) - CSRF, Account takeover - 03/29/2021
PHP fopen() function to local file inclusion أنس روبي (@xhzeem) - LFI - 03/28/2021
How I made to Paypal Bug Bounty $750 Pethuraj (@Pethuraj) Paypal Open Redirect $750 03/28/2021
How I was able to see likes and dislikes count even though is hidden by victim | YouTube #1 R ando (@Rando02355205) Google Broken Access Control, IDOR - 03/28/2021
How to bypass CloudFlare bot protection ? jychp (@jychp_fr) CloudFlare Logic flaw $0 03/27/2021
Increasing impact of Information Disclosure — Full Account Takeover ! Abhisek R (@abh1sek_r) - Information disclosure, Password reset flaw $0 (OOS) 03/26/2021
How I was able to see likes and dislikes count even though is hidden by victim | YouTube #2 R ando (@Rando02355205) Google Broken Access Control, IDOR - 03/26/2021
Encrypted Payload -> Decrypted Execution ($600) : Stored XSS Shrirang Diwakar - Stored XSS $600 03/25/2021
PoC: The easiest 125 Euro’s I Ever made Thexssrat (@theXSSrat) - Logic flaw €125 03/25/2021
Exif meta data worth $XXXX Saddam Hussain (@wisdomfreak1) - Information disclosure - 03/25/2021
How I leveraged XSS to make Privilege Escalation to be Super Admin! Asem Eleraky (@melotover) - XSS, Privilege escalation - 03/25/2021
Multiple Authorization bypass issues in Google’s Richmedia Studio Zohar Shachar Google Authorization flaw $6,000 03/24/2021
Bypass rate limit to enumeration users through Google Drive Abdullah Mohamed (@3bodymo_) Google Rate limiting bypass $0 (Won’t fix) 03/24/2021
Finding and exploiting race condition vulnerability on facebook server Dewanand Vishal (@dewcode91) Meta / Facebook Race condition $2,000 03/24/2021
Ad portals and the half blood vulnerability Adam (@whitechaitai) - Logic flaw $600+ 03/23/2021
How I made it to Google HOF? Sudhanshu Rajbhar (@sudhanshur705) Google IDOR $1,000 03/21/2021
Finding My First Critical Vulnerability Thexssrat (@theXSSrat) - Information disclosure $250 03/21/2021
OTP brute-force via rate limit bypass Bilal Muqeet (@blmqt) - Bruteforce, Lack of rate limiting, OTP bypass - 03/21/2021
Cross Site Port Attack - A Stranger’s Call Jerry Shah (@Jerry) - XSPA - 03/21/2021
OAuth Misconfiguration found in small time-window of attack Muhammad Aamir (@Muhammad__Aamir) - OAuth misconfiguration $300 03/20/2021
A short story about an XSS in (CVE-2021-21320) Guilherme Keerok (@k33r0k) Mozilla XSS $500 03/19/2021
How to Harpon Big Blue! Clark Voss (@clark_voss) IBM Logic flaw, Exposed registration page - 03/19/2021
H2C Smuggling in the Wild Sean Yeoh (@seanyeoh) - HTTP request smuggling - 03/18/2021
TikTok for Android 1-Click RCE Sayed Abdelhafiz (@dPhoeniixx) TikTok RCE, XSS, Insecure intents - 03/18/2021
How I hacked Facebook: Part Two Alaa Abdulridha (@alaa0x2) Meta / Facebook SSRF, Account takeover, Cookie manipulation $54,580 03/18/2021
Chaining bugs for the greater good mohamad mahmoudi (@Lotus_619) - Blind XSS, CSRF - 10/19/2021
Stealing arbitrary GitHub Actions secrets Teddy Katz (@not_aardvark) GitHub Logic flaw $25,000 03/17/2021
Dangling DNS: Mohamed Elbadry (@_melbadry9) - Dangling DNS records, Subdomain takeover - 03/17/2021
Abusing Data Protection Laws For D0xing & Account Takeovers Hx01 (@Hxzeroone) - SSTI, Account takeover - 03/17/2021
CVE-2021-27076: A Replay-style Deserialization Attack Against Sharepoint Simon Zuckerbraun (@HexKitchen) Microsoft Insecure deserialization, RCE - 03/17/2021
An unknown Linux secret that turned SSRF to OS Command injection secureITmania (@secureitmania) - SSRF, Command injection - 03/17/2021
An Interesting Account Takeover!! Mayank Pandey (@mayank_pandey01) - IDOR, Account takeover, Weak encryption, Password reset flaw - 03/17/2021
Voice Confusion When Commenting On Watch Party Prakash Panta (@prakashpanta268) Meta / Facebook Information disclosure $1,000 03/16/2021
API Misconfiguration which leads to unauthorized access to servicedesk tickets Gaurav Popalghat (@N008x) - Information disclosure - 03/16/2021
De-anonymize the members of a private Facebook Group as a non-member. Baibhav Anand (@SpongeBhav) Meta / Facebook GraphQL bug, Information disclosure $4,500 03/15/2021
Facebook Group Members Disclosure. Baibhav Anand (@SpongeBhav) Meta / Facebook Information disclosure $9,000 03/15/2021
IDOR Vulenebility with empty response still exposing sensitive details of customers! Rahul Varale - IDOR - 03/14/2021
How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company Ahmad A Abdulla (@lu3ky13) Automattic, IBM, 8x8 SQL injection - 03/12/2021
Finding keys under the door Naveen Prakaasham K S V Paytm Stored XSS, Unrestricted file upload - 03/12/2021
Account Takeover Via Reset Password Worth 2000$ Ashutosh mishra (@ashutoshmish_ra) - Password reset flaw, Account takeover $2,000 03/12/2021
[Google VRP] How I Get Blind XSS At Google With Dork (First Bounty and HOF ) Rio Mulyadi (@riomulyadi_) Google Blind XSS $3,133.70 03/11/2021
Messing with GitHub’s fork collaboration for fun and profit Teddy Katz (@not_aardvark) GitHub Broken Access Control $30,000 03/10/2021
Business Logic Error on Registration Leads to SMS Validation Bypass pleorqy (@pleorqy) - 2FA bypass - 03/10/2021
Chain of Low Level Bugs and Misconfigurations Leads to Account Takeover pleorqy (@pleorqy) - Reflected XSS, Clickjacking, Account takeover - 03/10/2021
Finding Basic Authtoken in JAVASCRIPT file BY Full Automation Santosh Kumar Sha (@killmongar1996) - Information disclosure - 03/10/2021
Dangling DNS Records on (Amazon EC2)! Binit Ghimire (@WHOISbinit) Meta / Facebook Subdomain takeover, Dangling DNS records $500 03/10/2021
Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover Kleiton Kurti (@kleiton0x7e) - HTTP request smuggling, XSS - 03/09/2021 Alternative link
Write Up – Google VRP N/A: SSRF Bypass With Quadzero In Google Cloud Monitoring Omar Espino (@omespino) Google SSRF $0 (N/A) 03/08/2021
Dangling DNS: Amazon EC2 IPs (Current State) Mohamed Elbadry (@_melbadry9) 8x8 Dangling DNS records, Subdomain takeover - 03/08/2021
Stored XSS in Google Ads Android Application— $3133.70 Ashish Dhone (@ashketchum_16) Google Stored XSS, HTML injection $3,133.70 03/07/2021
Finding Hidden Login Endpoint Exposing Secret Client ID Ahmad Halabi (@Ahmad_Halabi_) - Information disclosure $700 03/07/2021
Exploiting a hidden and forgotten Bug Aditya Verma (@0cirius0) - SSRF - 03/07/2021
The easiest $2500 I got it from bug bounty program Abdullah Mohamed (@3bodymo_) Uber Information disclosure $2,500 03/06/2021
GKE Autopilot Node Compromise via SSH Metadata Anthony Weems Google Container escape $1,337 03/05/2021
GKE Autopilot Node Compromise via startup-script Anthony Weems Google Container escape $1,337 03/05/2021
Leveraging Template injection to takeover an account. Akash Methani (@0xAkash) - CSTI, XSS - 03/04/2021
Low hanging fruits on Facebook Group Room. Unable to remove post on group when post room add with event ($500) Randy Arios Meta / Facebook Logic flaw $500 03/04/2021
Stored XSS at Maor Dayan (@mord1234) Trello Stored XSS - 03/04/2021
Content Injection (RCE) in Yandex Browser for Android [2018] Nightwatch Cybersecurity (@nightwatchcyber) Yandex MiTM $0 03/03/2021
The Invincible Kid Samip Aryal (@samiparyal_) Meta / Facebook Logic flaw $500 03/03/2021
How I Might Have Hacked Any Microsoft Account Laxman Muthiyah (@laxmanmuthiyah) Microsoft Account takeover, Password reset flaw, Bruteforce, 2FA bypass $50,000 03/02/2021
Microsoft Edge Browser For IOS - Address Bar Spoofing Vulnerability Rafay Baloch (@rafaybaloch) Microsoft Address Bar Spoofing - 03/02/2021
GKE Autopilot Node Compromise via local-storage PersistentVolume Anthony Weems Google Container escape $1,337 03/01/2021
Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure Harsh Parekh (@notmarshmllow) - CORS misconfiguration, Information disclosure - 03/01/2021
Secret Key Exposure in API Config Directory Ahmad Halabi (@Ahmad_Halabi_) - Information disclosure $800 03/01/2021
Join Facebook Group With Unpublish Page gevakun Meta / Facebook Authorization flaw - 03/01/2021
RocketChat - Unauthenticated access to messages Rojan Rijal (@uraniumhacker) RocketChat Authorization flaw N/A (VDP) 03/01/2021
SSRF to fetch AWS credentials with full access to multiple services Zonduhackerone (@zonduu1) - SSRF - 02/28/2021
Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape Alex Chapman (@ajxchapman) - RCE - 02/28/2021
Admin Panel Accessed Via SQL Injection… (Ezy Boooom…😅) Ratnadip Gajbhiye (@scspcommunity) - SQL injection - 02/28/2021
Bragging Rights: Killing File Uploads softly Manas Harsh (@ManasH4rsh) - Unrestricted file upload, Stored XSS - 02/28/2021
Jira Auth Bypass bug in Google Acquisition (Apigee) Jayateertha Guruprasad (@JayateerthaG) Google Authentication bypass - 02/28/2021
Somebody Call The Plumber, GraphQL is Leaking Again… N0ur5 - Information disclosure, GraphQL bug - 02/28/2021
Any Account Takeover Through Privilege Escalation Shubham Chaskar (@chaskar_shubham) - Privilege escalation, Account takeover - 02/28/2021
Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554) champtar Kubernetes MiTM $1,000 02/28/2021
Host MITM attack via IPv6 rogue router advertisements (K8S CVE-2020-10749 / Docker CVE-2020-13401 / LXD / WSL2 / …) champtar Kubernetes MiTM $1,000 02/28/2021
Story About Stop 10000+ users to get Their job notification PJBorah - Logic flaw - 02/27/2021
Somebody Call The Plumber, GraphQL is Leaking Again… N0ur5 - Information disclosure, GraphQL bug $2,000 02/27/2021
IDOR which allowed me to view Personal Email Addresses of More than 50K Users! Savir Suda (@savxiety) - IDOR, Password reset flaw - 02/26/2021
SSRF: Bypassing hostname restrictions with fuzzing Dominic (@dee__see) Elastic SSRF - 02/26/2021
Account Takeover - Smoking with ‘null’ Jerry Shah (@Jerry) - Account takeover, Authentication flaw - 02/26/2021
Stealing user passwords through a VPN’s SSO Alain Mowat (@plopz0r) - Open redirect, SSTI - 02/25/2021
Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough Gal Nagli (@naglinagli) - Web cache poisoning, Stored XSS $1,000 02/25/2021
Hijacking Reset Password Link in via Host Header Poising (Write Up) Evan Ricafort (@evanricafort) Niteflirt Host header injection, Account takeover, Password reset flaw $50 02/25/2021
CSRF through URL with # tag parameter Tommysuriel - CSRF $100 02/25/2021
CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux John Jackson (@johnjhacking) Keybase Unencrypted storage $1,000 02/22/2021
Grafana Admin Panel bypass in Google Acquisition(VirusTotal) Jayateertha Guruprasad (@JayateerthaG) Google Default credentials - 02/22/2021
Let’s know How I have explored the buried secrets in Xamarin application secureITmania (@secureitmania) - Hardcoded API keys, Information disclosure - 02/21/2021
RCE On A Laravel Private Program Yasho (@YShahinzadeh) - RCE - 02/20/2021
Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli Yasser Mohammed (@boomneroli) - Race condition, Lack of rate-limiting, OTP bypass, SQL injection - 02/20/2021
Account Takeover via Response Manipulation worth 1800$.. Ashutosh mishra (@ashutoshmish_ra) - Authentication bypass, OTP bypass, Account takeover $1,800 02/20/2021
Build Pipeline Security xssfox (@xssfox) Amazon RCE - 02/18/2021
Account Take Over by Response Manipulation Naveen J (@thevillagehackr) - Authentication bypass, Account takeover - 02/17/2021
Expose information about Partner accounts in Partner portal Youssef Sammouda (@samm0uda) Meta / Facebook Information disclosure, GraphQL bug $3,600 02/17/2021
Expose Facebook object type (including private objects) Youssef Sammouda (@samm0uda) Meta / Facebook Information disclosure, Logic flaw $500 02/17/2021
Ability to find Facebook employee’s test accounts which lead to the disclosure of internal information. Youssef Sammouda (@samm0uda) Meta / Facebook Information disclosure, GraphQL bug $500 02/17/2021
Disclose internal CMS objects content Youssef Sammouda (@samm0uda) Meta / Facebook Information disclosure, Authorization flaw $500 02/17/2021
Confirm if an invitation is sent to a specific email in Partners Portal / Possibility to resend the invitation Youssef Sammouda (@samm0uda) Meta / Facebook Information disclosure, GraphQL bug $500 02/17/2021
XSS in Facebook CDN due to improper filtering of uploaded files extensions Youssef Sammouda (@samm0uda) Meta / Facebook XSS $500 02/17/2021
Enumerate internal cached URLs which lead to data exposure Youssef Sammouda (@samm0uda) Meta / Facebook Information disclosure, Caching issue $4,800 02/17/2021
Make recruiting referrals on behalf of employees Youssef Sammouda (@samm0uda) Meta / Facebook Authorization flaw, GraphQL bug $3,000 02/17/2021
Leaking Facebook user information to external websites / Setting some cookies values Youssef Sammouda (@samm0uda) Meta / Facebook GraphQL bug, Logic flaw, Information disclosure $2,000 02/17/2021
Access private information about SparkAR effect owners who has a publicly viewable portfolio Youssef Sammouda (@samm0uda) Meta / Facebook Authorization flaw, Information disclosure, GraphQL bug $1,500 02/17/2021
Open redirect in Youssef Sammouda (@samm0uda) Meta / Facebook Open redirect $500 02/17/2021
Story of a very lethal IDOR. Vedant Tekale (@_justYnot) - XSS, IDOR, Account takeover N/A (VDP) 02/17/2021
From AWS S3 Misconfiguration to Sensitive Data Exposure Jadek Mark (@mase289) - AWS misconfiguration - 02/17/2021
Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story) Imre Rad (@ImreRad) Google Configuration file injection, RCE - 02/16/2021
Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story) Imre Rad (@ImreRad) Google RCE - 02/16/2021
Hunting for bugs in Telegram’s animated stickers remote attack surface polict (@polict_) Telegram Memory corruption bug, DoS - 02/16/2021
Sub-domain Takeover on (AWS Elastic Beanstalk)! Binit Ghimire (@WHOISbinit) Meta / Facebook Subdomain takeover $500 02/16/2021
I Own your Cloud Shell: Taking over “Azure Cloud Shell” Kubernetes Cluster Through Unsecured Kubelet API 30,000$ Bounty Chen Cohen (@chencococococo) Microsoft Privilege escalation, RCE $30,000 02/15/2021
Access files uploaded by employees to internal CDNs / Regenerate URL signature of user uploaded content. Youssef Sammouda (@samm0uda) Meta / Facebook Authorization flaw, Logic flaw $12,500 02/15/2021
Full account takeover worth $1000 Think out of the box Mohsin Khan (@tabaahi_) - Account takeover, CSRF, IDOR $1,000 02/15/2021
Delete linked payments accounts of a Facebook page (or user) Youssef Sammouda (@samm0uda) Meta / Facebook Authorization flaw, Logic flaw $1,000 02/15/2021
URLs in img tag aren’t passed through safe_image.php which lead to exposure of Facebook users IPs. Youssef Sammouda (@samm0uda) Meta / Facebook Logic flaw $500 02/15/2021
Leak of internal categorySets names and employees test accounts. Youssef Sammouda (@samm0uda) Meta / Facebook Information disclosure $500 02/15/2021
View orders and financial reports lists for any page shop Youssef Sammouda (@samm0uda) Meta / Facebook Information disclosure, Authorization flaw $500 02/15/2021
Header manipulation to get the premier feature for free Saddam Hussain (@wisdomfreak1) - Logic flaw - 02/14/2021
Stored XSS in — $5000 Vishal Bharad - Stored XSS $5,000 02/14/2021
My first bounty (stored-xss) Karan sharma (@karansh491) - Stored XSS $1,000 02/14/2021
IDOR via Websockets allow me to takeover any users account Mohsin Khan (@tabaahi_) - IDOR $450 02/14/2021
How I Hacked Everyone’s Resume/CV’s and Got €€€ Vishal Bharad - IDOR, Authorization flaw, Information disclosure $250 02/14/2021
Changing other users Episode title & description - IDOR Vulnerability in [REDACTED] (Write Up) Evan Ricafort (@evanricafort) - IDOR $1,150 02/13/2021
[GITLAB] — Server Side Request Forgery in “Project Import” page. Lyubomir Tsirkov Gitlab SSRF $1,500 02/13/2021
[GITLAB] — Just another SSRF issue. Lyubomir Tsirkov Gitlab SSRF $1,000 02/13/2021
OAuth Misconfiguration Leads to Full Account takeover Yasser Mohammed (@boomneroli) - OAuth flaw, Clickjacking, CSRF, Account takeover - 02/13/2021
[GITLAB] — Just another SSRF issue. Lyubomir Tsirkov GitLab SSRF $1,000 02/12/2021
How I was able to get extra coins Saddam Hussain (@wisdomfreak1) - Logic flaw, Android app bug - 02/12/2021
Leaked Credentials gives access to Philippe Harewood (@phwd) Meta / Facebook Information disclosure $6,000 02/11/2021
Hacking and Accessing 50 Million Customer Records Sam Curry (@samwcyo) Reflected XSS, Information disclosure, Account takeover - 02/11/2021
The “P” in Telegram stands for Privacy Dhiraj (@RandomDhiraj) Telegram Privacy issue $3,000 02/11/2021
Escalating reflected XSS with HTTP Smuggling Hazana (@hazanasec) - HTTP request smuggling, Reflected XSS - 02/11/2021
Fastest Subdomain Take Over & DNS Misconfiguration Hunt. Kabeer (@iTheKabeer) - Subdomain takeover, DNS zone transfer - 02/10/2021
Sending ephemeral message to any Facebook user Rahul Kankrale (@RahulKankrale) Meta / Facebook IDOR - 02/10/2021
A Tale of 2nd $xxx Bounty from Facebook Kunjan Nayak Meta / Facebook Logic flaw $500 02/10/2021
Self-XSS to rXSS via Uploaded File Name P4nda (@InfoSecP4nda) - Self-XSS, Reflected XSS - 02/09/2021
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies Alex Birsan Paypal, Shopify, Apple, Netflix, Yelp, Uber, Microsoft & more! Dependency confusion $130,000+ 02/09/2021
Abusing URI Parsers for fun and profit Mohammad Owais (@_mohammadowais) - URL validation bypass $500 02/08/2021
Duplicate Registration - The Twinning Twins Jerry Shah (@Jerry) - Account takeover, Authentication flaw - 02/08/2021
Bigbasket Bug Bounty Writeup Lohith Gowda M (@lohi_gowda_) - Insecure Local Storage - 02/08/2021
Reflected XSS on a Public Program Naveen J (@thevillagehackr) - Reflected XSS - 02/08/2021
How I Gain Access to the Server Administration of a Million-Dollar Company Marx Chryz Del Mundo - Privilege escalation, Mass assignment $5,000 02/06/2021
Escalating SSRF to RCE Sander Wind (@SanderWind) - SSRF, RCE - 02/06/2021
XXE To AWS Metadata Disclosure Al-Madjus (@AlMadjus) - XXE $2,000 02/04/2021
Facebook Messenger Desktop App Arbitrary File Read Renwa (@RenwaX23) Meta / Facebook Arbitrary file read $2,000 02/04/2021
Page Admin Disclosed In Groups Due To Improper Session Handling In Facebook Web Samip Aryal (@samiparyal_) Meta / Facebook Information disclosure - 02/04/2021
Redwood Report2Web XSS and Frame injection vict0ni (@vict0ni) - Reflected XSS, Frame injection - 02/04/2021
Bug bounty failure stories to learn from: how we ended up to hack a bank with no reward Red Timmy Security (@redtimmysec) - DoS, Default credentials - 02/04/2021
Open Redirect vulnerability found using link parameter Muhammad Aamir (@Muhammad__Aamir) - Open redirect $100 02/04/2021
Microsoft Remote Desktop Web Access Authentication Timing Attack Matt Dunn Microsoft Timing attack, Authentication flaw - 02/04/2021
How I was able to Turn a XSS into a Account Takeover Josh Fam (@Pullerze) - Web cache poisoning, Stored XSS, Account takeover, OAuth flaw, Logic flaw - 02/03/2021
CVE-2020-9759 - Getting root on webOS Andreas Lindh (@addelindh) LG Local Privilege escalation, Browser bug - 02/03/2021
Stealing Chat session ID with CORS and execute CSRF attack Sunil Yedla (@sunilyedla2) - CSRF, CORS misconfiguration - 02/02/2021
Applying Offensive Reverse Engineering to Facebook Gameroom Eugene Lim (@spaceraccoonsec) Meta / Facebook Insecure deserialization - 02/02/2021
1st Facebook Bug Bounty | Disclose page’s admin to mod/admin of group nhiephon (@_nhiephon) Meta / Facebook Information disclosure - 02/02/2021
Spoofing and Attacking With Skype mr.d0x (@mrd0x) Microsoft Spoofing - 02/02/2021
Access developer tasks list of any Facebook Application (GraphQL IDOR) Amine Aboud (@amineaboud) Meta / Facebook IDOR - 02/01/2021
Disclose the FB profile of Facebook employees who create official announcement messages (Bug Bounty) Amine Aboud (@amineaboud) Meta / Facebook Information disclosure - 02/01/2021
An Account Takeover Vulnerability Due to Response Manipulation. Avanish Pathak (@avanish46) - Authentication bypass, Account takeover $4,100 01/31/2021
An unexpected bug Nitin yadav (@Nitinydv14) - Bruteforce - 01/31/2021
An Interesting Account Takeover Vulnerability Avanish Pathak (@avanish46) - IDOR, Account takeover - 01/30/2021
Android apk leaks access token to takeover the whole infrastructure Santosh Kumar Sha (@killmongar1996) - Information disclosure, Hardcoded credentials - 01/30/2021
How I chained P4 To P2 [Open Redirection To Full Account Takeover] Bishal Shrestha (@bishal0x01) - Open redirect, Account takeover - 01/30/2021
Broken Access Control & Stored XSS - Easy Hunt Kabeer (@iTheKabeer) - Stored XSS, IDOR - 01/29/2021
Destroying Armies and Villages through Cross-Site Scripting - Bug Bounty Write-up Fábio Freitas (@0xfabiof) InnoGames Stored XSS $1,000 01/29/2021
Cors Blimey: The power of chaining CORS Hazana (@hazanasec) - CORS misconfiguration, Stored XSS, CSRF - 01/28/2021
Launching Internal & Non-Exported Deeplinks On Facebook Ashley King (@AshleyKingUK) & Rahul Kankrale (@RahulKankrale) Meta / Facebook CSRF $4,000 01/28/2021
Analysing Crash Messages To Achieve Blind Root Command Injection Shawar Khan (@ShawarkOFFICIAL) - Command injection - 01/28/2021
Remote Code Execution – LimeSurvey (CVE-2018-7556) yeuchimse (@yeuchimse) - RCE - 01/28/2021
OTP Bypass Account Takeover to Admin Panel — Ft. Header Injection Avinash Jain (@logicbomb_1) - OTP bypass, Account takeover - 01/28/2021
Business Logic Error Methodology (easy way) + PoC-s Vuk Ivanovic - Logic flaw - 01/28/2021
How We Escaped Docker in Azure Functions Intezer Microsoft Privilege escalation - 01/27/2021
Weird functionality leads to Account Takeover (Millions of Users affected) Sahil Mehra (@nullr3x) - Account takeover, Authentication flaw $4,000 01/27/2021
Bragging Rights(Part 1): Short story of a bug wave Manas Harsh (@ManasH4rsh) - IDOR, Stored XSS, SSRF, Subdomain takeover, Hardcoded credentials $1,550 01/27/2021
Hijacking Google Drive Files (Documents, Photo & Video) Through Google Docs Sharing santuySec (@santuySec) Google Clickjacking $0 (Duplicate) 01/27/2021
$500 For No Rate Limit On Forgot Password Page BBHC (@community_bug) - Lack of rate-limiting, Password reset flaw $500 01/27/2021
Finding SSRF BY Full Automation Santosh Kumar Sha (@killmongar1996) - SSRF - 01/27/2021
BMW Bug Bounty – Account Verification Bypass writeup Pethuraj (@Pethuraj) BMW OTP bypass, Bruteforce, Lack of rate-limiting - 01/26/2021
Leaking issues from linked Jira – Atlassian Confluence Server yeuchimse (@yeuchimse) Atlassian XS-Search $600 01/25/2021
Get paid by smuggling, the legal way James Ling (@James_puppykok) - HTTP Request Smuggling - 01/25/2021
Chaining a self XSS to Account Takeover Arman Sameer (@ArmanSameer95) - Self-XSS, Reflected XSS, Account takeover - 01/25/2021
IDOR Revealing Images CDN Links susan wagle - IDOR - 01/25/2021
Bypassing WAF with incorrect proxy settings for Hunting Bugs. Shaurya Sharma (@ShauryaSharma05) - URL validation bypass - 01/25/2021
Sql Injection via hidden parameter Rutvik Hajare (@HajareRutvik) - SQL injection - 01/24/2021
$10,000 for automatic email confirmation bug in Microsoft’s Edge browser Karan Chaudhary (@0xKaran) Microsoft Logic flaw $10,000 01/23/2021
The Secret Parameter, LFR, and Potential RCE in NodeJS Apps CaptainFreak (@0xCaptainFreak) - Local File Read, RCE - 01/23/2021
CSRF Protection Bypass in Atlassian Confluence Server yeuchimse (@yeuchimse) Atlassian CSRF $3,600 01/22/2021
Page Admin Disclosure When Replying Comments Prakash Panta (@prakashpanta268) Meta / Facebook Information disclosure $500 01/22/2021
Staff Information Disclosure on Support Ticketing System ($x,xxx) Ph.Hitachi - Information disclosure - 01/22/2021
KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card Yogev Bar-On Amazon RCE $18,000 01/21/2021
Story Behind Sweet SSRF. Rohit Soni (@streetofhacker) - SSRF, XSS - 01/21/2021
SSRF Exploitation in Libreoffice Spreadsheet File Converter R4id3n (@R4id3n__) - SSRF - 01/21/2021
[Bug Bounty] 600$ Info Disclosure: obtain any user’s backup data Tommaso De Ponti - Information disclosure, IDOR - 01/19/2021
Open-redirect [in email] Akhil - Open redirect - 01/19/2021
Simple & Sweet: Bypass email update restriction to change emails of team members Sunil Yedla (@sunilyedla2) - Logic flaw, Authorization flaw - 01/19/2021
The Embedded YouTube Player Told Me What You Were Watching (and more) David Schütz (@xdavidhu) Google Information disclosure $1,337 01/18/2021
How I was rewarded a $1000 bounty after abusing File Upload functionality to Stored XSS Vulnerability leading to credential theft of a vistor in a website. Kunal Khubchandani (@iamkun4l) - Unrestricted file upload, Stored XSS $1,000 01/18/2021
Let’s know How I have explored the buried secrets in React Native application secureITmania (@secureitmania) - Information disclosure, Hardcoded credentials - 01/18/2021
ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792 Ashley King (@AshleyKingUK) Apple, Google Insecure deeplink, Information disclosure $0 01/17/2021
Strange Admin Panel Bypass Story | | Bug Bounty Ranjeet Kumar Singh (@geekboyranjeet) - Authentication bypass, Account takeover - 01/17/2021
My first and last crit of 2020 on Hackerone Takester (@dhiraj_ramteke) - Lack of rate-limiting, Bruteforce, IDOR, Password reset flaw, Account takeover - 01/16/2021
Finding 0day to hack Apple Harsh Jaiswal (@rootxharsh) &Rahul Maini (@iamnoooob) Apple RCE $50,000 01/16/2021
Weaponizing Apify for mass bug bounty $$$ Randy Gingeleski (@gingeleski) - Akamai ARL attack - 01/16/2021
Hacking naked Akamai ARL at scale Randy Gingeleski (@gingeleski) - Akamai ARL attack - 01/15/2021
BitLocker Lockscreen bypass Jonas L (@jonasLyk) Microsoft Lock screen bypass, Local privilege escalation - 01/15/2021
Attack of the clones 2: Git CLI remote code execution strikes back Vitor Fernandes (@Rapt00rVF) GitHub RCE - 01/15/2021
How I hijacked the top-level domain of a sovereign state Fredrik N. Almroth (@Almroot) Internet Bug Bounty Domain takeover - 01/15/2021
Insertion Of Malicious Links For Execution In Profile Picture - Unvalidated User Input In MS Sharepoint 2019 (CVE-2020-1456) David (@slashcrypto) & user_x73x76x6E Microsoft XSS - 01/15/2021
Irremovable Facebook group album photos and entire album under certain circumstances (Bounty: 1000 USD) Shubham Bhamare (@theshubh77) Meta / Facebook Logic flaw $1,000 01/14/2021
Tale of 2 TOOTB Bugs: Google and WhatsApp Circle Ninja (@circleninja) Google, Meta / Facebook Information disclosure, Logic flaw $0 01/14/2021
How I managed to trigger a Stored-XSS in an online store with the help of Cache Poisoning Schizo! - Web cache poisoning, Stored XSS N/A (VDP) 01/14/2021
Story of a really cool SSRF bug. Vedant Tekale (@_justYnot) - SSRF - 01/13/2021
Making Clouds Rain :: Remote Code Execution in Microsoft Office 365 Steven Seeley (@steventseeley) Microsoft RCE - 01/12/2021
Stealing User Information Via XSS Via Parameter Pollution Hamza Avvan (@hamzaavvan) - Open redirect, XSS $1,250 01/12/2021
CSRF with IDOR - A Deadly Combo Jerry Shah (@Jerry) - CSRF, IDOR - 01/12/2021
Unrestricted File Upload Binamra Pandey - Unrestricted file upload - 12/12/2021
Guest Blog Post: Leaking silhouettes of cross-origin images Aleksejs Popovs (@aleksejspopovs) Mozilla, Chrome Side-channel information leakage, Browser bug - 01/11/2021
Stealing Your Private YouTube Videos, One Frame at a Time David Schütz (@xdavidhu) Google IDOR $5,000 01/11/2021
UNEP Breached, 100K+ Employee Records Accessed Jackson Henry (@JacksonHHax), John Jackson (@johnjhacking), Nick Sahler (@nicksahler) & Aubrey Cottle United Nations Information disclosure N/A (VDP) 01/11/2021
Weblogic Remote Code Execution (Exploiting CVE-2019-2725) Mahmoud Gamal (@Zombiehelp54) - RCE - 01/10/2021
Unauthorized Access to OData Entities + $2K Bounty From Microsoft Borna Nematzadeh (@LogicalHunter) Microsoft Authorization flaw, Information disclosure $2,000 01/10/2021
How I was able to Regain access to account deleted by Admin leading to $$$ Rajesh Ranjan (@rajesh_ranjan) - Logic flaw, Authorization flaw - 01/10/2021
A ‘Novel’ Way to Bypass Executable Signature Checks with Electron Parsia Hackerman (@cryptogangsta) - Local privilege escalation - 01/08/2021
Create post on any Facebook page Pouya Darabi (@Pouyadarabi) Meta / Facebook IDOR $30,000 01/08/2021
Exploiting Application-Level Profile Semantics (APLS) Niemand (@niemand_sec) - APLS misconfiguration, API misconfiguration - 01/08/2021
Blind XSS in Google Analytics Admin Panel — $3133.70 Ashish Dhone Google Blind XSS $3,133.70 01/08/2021
Information Disclosure through Signup Endpoint Sunil Yedla (@sunilyedla2) - Information disclosure - 01/08/2021
Facebook: Linkshim protection bypass using fb://webview Rahul Kankrale (@RahulKankrale) Meta / Facebook Open redirect - 01/08/2021
$10,000 for a vulnerability that doesn’t exist Valeriy Shevchenko (@Krevetk0Valeriy) - Path traversal $10,500 01/07/2021
Github Organization Takeover By Claiming Owner Invitation Abss (@absshax) Github Account takeover, Logic flaw $5,000 01/07/2021
Stored XSS on Product Description [HIGH] — $400 Emanuel Beni Harijanto - Stored XSS $400 01/07/2021
Subdomain Take Over Worth 100£ c0d3x27 (@c0d3x27) - Subdomain takeover £100 01/07/2021
Finding bugs on Seqrity (@seqrity9) Lack of rate limiting, Bruteforce, CSRF $180 01/07/2021
Nick’s infrequently updated blog Nick Booher Cloudflare WAF bypass, IP spoofing - 01/06/2021
Achieving Remote Code Execution By Exploiting Variable Check Feature Shawar Khan (@ShawarkOFFICIAL) - RCE - 01/06/2021
Incident Response during Christmas TMO - Subdomain takeover - 01/05/2021
Each and every request make sense… Akshar Tank - Privilege escalation, Exposed JWT generation endpoint - 01/05/2021
Privilege Escalation: From being a normal user to admin Akshar Tank - Privilege escalation, Broken access control - 01/05/2021
Exploiting Max. Character Limitation Sunil Yedla (@sunilyedla2) - Logic flaw, DoS $400 01/05/2021
Patch. Bypass. Repeat: Story of a FaceBook Page Admin Disclosure bug worth $5000 Shubham Bhamare (@theshubh77) Meta / Facebook Information disclosure $5,000 01/04/2021
Expose the email address of Workplace users Youssef Sammouda (@samm0uda) Meta / Facebook IDOR, Information disclosure $5,000 01/03/2021
XSS on leads to Oculus and Facebook account takeovers Youssef Sammouda (@samm0uda) Meta / Facebook XSS, Account takeover $30,000 01/01/2021
API based IDOR to leaking Private IP address of 6000 businesses Rafi Ahamed (Leonidas D. Ace) - IDOR - 01/01/2021

Bug bounty writeups published in 2020

Title & URL Author Bug bounty program Vulnerability Reward $$$ Publication date Alternative link
Bad regex used in Facebook Javascript SDK leads to account takeovers in websites that included it Youssef Sammouda (@samm0uda) Meta / Facebook Account takeover, Parameter pollution $21,000 12/31/2020
Facebook bug bounty (500 USD) : A blocked fundraiser organizer would be unable to view or remove themselves from the fundraiser. Vivek ps (@vivekps143) Meta / Facebook DoS, Logic flaw $500 12/31/2020
Cross Domain Referrer Leakage Mohsinalibukc - Cross-Domain Referrer Leakage $300 12/31/2020
Replying Comments On Someone’s Livestream From Page Is Posted As Personal Identity Prakash Panta (@prakashpanta268) Meta / Facebook Information disclosure $500 12/30/2020
Group Admin Can’t Able To Moderate Comments When Posted Through Page : Facebook Bug Bounty 2020 Prakash Panta (@prakashpanta268) Meta / Facebook Logic flaw - 12/30/2020
Event Creator Is Not Able To Block The Attacker During Event Livestream Prakash Panta (@prakashpanta268) Meta / Facebook Logic flaw $0 (Informative) 12/30/2020
Cache-Key Normalization - What could go wrong? youstin (@iustinBB) - Web cache poisoning, DoS - 12/29/2020
Sensitive data leak using IDOR in integration service Ronak Patel (@ronak_9889) - IDOR - 12/29/2020
Facebook page admin disclosure by “Create doc” button (Bounty: 5000 USD) Shubham Bhamare (@theshubh77) Meta / Facebook Information disclosure $5,000 12/28/2020
How I Got My First Bounty & Hof From Google (CSRF Lead To Account Delete) Bhupendra Rajbhar (@bhupendra1238) Google CSRF - 12/28/2020
[Google VRP] Hijacking Google Docs Screenshots Sreeram KL (@kl_sree) Google PostMessage bug, XSS - 12/27/2020
Regular expression injection, a code review low hanging fruit Dominic (@dee__see) - ReDoS - 12/27/2020
Chaining CORS by Reflected xss to Account takeover #My first Blog Santosh Kumar Sha (@killmongar1996) - CORS misconfiguration, Reflected XSS, Account takeover - 12/26/2020
Facebook page admin disclosure by “Message Seller” button (Bounty: 1500 USD) Shubham Bhamare (@theshubh77) Meta / Facebook Information disclosure $1,500 12/26/2020
Full Address Bar Spoofing On Opera Mini Android Piyush Raj ~ Rex (@0x48piraj) Opera, Google Address Bar Spoofing - 12/26/2020
EN | Account Takeover via Web Cache Poisoning based Reflected XSS Lütfü Mert Ceylan (@lutfumertceylan) - Reflected XSS, Web cache poisoning, Account takeover - 12/26/2020
Hiding from custom story privacy list is possible in FBlite making the victim unable to remove you from the list. Baibhav Anand (@SpongeBhav) Meta / Facebook Logic flaw $500 12/24/2020
Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge Eugene Lim (@spaceraccoonsec) Node.js third-party modules Prototype pollution - 12/23/2020
Cookie Tossing to RCE on Google Cloud JupyterLab s1r1us (@S1r1u5_) Google Self-XSS, DoS, CSRF, RCE $3133.70 12/23/2020
Hack crypto secrets from heap memory to exploit Android application secureITmania (@secureitmania) - Cryptographic issues - 12/22/2020
SSTI in Google Maps s1r1us (@S1r1u5_) Google SSTI $0 (Informative) 12/22/2020
This is how I was able to view anyone’s private email and birthday on Instagram Saugat Pokharel (@saugatpk5) Meta / Facebook Information disclosure, Logic flaw $13,125 12/20/2020
Facebook bug Bounty -Finding the hidden members of the private events. Vivek ps (@vivekps143) Meta / Facebook Information disclosure, Logic flaw $1,000 12/20/2020
Worth $1,500 IDOR (Access Unauthorize Data) Muhammad Asim Shahzad (@protector47) - IDOR $1,500 12/20/2020
Write Up: Google VRP N/A – Sandboxed Rce As Root On Apigee API Proxies Omar Espino (@omespino) Google RCE $0 (N/A) 12/19/2020
Broken Access Control on subdomain leads to Mass Account Takeover of Samsung employees application accounts Gal Nagli (@naglinagli) Samsung Information disclosure, Account takeover, Authorization flaw $0 (OOS) 12/18/2020
Misconfigured s3 bucket leads to Sensitive Data exposure(No super controls ) Virdoexhunter - AWS misconfiguration $400 12/18/2020
My Bug Bounty Journey and My First Critical Bug — Time Based Blind SQL Injection Marx Chryz - SQL injection $3,500 12/17/2020
Github Secrets exposed due to RCE in Formatter Action from pull_request_target event Anthony Weems Google RCE $500 12/17/2020
D-Link: Multiple Security Vulnerabilities Leading to RCE Harold Zang D-Link RCE, Authentication bypass, Information disclosure N/A (VDP) 12/17/2020
How I hacked IBM and got full access on many services? Abdullah Mohamed (@3bodymo_) IBM Information disclosure - 12/16/2020
JavaScript analysis leading to Admin portal access Rikesh Baniya / NotRickyy (@rikeshbaniya) - Authorization flaw, Broken access control - 12/16/2020
TikTok Careers Portal Account Takeover Lauritz (@lauritz) TikTok CSRF, Open redirect, Account takeover $2,373 12/15/2020
Download Filename Manipulation due to improper rendering of RTLO characters Jayateertha Guruprasad (@JayateerthaG) - RTLO - 12/15/2020
Disclosing the members of private Facebook Group as a non-member. Baibhav Anand (@SpongeBhav) Meta / Facebook Authorization flaw, Logic flaw $4,500 12/15/2020
Confirm an email address belonging to a specific user abdellah yaala (@yaalaab) Meta / Facebook Information disclosure $5,000 12/12/2020
How I hacked Facebook: Part One Alaa Abdulridha (@alaa0x2) Meta / Facebook Lack of authentication, Authentication bypass, Account takeover $7,500 12/11/2020
How i got my First Bug Bounty in Intersting Target (LFI to SXSS) Ph.Hitachi - LFI, Stored XSS $250 12/11/2020
How I dumped PII information of customers in an ecommerce site? Rikesh Baniya / NotRickyy (@rikeshbaniya) - AWS misconfiguration - 12/11/2020
Exploiting new-era of Request forgery on mobile applications Sayed Abdelhafiz (@dPhoeniixx) Pinterest CSRF, Account takeover - 12/11/2020
Hiding from a custom list is possible on who sees our post is possible making victim not remove them from the list. Baibhav Anand (@SpongeBhav) Meta / Facebook Logic flaw $500 12/11/2020
Game On – Finding vulnerabilities in Valve’s “Steam Sockets” Eyal Itkin (@EyalItkin) Valve Memory corruption bug - 12/10/2020
Content-Security-Policy Bypass to perform XSS using MIME sniffing Kleiton Kurti (@kleiton0x7e) - XSS, CSP bypass - 12/10/2020
Hacking — Tamper with the URL Parameters, especially if they modify the page Jack - HTTP Parameter Pollution - 12/09/2020
Facebook leak referrer data Neil Mark Ochea (@nmochea) Meta / Facebook Open redirect - 12/08/2020
How I Was Able To Take Over One Of Dell’s Subdomains Taha Bıyıklı (@tahabykl) Dell Subdomain takeover - 12/08/2020
Facebook push notification linkshim bypassed Neil Mark Ochea (@nmochea) Meta / Facebook Open redirect - 12/07/2020
“Important, Spoofing” - zero-click, wormable, cross-platform remote code execution in Microsoft Teams Oskars Vegeris Microsoft RCE, Stored XSS, CSP bypass, CSTI - 12/07/2020
Story of the best vulnerability I’ve found so far… Vedant Tekale (@_justYnot) - Self-XSS, Blind XSS, Account takeover - 12/07/2020
[CVE-2019-17674 & CVE-2020-11025] Stored XSS through navigation menu item edited in Customizer in Wordpress (Write Up) Evan Ricafort (@evanricafort) WordPress Stored XSS $600 12/06/2020
RCE via LFI Log Poisoning - The Death Potion Jerry Shah (@Jerry) - RCE, LFI, Log poisoning N/A (VDP) 12/06/2020
How Redirects work on Facebook? Technical breakdown Abhisek R (@abh1sek_r) Meta / Facebook Open redirect $0 12/06/2020
Opera Browser Cross Site Scripting (XSS) Neil Mark Ochea (@nmochea) Opera XSS - 12/05/2020
$10000 Facebook SSRF (Bug Bounty) Amine Aboud (@amineaboud) Meta / Facebook SSRF $10,000 12/03/2020
Leaking Credit card Activity in logs? Yes Sir! Rody Shahnazarian (@Komradz86) - Information disclosure $800 12/03/2020
Cross Site Scripting (XSS) Reflected in one of the subdomains of “General Motors”(Bugbounty) - General Motors Reflected XSS N/A (VDP) 12/03/2020
Site Wide CSRF On Glassdoor Tabahi (@_tabahi) Glassdoor CSRF $3,000 12/03/2020
Leaking Browser URL/Protocol Handlers Tabahi (@_tabahi) Google, Microsoft, Mozilla Information disclosure $0 (Informative) 12/03/2020
SSTI to Local File Read Demon (@R29k_) - SSTI, LFI - 12/02/2020
Hacking — Always check out the Images Jack GitLab Information disclosure $500 12/02/2020
An iOS zero-click radio proximity exploit odyssey Ian Beer (@i41nbeer) Apple Buffer overflow - 12/01/2020
Chaining vulnerabilities lead to account takeover Ahmed (@ahzsec) - Account takeover, Password reset flaw, Open redirect, Lack of rate limiting $0 (Duplicate) 12/01/2020
Exploiting Blind Postgresql Injection And Exfiltrating Data In Psycopg2 Shawar Khan (@ShawarkOFFICIAL) - SQL injection $3,000 11/30/2020
AliExpress Captcha Reuse Unicorn Security AliExpress Captcha bypass - 11/30/2020
Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities Ahmad Halabi (@Ahmad_Halabi_) - Rate limiting bypass $1,000 11/29/2020
Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB DarkLotus (@darklotuskdb) - Information disclosure, Account takeover - 11/29/2020
The Story of my first critical bug Shellbr3ak (@0xShellbr3ak) - SQL injection - 11/29/2020
How i got easy $$$ for SQL Injection Bug Rafi Andhika Galuh - SQL injection - 11/26/2020
Pre-Account Takeover using OAuth Misconfiguration the_unluck_guy (@7he_unlucky_guy) - OAuth flaw $800 11/26/2020
SD-PWN Part 4 — VMware VeloCloud — The Last Takeover Realmode Labs (@RealmodeLabs) VMware RCE, Authentication bypass, Default credentials, SQl injection, Path traversal, LFI - 11/26/2020
How images on Github will leak your private information fuomag9 (@fuomag9) Github Information disclosure $0 (Informative) 11/24/2020
Reflected Cross Site Scripting on REDACTED Program (Bounty: 750$) can1337 (@canmustdie) - Reflected XSS $750 11/23/2020
SD-PWN — Part 3 — Cisco vManage — Another Day, Another Network Takeover Realmode Labs (@RealmodeLabs) Cisco RCE, SSRF, Arbitrary file write, Path traversal, OS command injection, Local Privilege Escalation - 11/23/2020
Fixing a Google Vulnerability I (@InsecureNature) & Allison Donovan (@matter_of_cat) Google Privilege escalation - 11/22/2020
Escalating XSS to Account Takeover Aditya Verma (@0cirius0) - Reflected XSS, Account takeover - 11/22/2020
Weird (im)possible XSS on error page Rody Shahnazarian (@Komradz86) - Reflected XSS - 11/21/2020
2 Reflected XSS In Razer Mostafa Razer Reflected XSS - 11/21/2020
Turning Blind Error Based SQL Injection into Exploitable Boolean One Ozgur Alp (@ozgur_bbh) - SQL injection - 11/21/2020
Exploiting dynamic rendering engines to take control of web apps Vasilii Ermilov (@ermil0v) - SSRF, Open redirect $5,000 11/19/2020
Bypassing the Redirect filters with 7 ways ElMahdi Mrhassel (@ElMrhassel) - Open redirect, OAuth flaw - 11/19/2020
Arbitrary File Write On Client By ADB Pull Serafina (Sera) Tonin Brocious (@daeken) Google Arbitrary file write $0 11/19/2020
Out of Band XXE in an E-commerce IOS app Gaurang Bhatnagar (@0xgaurang) - XXE - 11/19/2020
GraphQL IDOR in Facebook streamer dashboard. Kailash (@Corrupted_brain) Meta / Facebook IDOR, GraphQL bug $2,000 11/18/2020
Server Side Misconfigurartion - A Funny Fix Jerry Shah (@Jerry) Basecamp Information disclosure $100 11/18/2020
Tale of 3 vulnerabilities to account takeover! Avinash Jain (@logicbomb_1) - SSRF, Account takeover - 11/17/2020
Firefox: How a website could steal all your cookies Pedro Oliveira (@kanytu) Mozilla Arbitrary file read $5,000 11/16/2020
Stealing User’s PII info by visiting API endpoint directly Kunal pandey (@kunalp94) - Information disclosure, Logic flaw $500 11/16/2020
RCE via Server-Side Template Injection Gaurav Mishra (@gmishra010) - SSTI, RCE - 11/15/2020
Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data YoKo Kho (@YokoAcc) - Information disclosure, Broken access control, IDOR, SQL injection $4,750 11/15/2020
Microsoft Bug Bounty Writeup – Stored XSS Vulnerability Pethuraj (@Pethuraj) Microsoft Stored XSS - 11/15/2020
Weak Cryptography to Account Takeover’s letmeslidein (@VasuYadaav) - Cryptographic issues, Account takeover, IDOR - 11/15/2020
Exploiting API with AuthToken Rafi Ahamed (Leonidas D. Ace) - Token leak, Information disclosure - 11/15/2020
SD-PWN Part 2 — Citrix SD-WAN Center — Another Network Takeover Realmode Labs (@RealmodeLabs) Citrix RCE, Authentication bypass, Path traversal, OS command injection, Local Privilege Escalation - 11/15/2020
Account takeover through password reset Omar Hamdy (@seaman00o) - Account takeover, Password reset flaw $2,000 11/14/2020
Theoretically Possible To Practical Account Takeover Mukul Lohar (@ironfisto) - IDOR, Account takeover - 11/14/2020
Replying Comments On Someone’s LiveStream From Page is Posted as Personal Identity Prakash Panta (@Prakashpanta268) Meta / Facebook Logic flaw $500 11/13/2020
Smuggling an (Un)exploitable XSS Julien Ahrens (@MrTuxracer) - HTTP Request Smuggling, XSS - 11/13/2020
How I Found The Facebook Messenger Leaking Access Token Of Million Users Guhan Raja (@havocgwen) Meta / Facebook Information disclosure $16,125 11/13/2020
Interesting case of SQLi Nik srivastava (@niksthehacker) - SQL injection $3,000 11/13/2020
How a simple bug in Facebook Lite let me win my first bug bounty from Facebook Samip Aryal (@samiparyal_) Meta / Facebook Information disclosure $500 11/13/2020
User’s private watched videos/saved videos exposed through a messenger call from a locked smartphone. Samip Aryal (@samiparyal_) Meta / Facebook Information disclosure, Authorization flaw $500 11/13/2020
Evading Filters to perform the Arbitrary URL Redirection Attack Harsh Bothra (@harshbothra_) - Open redirect - 11/12/2020
Bounty $1000 — Critical Business Logic Flaw leads to Account Takeover & Product Order Amount Manipulation Muhammad Asim Shahzad (@protector47) - Logic flaw, Account takeover, Price tampering $1,000 11/12/2020
Evernote: Universal-XSS, theft of all cookies from all sites, and more Oversecured (@OversecuredInc) Evernote UXSS - 11/12/2020
Local Privilege Escalation Vulnerability Discovered in VMware Fusion Rich Mirch (@0xm1rch) VMware Local Privilege Escalation - 11/11/2020
31k$ SSRF in Google Cloud Monitoring led to metadata exposure David Nechuta (@david_nechuta) Google SSRF $31,337 11/10/2020
SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever ! Sayaan Alam (@ehsayaan) Dropbox SSRF $4,913 11/10/2020
Chaining password reset link poisoning, IDOR, and information leakage to achieve account takeover at Jadek Mark (@mase289) - HTTP header injection $0 (Duplicate) 11/10/2020
Firefox for Android: LAN-Based Intent Triggering initstring (@init_string) Mozilla Insecure intents - 11/10/2020
Facebook iOS address bar spoofing Rahul Kankrale (@RahulKankrale) Meta / Facebook Address Bar Spoofing $1,500 11/10/2020
Silver Peak Unity Orchestrator RCE Realmode Labs (@RealmodeLabs) Silver Peak RCE, Authentication bypass, Path traversal, SQL injection N/A (VDP) 11/08/2020
How i could take over any Account on a USA Department of Defense Website due to a simple IDOR Gal Nagli (@naglinagli) U.S. Dept Of Defense IDOR, Account takeover - 11/07/2020
Facebook DOM Based XSS using postMessage Samm0uda (@samm0uda) Meta / Facebook DOM XSS, postMessage bug $25,000 11/07/2020
Attack of the clones: Git clients remote code execution Vitor Fernandes (@Rapt00rVF) & Julio Fort GitHub RCE $0 (Duplicate) 11/06/2020
Story of a Pre-Account Takeover Kushal Dhakal (@dhakal0kushal) - Account takeover, OAuth flaw - 11/06/2020
1000$ for Open redirect via unknown technique [BugBounty writeup] ruvlol GitLab Open redirect $1,000 11/05/2020
How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day sickcodes (@sickcodes) Brave Software Information disclosure $100 11/05/2020
Delete Any Photos In Facebook Lokesh Kumar (@lokeshdlk77) Meta / Facebook Authorization flaw, Logic flaw $10,750 11/04/2020
From a 500 error to Django admin takeover Shashank (@cyberboyIndia) - Authorization bypass, Account takeover $3,000 11/03/2020
Forcing for a bounty$$ Rafi Ahamed (Leonidas D. Ace) - Authorization flaw $500 11/03/2020
Reveal the page admin that uploaded a video on the page in comment section Lokesh Kumar (@lokeshdlk77) Meta / Facebook Information disclosure, Logic flaw $4,838 11/02/2020
CVE-2020-13294 Lauritz (@lauritz) GitLab Authentication flaw, OpenID Connect vulnerability, OAuth - 11/01/2020
Subdomain Takeover in Azure: making a PoC Diego Bernal Adelantado (@secfaults) - Subdomain takeover - 11/01/2020
Leaked .git folder leads to RCE James Clee (@jtcsec) - .git folder disclosure, RCE - 11/01/2020
An often overlooked Oauth misconfiguration. & Payload VipItHunter (@VipItHunter1) - OAuth misconfiguration - 11/01/2020
How i got 7000$ in Bug-Bounty for my Critical Finding. Kishan Kumar / Noobie BoY (@hst_kishan) - Information disclosure $7,000 10/31/2020
Abusing ‘Report Abuse’ Aseem Shrey (@AseemShrey) - Logic flaw, Authorization flaw $200 10/31/2020
Beyond the wall: command injection still alive. Ahmed Constant (@a_Constant_) - Command injection - 10/31/2020
Hinge Hackerone Writeup Tyler Butler (@tbutler0x90) Hinge Broken access control - 10/31/2020
Ability To Backdoor Facebook For Android Ashley King (@AshleyKingUK) Meta / Facebook Insecure deeplink - 10/30/2020
Wormable remote code execution in Alien Swarm mev Valve RCE - 10/30/2020
Rate Limit Bypassing Allowing Identity Spoofing Mohamed Talaat (@T4144t) - Rate limiting bypass, OTP bypass - 10/29/2020
Manual broken link monitoring GrumpinouT (@RVerwilghen) - Broken link hijacking - 10/29/2020
Story of an interesting bug. Vedant Tekale (@_justYnot) - Lack of rate limiting, DoS - 10/28/2020
Error-Based SQL Injection on a WordPress website and extract more than 150k user details Ynoof Alassiri - SQL injection - 10/27/2020
Automating xss identification with Dalfox & Paramspider Paras Arora (@parasarora06) - Reflected XSS - 10/27/2020
The YouTube bug that allowed unlisted uploads to any channel Ryan Kovatch Google IDOR, Information disclosure $6,337 10/27/2020
How i got 250$ in 5 munites using my phone Hamzadzworm Basecamp HTML injection $250 10/26/2020
TikTok fixes privacy issue discovered by Check Point Research Eran Vaknin & Alon Boxiner TikTok Information disclosure - 10/26/2020
Link Previews: How a Simple Feature Can Have Privacy and Security Risks Talal Haj Bakry (@parasarora06) & Tommy Mysk Discord, Meta / Facebook, Google, LINE, LinkedIn, Slack, Twitter, Zoom Information disclosure - 10/25/2020
Perform substring search for emails even if Workplace admin hides email profile field. Rahul Kankrale (@RahulKankrale) Meta / Facebook Broken access control, Authorization flaw $1,000 10/25/2020
My first bug on Google Manas Harsh (@ManasH4rsh) Google IDOR - 10/25/2020
Accidental Observation to Critical IDOR Harsh Bothra (@harshbothra_) - IDOR - 10/24/2020
Samsung S20 - RCE via Samsung Galaxy Store App F-Secure Samsung RCE $0 10/23/2020
300$ P3 Easy Bug in 30 Seconds Omar Hamdy (@seaman00o) - Lack of authentication, Broken access control $300 10/22/2020
Perform substring search for emails even if Workplace admin hides email profile field. Rahul Kankrale (@RahulKankrale) Meta / Facebook Authorization flaw $2,000 10/21/2020
Facebook Page Admin Disclosure Rahul Kankrale (@RahulKankrale) Meta / Facebook Information disclosure $3,000 10/21/2020
GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty William Bowling / vakzz (@wcbowling) GitHub RCE, Path traversal $25,000 10/20/2020
Back to 2019: Disclosure Employers PII and Credentials Saneklarek (@wh11tew0lf) - Information disclosure $1,000 10/20/2020
Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers Rafay Baloch (@rafaybaloch) Yandex, Apple, Opera Address Bar Spoofing - 10/20/2020
Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers James Sanderson (@zofrex) NHS COVID-19 App Authentication bypass, JWT bug, Android bug N/A (VDP) 10/20/2020
GitHub Gist - Account takeover via open redirect - $10,000 Bounty William Bowling / vakzz (@wcbowling) GitHub Open redirect, Account takeover $10,000 10/19/2020
GitHub - RCE via git option injection (almost) - $20,000 Bounty William Bowling / vakzz (@wcbowling) GitHub RCE $20,000 10/18/2020
Discord Desktop app RCE Masato Kinugawa (@kinugawamasato) Discord RCE $5,000 10/17/2020
Weaponizing XSS For Fun & Profit Saad Ahmed (@XSaadAhmedX) - XSS, CSRF $2,200 10/14/2020
I had fun with this XSS yappare (@yappare) - XSS - 10/13/2020
Blind SSRF - The Hide & Seek Game Shrey Shah (@ShreySh43332033) - Blind SSRF $400 10/13/2020
How I find my first P1 level Bug. $$$ Harsh - XSS - 10/13/2020
Disclose Emails, phone numbers, more For Facebook users who tried to add funds to their account Mustafa Ahmed (@mustafa0x2021) Meta / Facebook Information disclosure $500 10/12/2020
Guest Blog Post: Rollback Attack Xiaoyin Liu (@general_nfs) Mozilla Local Privilege Escalation - 10/12/2020
Unauthorized access to all the user’s account. Rahul Naidu - Account takeover, Authentication bypass, JWT misconfiguration - 10/12/2020
Leveraging XSS to Read Internal Files Aditya Dixit (@zombie007o) - XSS, LFI - 10/09/2020
JS is l0ve ❤️. Shivam Kamboj Dattana (@sechunt3r) - Information disclosure, API key leakage $5,000 10/09/2020
Weak Password Setting function on dark-haxor Practo Authorization flaw $0 (Won’t fix) 10/09/2020
CVE-2018–5230 | JIRA Cross Site Scripting Paras Arora (@parasarora06) - Reflected XSS - 10/09/2020
Exploiting Admin Panel Like a Boss Shivam Kamboj Dattana (@sechunt3r) - Authorization bypass, Weak credentials $1,500 10/08/2020
ATO via Host Header Poisoning Shivam Kamboj Dattana (@sechunt3r) - Host header injection, Account takeover, Password reset flaw $2,000 10/08/2020
Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure Intezer Microsoft Privilege escalation, RCE - 10/08/2020
SVE-2020-18025: Unauthorised access to Samsung secure folder files Rahul Kankrale (@RahulKankrale) Samsung Authorization flow $3,750 10/07/2020
Research: The mass CSRFing of products. Missoum Said (@missoum1307) Google CSRF $30,000 10/07/2020
6k$ Worth Account Takeover via IDOR in Starbucks Singapore Kamil Onur Özkaleli (@ko2sec) Starbucks IDOR, Account takeover $6,000 10/07/2020
Sensitive Info Leak in Curve App [Bug Bounty] ΡRΛSΞUDΟ ® (@praseudo) Curve Information disclosure $1,500 10/07/2020
Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program McAfee Advanced Threat Research (ATR) Microsoft Local privilege escalation, RCE, Security Feature bypass $160,000 10/06/2020
90 days, 16 bugs, and an Azure Sphere Challenge Cisco Talos Microsoft Local privilege escalation, RCE, DoS, Information disclosure - 10/06/2020
Watch your requests! Open redirect to a complete account takeover Suraj Disoja (@ninetyn1ne_) - Path traversal, Open redirect, SSRF, Account takeover - 10/05/2020
Easy wins : verbose error worth Facebook HOF Mukul Lohar (@ironfisto) Meta / Facebook Information disclosure $500 10/05/2020
Leveraging LFI to RCE in a website with +20000 users Kleiton Kurti (@kleiton0x7e) - LFI, RCE - 10/04/2020
Spend more time doing recon, you’ll find more BUGS. Vedant Tekale (@_justYnot) - Reflected XSS, Information disclosure - 10/03/2020
Exploiting Payment Gateways letmeslidein (@VasuYadaav) - Payment tampering - 10/03/2020
Journey Of My First Bug Bounty (Nov 2018) Harsh Tyagi (@harshtya9i) Samsung Authentication bypass $200 10/02/2020
Arbitrary code execution on Facebook for Android through download feature Sayed Abdelhafiz (@dPhoeniixx) Meta / Facebook Arbitrary code execution $10,000 10/02/2020
The Powerful HTTP Request Smuggling 💪 Ricardo Iramar dos Santos (@ricardo_iramar) - HTTP Request Smuggling $17,050 10/01/2020
Write Up – Google Bug Bounty: XSS To Cloud Shell Instance Takeover (Rce As Root) – $5,000 USD Omar Espino (@omespino) Google XSS, RCE $5,000 10/01/2020
RCE on Spip and Root-Me Laluka (@TheLaluka) SPIP RCE, SQL injection, XSS, Open redirect, Reflected file download N/A (VDP) 09/29/2020
Story of a weird vulnerability I found on Facebook Amine Aboud (@amineaboud) Meta / Facebook Authentication bypass, Information disclosure - 09/30/2020
The Art of IDOR: 7 IDORs in Edm0d0 Pratyush Anjan Sarangi Edmodo IDOR - 09/29/2020
Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts Thomas Orlita (@ThomasOrlita) Google GCP bucket misconfiguration, Information disclosure - 09/29/2020
Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call Yasho (@YShahinzadeh) - Account takeover - 09/28/2020
P1: Critical - Discovering and Foiling a Threat Actor Jackson Henry (@JacksonHHax) & John Jackson (@johnjhacking) - Information disclosure $1,550 09/27/2020
5 Ways to do Account Takeover in a Single Website letmeslidein (@VasuYadaav) - Account takeover, OAuth misconfiguration, Lack of rate limiting, OTP bypass, IDOR, JWT misconfiguration - 09/27/2020
Chains on Chains: Chaining multiple low-level vulns into a Critical. Daniel Marte (@Masonhck3571) - Blind XSS, CSP bypass, Lack of rate limiting, Exposed JWT generation endpoint - 09/26/2020
Hacking the Medium partner program Mohammad-Ali Bandzar Medium Logic flaw - 09/26/2020
Parameter Tampering ₹→$ SuneetSingh - Parameter tampering - 09/26/2020
Advisory: security issues in AWS KMS and AWS Encryption SDKs Thai Duong (@XorNinja) Amazon Cryptographic issues, Information disclosure - 09/25/2020
PII Leakage via IDOR + Weak PasswordReset = Full Account Takeover Pradeep Kumar (@Killer007p) - IDOR, Information disclosure - 09/25/2020
Dangling DNS: AWS EC2 Mohamed Elbadry (@_melbadry9) - Dangling DNS records, Subdomain takeover $2,900 09/24/2020
VMware Workstation: Attack surface through Virtual Printer Lê Hữu Quang Linh (@linhlhq) VMware Memory corruption bug, Integer overflow - 09/23/2020
#Bugbounty- “How I was able to see other users Payments in a travel application” — IDOR #800$ ganiganesh (@ganiganeshss79) - IDOR, Information disclosure $800 09/22/2020
Fun with Header and Forget Password Vuk Ivanovic - HTTP Header Injection - 09/22/2020
suPHP - The vulnerable ghost in your shell🎯Business Logic Flaw in Google Acquisition! (Hall Of Fame)🎯 Ritesh Gohil (@RiteshG37659480) Google Logic flaw - 09/21/2020
suPHP - The vulnerable ghost in your shell Maxime (@punkeel) & (@swapgs) - Local privilege escalation - 09/21/2020
Unauthenticated File upload Vulnerability on Synology Sub-domain Touhid Shaikh Synology Unrestricted file upload $2,000 09/20/2020
How I earned $500 from Google - Flaw in Authentication Hemant Patidar (@HemantSolo) Google Authentication flaw $500 09/20/2020
$25K Instagram Almost XSS Filter Link — Facebook Bug Bounty Andres Alonso (@al0nnso) Meta / Facebook Stored XSS $25,000 09/20/2020
How I By-pass the login page and 2FA authentication….. Harsh - Authentication bypass, OTP bypass, 2FA bypass - 09/20/2020
Cross-tenant Cloud Function compromise via storage bucket squatting Anthony Weems Google Cross-tenant vulnerability $3,133.70 09/20/2020
Remote code execution in import image task via storage bucket squatting Anthony Weems Google RCE $3,133.70 09/19/2020
Emoji error handling shesha sai_c (@Cyb3r_4ss4s1n) - SQL injection - 09/19/2020
CVE-2020-9964 - An iOS infoleak Muirey03 (@Muirey03) Apple Memory initialisation issue - 09/19/2020
Privilege Escalation via Account Takeover on NodeBB Forum Software — Bug Bounty (512$) — CVE-2020–15149 Muhammed Eren Uygun (@erenuyguun) NodeBB IDOR, Account takeover $512 09/19/2020
Reflected XSS via a hidden parameter on Dutch Gov. website Supras (@LdrTom) Dutch Government Reflected XSS N/A (VDP) 09/19/2020
My First Bug Bounty From Bug Bounty Platform Novan Aziz Ramadhan (@novan_rmd) RedStorm CSRF - 09/17/2020
Dropbox Escalation of Privileges to SYSTEM on Windows Teresa Alberto Dropbox Local privilege escalation $0 (Duplicate) 09/17/2020
Res-block: Extension Resources Block Attack on Chrome’s Incognito Mode Piyush Raj (@0x48piraj) Google Browser bug - 09/16/2020
Exploiting a “Useless” Cookie-Based XSS and Making it Useful Daniel Thatcher - XSS - 09/16/2020
How I Accidentally Got My First Bounty From Facebook Bishal Shrestha (@bishal0x01) Meta / Facebook Logic flaw - 09/15/2020
Firefox for Android: LAN Based Intent Triggering initstring (@init_string) Mozilla Insecure intents - 09/15/2020
Account takeover by OTP bypass Bhavarth Kandoria - OTP bypass - 09/13/2020
Business logic vulnerabilities — Low-level logic flaw Harry D - Logic flaw - 09/13/2020
SQL Injection & Remote Code Execution - Double P1 Shrey Shah (@ShreySh43332033) - SQL injection, RCE N/A (VDP) 09/13/2020
How I hacked redbus [An online bus-ticketing application] Sangeetha Rajesh S (@rajesh_sangi12) redBus LFI, SSRF - 09/12/2020
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM Orange Tsai (@orange_8361) Meta / Facebook RCE, JNDI Injection - 09/12/2020
Universal XSS in Android WebView (CVE-2020-6506) Alesandro Ortiz (@AlesandroOrtizR) Google, Microsoft, Twitter UXSS $15,560+ 09/10/2020
Unintended Behaviour of domain got me P4 Takester (@dhiraj_ramteke) - Logic flaw - 09/10/2020
How often do we overlook vulnerabilities? Baibhav Anand (@SpongeBhav) Hackerone Information disclosure - 09/09/2020
How often do we overlook vulnerabilities? Baibhav Anand (@SpongeBhav) HackerOne IDOR, Information disclosure - 09/09/2020
CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze Jason Geffner (@JasonGeffner) Backblaze RCE, Elevation of Privilege - 09/09/2020
XSS->Fix->Bypass: 10000$ bounty in Google Maps Zohar Shachar Google XSS $10,000 09/07/2020
From Android Static Analysis to RCE on Prod Aditya Dixit (@zombie007o) - RCE, Directory listing, Lack of authentication - 09/07/2020
My first bug in google and how i got CSRF token for victim account rather than bypass it ($1337)! Oday Alhalbe Google CSRF $1,337 09/07/2020
How response Manipulation got me a little, but sweet Bounty Tommaso De Ponti (@heytdep) - 2FA bypass - 09/07/2020
Never Give Up, The Story Behind a Dupe-To-Triaged Alan Brian (@soyelmago) - XSS, OAuth flaw, Account takeover - 09/06/2020
XSS that can pay your Bills :) Smile Hacker (@smile_hacker) - Reflected XSS €500 09/05/2020
How_i_was_able_to_pawned_website_via_escilating_webcache deception to rce mohit (@mohit29295572) - Web cache deception, SSRF, RCE - 09/05/2020 Alternative link
Account Takeover via IDOR Roma Ramazanoff (@r0hack) - IDOR, Account takeover $25,000 09/04/2020
My Story With XSS Soufiane Habti (@wld_basha) - XSS $0 (Duplicate) 09/15/2021
Cloud firewall management API SNAFU put 500k SonicWall customers at risk Vangelis Stykas (@evstykas) SonicWall IDOR N/A (VDP) 09/02/2020
Denial of Service in the protection service provided by Avast Security Premium. Silton Santos Avast DoS - 09/01/2020
Stop scratching the surface, and hack the dependencies Rotem Reiss (@rotem_reiss) - Stored XSS - 08/31/2020
Page shops with a hidden Product in “Featured product section” which could be controlled by attacker (Ex Editor). Rohit kumar (@rohitcoder) Meta / Facebook Logic flaw $0 (Informative) 08/31/2020
Unhiding the hidden I am Broot - Client-side enforcement of server-side security, Authorization flaw, CSRF $530 08/30/2020
The Importance of keeping up to date, or how I found an interesting bug thanks to a tweet Vuk Ivanovic - Stored XSS - 08/29/2020
Oversecured automatically discovers persistent code execution in the Google Play Core Library Oversecured Google Arbitrary code execution in Android app - 08/28/2020
My Hacking Adventures With Safari Reader Mode Nikhil Mittal (@c0d3G33k) Apple CSP bypass, SOP bypass - 08/27/2020
Accessing the website directly through its IP address, a case of a poorly hidden sql injection Vuk Ivanovic - SQL injection - 08/27/2020
Delete IDOR on a Fashion eCommerce Website Amey Anekar (@ameyanekar) - IDOR - 08/26/2020
Auth bypass: Leaking Google Cloud service accounts and projects Ezequiel Pereira (@epereiralopez) Google Authentication bypass - 08/26/2020
Bug Bounty Failsx101[4] ArcherL (@realArcherL) - 2FA bypass $0 (Informative) 08/26/2020
Waze: How I Tracked Your Mother Peter Gasper (@malgregator) Google (Waze) Logic flaw, Information disclosure $1,337 08/25/2020
Stealing local files using Safari Web Share API Pawel Wylecial (@h0wlu) Apple Browser bug $0 08/24/2020
Account Takeover For The Win 🏆 Ricardo Iramar dos Santos (@ricardo_iramar) - Account takeover, Authentication flaw, Password reset flaw $2,225 08/24/2020
$$ Bounties for Unauthenticated file read in Cisco ASA CVE-2020–3452 Supun Halangoda (@halangoda_supun) - LFI - 08/23/2020
How I was able to find easy P1 just by doing Recon Kirtan Patel (@kirtanpatel9111) - LFI - 08/22/2020
The Short tale of two bugs on Google Cloud Product— Google VRP [Resolved] Sriram Kesavan (@sriramoffcl) Google IDOR, Privilege of escalation - 08/22/2020
Upload to the future Vuk Ivanovic - IDOR - 08/22/2020
How I Found My First Bug Stored Xss and Earned My First Bounty 1000$ Nazmul Haque (@0xnazmul) Badoo Stored XSS $1,000 08/21/2020
( Blind Stored XSS Via Staff Name \(\) Rio Mulyadi (@riomulyadi_) Shopify Stored XSS $0 (OOS) 08/19/2020
The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer Allison Husain (@ezhes_) Google Email spoofing $0 (OOS) 08/19/2020
A perfect duplicate or how to send an email with a spoofed invoice’s content Mateusz Olejarka (@molejarka) - Email spoofing, Open mail relay, Lack of authentication $0 (Duplicate) 08/19/2020
Django debug mode to RCE in Microsoft acquisition Syed Abuthahir (@writerabu) Microsoft Information disclosure, RCE - 08/19/2020
Escalating a GitHub leak to takeover entire organization Shashank (@cyberboyIndia) - Information disclosure $4,000 08/18/2020
Fun with header and forget password, with a twist: Vuk Ivanovic - Password reset flaw, Host header injection - 08/18/2020
How to contact Google SRE: Dropping a shell in cloud SQL [email protected] (@wtm_offensi) & Ezequiel Pereira (@epereiralopez) Google SQL injection, Privilege escalation, Parameter injection, RCE - 08/18/2020
How could I Tag Photo to any user’s Scrapbook on Facebook Raja Sudhakar (@Rajasudhakar) Meta / Facebook Authorization flaw - 08/18/2020
From SQL Injection to Hall Of Fame Jadek Mark (@mase289) - SQL injection N/A (VDP) 08/18/2020
Windows AppX Deployment Service Local Privilege Escalation (CVE-2020-1488 ACTIVELabs Microsoft Local privilege escalation - 08/18/2020
Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties Abss (@absshax) Google, [Undisclosed programs] Hardcoded API keys, Information disclosure $30,000+ 08/17/2020
Account Takeover Using Re-Register [ Bug Bounty ] Myo Min Thu (@myominthu1337) - Account takeover $2,048 08/17/2020
Stealing your data using XSS Viren Pawar (@VirenPawar_) - XSS - 08/17/2020
Witnet Network Bug Bounty: DOS Bug from Harsh Jain Harsh Jain Witnet DoS - 08/17/2020
InfluxDB Access at Myo Min Thu (@myominthu1337) 8x8 Lack of authentication - 08/16/2020
How I got 450$ just in one Google search (SQLi + RXSS)? Zhenwar Hawlery - XSS, SQL injection $450 08/16/2020
Disclosing wifi password via content provider injection in Xiaomi Vishwaraj Bhattrai (@vishwaraj101) Xiaomi Content provider injection, Vulnerable Android content provider - 08/16/2020
How I was able to send Authentic Emails as others — Google VRP [Resolved] Sriram Kesavan (@sriramoffcl) Google Logic flaw, HTML injection, Email spoofing, Open mail relay - 08/15/2020
How recon helped me to find an interesting bug… Vedant Tekale (@_justYnot) - Open redirect N/A (VDP) 08/15/2020
Open Sesame: Escalating Open Redirect to RCE with Electron Code Review Eugene Lim (@spaceraccoonsec) - Open redirect, RCE - 08/14/2020
Crowdsource Success Story: From an Out-of-Scope Open Redirect to CVE-2020-1323 Ozgur Alp (@ozgur_bbh) Microsoft Open redirect - 08/14/2020
Deleted data stored permanently on Instagram? Facebook Bug Bounty 2020 Saugat Pokharel (@saugatpk5) Meta / Facebook Logic flaw, Privacy issue $6,000 08/14/2020
Improper Implementation of My Status video time limit in WhatsApp Vishal Ranjan Meta / Facebook Logic flaw, Privacy issue $0 08/14/2020
False2True, Match and Replace bug hunting — A cautionary tale Vuk Ivanovic - Privilege escalation - 08/14/2020
From Copy&Paste XSS To Full Account Takeover! be1807v (@BE1807V) - CSRF, Account takeover, XSS - 08/13/2020
Leaking AWS Metadata - The Unusual Way Shubham Garg (@nullb0t) - Information disclosure, RCE - 08/13/2020
Journey to my First Bug Hunt\(\) Bala Praneeth (@Begin_hunt) - CSRF $900 08/13/2020
Blind OS Command Injection Ashik B - Command injection - 08/12/2020
Cache poisoning of wget Vuk Ivanovic - Web cache poisoning $0 08/12/2020
Cracking the 2FA Rushikesh Gaikwad (@rsg_1212) - 2FA bypass - 08/12/2020
How I made $2000 with URL REDIRECTION? Simran Singh - Open redirect, SQL injection $2,000 08/12/2020
CVE-2020-1337 – PrintDemon is dead, long live PrintDemon! Paolo Stagno (@Void_Sec) Microsoft Local privilege escalation - 08/11/2020
How I was able to find page/personal account disclosure on Instagram Ajay Gautam (@evilboyajay) Meta / Facebook Information disclosure $2,000 08/11/2020
Group Admin Can’t Able to Moderate Comments When Posted Through Page : Facebook Bug Bounty 2020 Prakash Panta (@Prakashpanta268) Meta / Facebook Logic flaw - 08/11/2020
CVE-2020-11518: how I bruteforced my way into your Active Directory Pieter Hiele (@honoki) - RCE, Insecure deserialization, Arbitrary file upload, Bruteforce - 08/10/2020
CSP Bypass Vulnerability in Google Chrome Discovered - Almost Every Website In The World Was At Risk Gal Weizman (@WeizmanGal) Google CSP bypass $3,000 08/10/2020
My 2nd 4digit Bug Bounty From Facebook Sudip Shah Meta / Facebook Logic flaw, Information disclosure - 08/10/2020
Bypassing 403 Michael Hyndman (@michaelhyndman) - Authentication bypass - 08/09/2020
Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom Mazin Ahmed (@mazen160) Zoom Information disclosure, RCE, Memory leak $0 08/08/2020
Bypassing Google Maps API Key Restrictions Aditya Dixit (@zombie007o) Google Logic flaw $0 08/08/2020
Bug Hunting with Param Miner: Cache poisoning with XSS, a peculiar case Vuk Ivanovic - XSS, Web cache poisoning - 08/08/2020
Reflected XSS in Facebook’s mirror websites Sudhanshu Rajbhar (@sudhanshur705) Meta / Facebook Reflected XSS $500 08/08/2020
The feature works as intended, but what’s in the source? Zseano (@zseano) - Information disclosure - 08/08/2020
How Our Co-Founder Earned $10.6K in just 10 Hours Tensecure Systems - Information disclosure $10,600 08/07/2020
Exploiting JWT - Lack of Signature Verification Aditya Dixit (@zombie007o) - Account takeover - 08/07/2020
Smear phishing: a new Android vulnerability Jim Fisher (@MrJamesFisher) Google Smear phishing $0 08/06/2020
Reflected XSS at Jonathan Bouman (@JonathanBouman) Hema Reflected XSS, Open redirect - 08/06/2020
Blind SQL Injection at Jonathan Bouman (@JonathanBouman) Hema SQL injection - 08/06/2020
Stored XSS on Slack, Bug Bounty Tommysuriel Slack Stored XSS $4,875 08/06/2020
Apache Example Servlet leads to \(\) Debangshu Kundu (@debangshu_kundu) - Clickjacking - 08/06/2020
CSRF PoC mistake that broke crucial functions for the end user/victim Vuk Ivanovic - Logic flaw - 08/05/2020
I want all these features Mohamed Ayad - Logic flaw, Payment tampering - 08/05/2020
How I was able to do Mass Account Takeover[Bug Bounty] Not Rickyy (@RickyyNot) - Password reset flaw - 08/05/2020
Vulnerability in new TouchID feature put iCloud accounts at risk of being breached Thijs Alkemade (@xnyhps) Apple OAuth flaw, Account takeover - 08/03/2020
Rare Race Condition — P3 Mohammed Ehssan (@alone_Wwolf) - Race condition $0 (Duplicate) 08/03/2020
Account takeover in kminthein / weev3 (@kyawminthein99) Logic flaw, Password reset flaw, Account takeover $1,500 08/03/2020
Banning users Race condition Saddam Hussain (@wisdomfreak1) - Race condition - 08/02/2020
Multi-factor Auth Bypass with Password Reset Function Vaibhav Joshi (@vj0shii) - 2FA bypass, Password reset flaw, Account takeover - 08/02/2020
Refocusing in bug hunting, Bonus: An interestingly simple to test CSRF bypass Vuk Ivanovic - CSRF - 08/01/2020
CVE-2020-13379 Unauthenticated Full-Read SSRF in Grafana Justin Gardner (@Rhynorater) - SSRF, Open redirect - 08/01/2020
CVE-2020–9854: “Unauthd” - (three) logic bugs ftw! Ilias Morad (@A2nkF_) Apple Local Privilege Escalation, Logic flaw - 08/01/2020
Unauthd - Logic bugs FTW Ilias Morad (@A2nkF_) Apple Logic flaws - 07/31/2020
Bypassing OTP via reset password Ahmed Cj (@0x0Cj) - OTP bypass - 07/30/2020
Using XAMPP and Burp Intruder when scanning for subdomains to look for interesting behaviour & code Zseano (@zseano) - Information disclosure - 07/30/2020
New features means new bugs Zseano (@zseano) - Logic flaw, Authorization flaw, Payment bypass - 07/30/2020
Weird Behavior of Facebook Page FAQ Leading to Bounty from Facebook Ashok Chapagai (@ashokcpg) Meta / Facebook Logic flaw - 07/30/2020
Exploiting Business Logic — Wallet Money Keshav Malik (@g0t_rOoT_) - Payment tampering, Logic flaw - 07/30/2020
One Click to Compromise – Fun With ClickOnce Deployment Manifests Dave Cossa (@G0ldenGunSec) Microsoft NTLMv2 hash disclosure, One-click execution of arbitrary .Net assemblies $0 07/30/2020
Zoom Security Exploit – Cracking private meeting passwords Tom Anthony (@TomAnthonySEO) Zoom CSRF, Lack of rate limiting $0 07/29/2020
THE NOOB WAY OF TAKING OVER ACCOUNTS Mudassir Sharief - Authorization flaw, Account takeover, Homograph attack $955 07/29/2020
Stealing your Paytm information using XSS Viren Pawar (@VirenPawar_) Paymt XSS INR 94,700 (~ $1,261) 07/29/2020
XSS, RCE & HTML File Upload in same endpoint Tarikul Islam (@sa1tama0) - XSS, RCE, Unrestricted file upload $1,200 07/29/2020
FFUF and my first bounty Suryansh Mansharamani - Information disclosure $300 07/29/2020
Authorization bypass in Google’s ticketing system (Google-GUTS) Zohar Shachar Google Authorization flaw $1,337 07/28/2020
Company’s zendesk subdomain lead to hidden access. himanshu pdy (@himanshu_pdy) - Exposed registration page $0 (OOS) 07/28/2020
Authentication_token_bypass Leads Too_idor mohit (@mohit29295572) - Authentication bypass - 07/28/2020
Pre-Access to Victim’s Account via Facebook Signup Akshansh Jaiswal (@Akshanshjaiswl) - OAuth flaw, Account takeover $500 07/28/2020
Bug HTML Injection On Tokopedia ! jowi Tokopedia HTML injection - 07/28/2020
CSRF + Open Redirect To Account Takeover R29k (@R29k_) - CSRF, Open redirect, Account takeover - 07/28/2020
CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data Matt Shockley(@mattshockl) Apple MacOS privilege escalation, Authorization flaw - 07/27/2020
Exploiting popular macOS apps with a single “.terminal” file. Vladimir Metnew (@vladimir_metnew) The Internet, Slack, Keybase, Telegram File Quarantine bypass $750 07/27/2020
An unreproducable bug due to the load balancer, an unusual Open Redirect bug tololovejoi (@tolo7010) - Open redirect - 07/27/2020
How I bypassed 2fa in a 3 years old private program! Shivangx01b (@shivangx01b) - 2FA bypass, Bruteforce, Lack of rate limiting - 07/26/2020
Obtained a bunch of sensitive data in just few steps — Hacking Airlangga Visnhu Murthi - AWS misconfiguration, Information disclosure $550 07/26/2020
A Simple IDOR which should not be missed on dating site ;) neelam - IDOR, Information disclosure - 07/26/2020
DNS Rebinding, The treacherous attack it can be Vuk Ivanovic - DNS Rebinding $0 (OOS) 07/25/2020
A $5000 Account Takeover neelam - Account takeover, Password reset flaw $5,000 07/25/2020
Hunting Android Application Bugs Using Android Studio. Tarek Mohammed (@Conan0x3) - Authorization flaw, Client-side enforcement of server-side security, Information disclosure $3,000 07/24/2020
HTTP Parameter Pollution - It’s Contaminated Shrey Shah (@ShreySh43332033) - HTTP Parameter Pollution - 07/24/2020
Disclose content of internal Facebook javascript modules ( Revisited ) Samm0uda (@samm0uda) Meta / Facebook Information disclosure, Authorization flaw - 07/23/2020
Hack Till Your Last Breath mechboy / m.u.h.e (@Muhe76355002) - IDOR $200 07/21/2020
Increasing reward points N number of time Saddam Hussain (@wisdomfreak1) - Logic flaw - 07/21/2020
Denial of Service(DoS) By Regex Ashik B - DoS - 07/20/2020
The $1,000 worth cookie Jadek Mark (@mase289) XSS $1,000 07/19/2020
DOS over wep application Mohamed Ayad - DoS - 07/19/2020
Chaining rate limiting for account lockout Sandip Oli - Lack of rate limiting - 07/19/2020
bypass user-restriction registration Mohamed Ayad - Logic flaw, Payment tampering - 07/18/2020
How I landed on my first bounty : No SPF / DMARC Record Found leading to Social Engineering Attack Fardeen Ahmed Lululemon No valid SPF records, No DMARC records $250 07/18/2020
Unique Case for Price Manipulation | BugBounty | VAPT Harshit Sengar (@sengarharshit1) - Payment tampering - 07/18/2020
Creative Android pin bypass with Race conditon Baluz (@t3chman) - Race conditon, Authentication bypass - 07/18/2020
Android pin bypass with rate limiting Baluz (@t3chman) - Lack of rate limiting, Authentication bypass - 07/18/2020
Idor in google product Baluz (@t3chman) Google IDOR $5,000 07/17/2020
How I lost my followers on Medium Florian (@fh4ntke) Medium GraphQL bug, Authorization flaw - 07/17/2020
The Story of My first 4 digit bounty from Facebook Sudip Shah Meta / Facebook Logic flaw, Information disclosure - 07/17/2020
I am able to see user’s sensitive data through JSON file. Saurabh siddharam sanmane (@saurabhsanmane2) - Information disclosure, Authorization flaw $150 07/17/2020
The 3 Day Account Takeover Mr. Beast (@mr_beast) - Logic flaw, Password reset flaw, Account takeover, Bruteforce, Lack of rate limiting - 07/17/2020
Admin ,Editor can disclose personnel email of other editor, admin on page(who created shop) abdellah yaala (@yaalaab) Meta / Facebook Information disclosure $1,000 07/16/2020
Exploiting Imported Libraries to Bypass WAF Greg Gibson - Reflected XSS - 07/14/2020
SSRF in import file function Rafael Silva - SSRF - 07/14/2020
How An API Misconfiguration Can Lead To Your Internal Company Data Me9187 (@Me9187) - Information disclosure - 07/12/2020
Self stored xss to full account takeover Jatin Aesthetic (@techyfreakk) - XSS, Account takeover - 07/12/2020
Bug Bounty Experience: Unvalidated Redirection Vulnerability Simply Secure - Open redirect - 07/12/2020
How I was able to change victim’s password using IDN Homograph Attack Abhishek Karle (@AbhishekKarle3) - IDN homograph attack $600 07/11/2020
A tale of critical account take over Shivam Pandey (@shivam31200) - Account takeover, Exposed JWT generation endpoint - 07/10/2020
Phone number validation bypass through url path manipulation . ben aymen (@ben_aymen_182) - OTP bypass $0 (Duplicate) 07/10/2020
Don’t stop at one bug \(\) Dheeraj Madhukar (@Dheerajmadhukar) - Open redirect, XSS, LFI - 07/10/2020
See whether a Hackercup Facebook participant allows recruitment contact Philippe Harewood (@phwd) Meta / Facebook Information disclosure, Logic flaw - 07/09/2020
Remote Denial-of-Service with Chrome Dan Lyton Google DoS $0 (OOS) 07/09/2020
Exploiting Application Logic to Referral Code Disclosure Vaibhav Joshi (@vj0shii) - Logic flaw, Information disclosure - 07/09/2020
Global grant uri in Android 8.0-9.0 (2018 year) Dzmitry Lukyanenka (@vulnano) Google Authorization flaw $0 (Duplicate) 07/09/2020
From N/A to Resolved For BackBlaze Android App[Hackerone Platform] Bucket Takeover Sahil Tikoo (@viperbluff) BackBlaze Hardcoded credentials, Information disclosure - 07/09/2020
Journey from low to critical bug $$$ Dheeraj Madhukar (@Dheerajmadhukar) - IDOR - 07/09/2020
How I found 10 Remote Code Execution in 10 minutes CVE-2020–5902 Saransh Srivastav (@malfuncti0n_) - RCE - 07/07/2020
XSS in Signup Flow Eduardo Vela (@sirdarckcat) Zoom XSS - 07/07/2020
Free blockchain storage – Tale of a bug in Substrate’s FRAME runtime Mudit Gupta (@Mudit__Gupta) Parity Technologies Blockchain bug $250 07/07/2020
From . in regex to SSRF — part 3 Niemiec Marcin (@xvnpw) - SSRF, CRLF $400 07/07/2020
How i was able to bypass Email Confirm — P4 Mohammed Ehssan (@alone_Wwolf) - Information disclosure - 07/06/2020
Issue 1040755: Security: Another “universal” XSS via copy&paste Michał Bentkowski (@SecurityMB) Google Universal XSS, Browser bug $2,000 07/06/2020
Make Featured Product in any video abdellah yaala (@yaalaab) Meta / Facebook IDOR - 07/05/2020
My First Bug: Blind SSRF Through Profile Picture Upload swaysthinking (@swaysThinking) - SSRF - 07/05/2020
RCE via image upload functionality Adwaith KS - Unrestricted file upload, RCE - 07/05/2020
Case Study I - Browser Anomaly with Facebook Apps -1500$ easySIEM (@easySIEM) Meta / Facebook Authorization flaw $1,500 07/05/2020
Taking Over Files in a chat —IDOR in Microsoft Teams Aly Anwar (@alyanwarr) Microsoft IDOR $0 (N/A) 07/05/2020
From Host Header injection to SQL injection Daoud Youssef / smacker dodi (@daoud_youssef) - Host header injection, SQL injection - 07/05/2020
Why I paid 3.5K to become a TLD registrar reseller when doing bug bounty hg_real (@hgreal1) - XXE $7,500 07/05/2020
BBC Bug Bounty Write-up | XSS Vulnerability Pethuraj (@Pethuraj) BBC Reflected XSS N/A (VDP) 07/05/2020
How I got hall of fame in Microsoft Akash basnet (@noneofyou007) Microsoft XSS - 07/04/2020
EN | Account Takeover and Sensitive Data Leakage via CORS Misconfiguration Lütfü Mert Ceylan (@lutfumertceylan) - CORS misconfiguration, CSRF, Account takeover - 07/04/2020
CSRF Attack!!! Bala Praneeth (@Begin_hunt) - CSRF $500 07/04/2020
Bug bounty write-up: From SSRF to $4000 & Video thehackerish (@thehackerish) - SSRF, RCE $4,000 07/03/2020
[Writeup][Bug Bounty][Tokopedia] Manipulate Other User’s Cart and Wishlist on Tokopedia [EN] Muhammad Thomas Fadhila Yahya (@fadhilthomas) Tokopedia IDOR $135 07/03/2020
Breaking Business Logic via Coupons — The Story of my 1st Valid Bug Bounty Dominic Ifediri (@Edi4all) - Payment tampering, Logic flaw - 07/03/2020
How i got 200$ with an out of the box open redirect vulnerability Tarek Galleze - Open redirect, Token theft $200 07/03/2020
Price Tampering due to Improper checks on applying Coupon Vaibhav Joshi (@vj0shii) - Payment tampering, Logic flaw - 07/03/2020
Admin disclosure of Facebook verified pages/ Disclose Facebook employee assigned to help a verified page. Samm0uda (@samm0uda) Meta / Facebook Information disclosure $5,500 07/02/2020
Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear Text Yasho (@YShahinzadeh) Cafebazaar SSRF $2,500 07/02/2020
How I made $1500 dollars using base64 decoder :) Dilip (@dilip_spartn) - Information disclosure $1,500 07/02/2020
Misconfigured S3 Bucket Access Controls to Critical Vulnerability Harsh Bothra (@harshbothra_) - AWS misconfiguration - 07/02/2020
Blast from the past: Cross Site Scripting on the AWS Console Johann Rehberger (wunderwuzzi23) Amazon DOM XSS - 07/01/2020
Art of bug bounty: a way from JS file analysis to XSS Jakub Żoczek (@zoczus) Verizon Media, Tumblr XSS $1,000 07/01/2020
ZombieVPN, Breaking That Internet Security 0xSha (@0xsha) Bitdefender, AnchorFree RCE, Deserialization - 07/01/2020
Stored XSS with Password Recovery Page Lütfü Mert Ceylan (@lutfumertceylan) - Stored XSS - 07/01/2020
Vulnerability in Electron-based Application: Unintentionally Giving Malicious Code Room to Run CertiK (@certik_io) Symbol XSS, RCE - 07/01/2020
Story of stealing mail conversation, contacts in and myMail iOS applications via XSS kminthein / weev3 (@kyawminthein99) Stored XSS $1,000 06/30/2020
Using Inspect Element to Bypass Security restrictions | Bug Bounty POC Muhammad Khizer Javed (@khizer_javed47) - Client-side enforcement of server-side security - 06/30/2020
Patched Zoom Exploit: Altering Camera Settings via Remote SQL Injection Keegan Ryan (@inf_0_) Zoom SQL injection $2,000 06/29/2020
API Endpoint leads to Account Takeover In Android Application Adesh Nandkishor kolte (@AdeshKolte) - Exposed token generation endpoint, Information disclosure - 06/28/2020
Taking over Azure DevOps Accounts with 1 Click Sean Yeoh (@seanyeoh) Microsoft Subdomain takeover, Account takeover $3,000 06/28/2020
How I hacked a bank their application using it for hacking another bank company — 10K XSS hg_real (@hgreal1) - XSS $10,000 06/28/2020
How I was able to take over any account via the Password Reset Functionality. Firas Fatnassi (@Fatnass1F1ras) - Password reset flaw, Account takeover - 06/28/2020
An attempt to escalate a low-impact hidden input XSS Ayush Ojha (@officialaimm) - XSS - 06/28/2020
How I Bypassed open redirect and i have get reward from yandex Mino Metidji (@minometidjii) Yandex Open redirect $100 06/27/2020
How i hacked worldwide ZOOM users s3c (@s3c_krd) Zoom OAuth flaw, Account takeover - 06/27/2020
Create hidden comment by blocking an Admin: Facebook Bug Bounty 2020 Saugat Pokharel (@saugatpk5) Meta / Facebook Logic flaw - 06/25/2020
Bug Bounty in Lockdown (SQLi and Business Logic) Abhishek Yadav (@abhishake100) - SQL injection, Logic flaw - 06/24/2020
All About Getting First Bounty with IDOR Mukul Trivedi (@M0hn1sh) - IDOR - 06/23/2020
Exploiting Bitdefender Antivirus: RCE from any website Wladimir Palant (@WPalant) Bitdefender RCE, Information disclosure $0 (Declined by bug hunter) 06/22/2020
A tale of my first ever full SSRF bug Jadek Mark (@mase289) - SSRF $1,000 06/22/2020
Leveraging an SSRF to leak a secret API key Julien Cretel (@jub0bs) - SSRF $1,000 06/22/2020
API Token Hijacking Through Clickjacking DarkLotus (@darklotuskdb) - Clickjacking - 06/22/2020
How i was able to chain bugs and gain access to internal okta instance Mmohammed Eldeeb (@malcolmx0x) - Lack of authentication - 06/22/2020
It took me only 5 minutes to find an RCE on Bentley Divyansh Sharma Bentley RCE, Weak credentials $300 06/21/2020
Simple story of some complicated XSS on Facebook Bipin Jitiya (@win3zz) Meta / Facebook Reflected XSS - 06/21/2020
Bypass 2FA like a Boss Seqrity (@seQrity) - Lack of rate limiting, Bruteforce $0 (Duplicate) 06/20/2020
How did i find information Disclosure on Facebook-Writeup Alaa Abdulridha (@Madrid89001310) Meta / Facebook Information disclosure $1,500 06/20/2020
Hacking Starbucks and Accessing Nearly 100 Million Customer Records Sam Curry (@samwcyo) Starbucks Path traversal $4,000 06/20/2020
From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration YoKo Kho (@YokoAcc) - Information disclosure, MFA bypass $500 06/19/2020
One Token to leak them all : The story of a $8000 NPM_TOKEN Aseem Shrey (@AseemShrey) Google Information disclosure $8,000 06/19/2020
Replying on LiveStream leading to Page Admin Disclosure: Facebook Bug Bounty Saugat Pokharel (@saugatpk5) Meta / Facebook Information disclosure - 06/18/2020
Hackerone Bug Bounty Report: Hinge Tyle Butler (@tbutler0x90) Hinge Information disclosure $250 06/18/2020
A subtle stored-XSS in WordPress core Sam Thomas (@_s_n_t) Wordpress Stored XSS, RCE - 06/17/2020
Bug bounty bout report 0x01 - WebRTC edition Enable Security (@enablesecurity) - Outdated component with a known vulnerability, DoS, RCE, Default credentials, SSRF - 06/16/2020
How I made more than $30K with Jolokia CVEs Patrik Fehrenbach (@ITSecurityguard) - Reflected XSS, RCE, Information disclosure $33,500 06/16/2020
How I managed to Escalate privilege as admin Abisheik Magesh (@AbisheikMagesh) - Lack of rate limiting, Bruteforce, Weak credentials - 06/16/2020
How I was able to buy t-shirt for €1 — Payment Price Manipulation Muztahidul Tanim (@TheMuztahidul) - Payment tampering $2,000 06/16/2020
All * subdomains vulnerable to Subdomain Takeover from intercom Service Mohamed Haron (@m7mdharon) Intercom Subdomain takeover $0 (N/A) 06/16/2020
Tail of IDOR Saddam Hussain (@wisdomfreak1) - IDOR $300 06/16/2020
SMTP Injection in Gsuite Zohar Shachar Google SMTP injection $3,133.7 06/15/2020
Reflected User Input == XSS! Silent Bronco (@silentbronco) - Reflected XSS $50 06/15/2020
Business logic flaw in the invitation system allows to Takeover any account at a private company Daniel V. (@d4niel_v) - Account takeover, IDOR - 06/15/2020
Another “Fappening” on the Horizon? Sociosploit Apple Account takeover, Phishing - 06/15/2020
How to Secure AWS ServerLess Lambda from ReDoS(Regular Expression Denial-of-Service) & Resultant Financial Impact Ddigvijay (@itsdig) - ReDoS - 06/14/2020
Privilege escalation in Partners Portal to Admin access Samm0uda (@samm0uda) Meta / Facebook Privilege escalation - 06/14/2020
Disclose internal files related to testing of some Facebook tools Samm0uda (@samm0uda) Meta / Facebook Information disclosure - 06/14/2020
Disclose the Instagram account linked to a Facebook user account or page Samm0uda (@samm0uda) Meta / Facebook Information disclosure - 06/14/2020
Internal directories enumeration in www Samm0uda (@samm0uda) Meta / Facebook Information disclosure, Internal directories enumeration - 06/14/2020
RACE Condition vulnerability found in bug-bounty program Pravinrp - Race condition - 06/13/2020
Account Takeover via OTP Bruteforce (Apigee API) Vishnuraj - OTP bypass, Bruteforce, Lack of rate limiting - 06/13/2020
DoS and BugBounties :A series of DoS attacks on HackerOne Ninad Mishra (@iamr000t) - DoS $500 06/12/2020
Let’s Bypass CSRF Protection & Password Confirmation to Takeover Victim Accounts :D Harsh Bothra (@harshbothra_) - CSRF - 06/12/2020
Race Conditions - Exploring the Possibilities Milind Purswani (@MilindPurswani) Reddit, [Private programs] Race condition - 06/11/2020
HUNT for SQL Injection- The Smart Way! Mudassir Sharief - SQL injection - 06/11/2020
The Frustrating XSS Mr. Beast (@mr_beast) - XSS - 06/11/2020
Guest Blog: From File Upload to RCE Lukasz Wierzbicki (@v13rs8a) - Unrestricted file upload, RCE - 06/10/2020
Privilege Escalation by Changing HTTP Response (Admin Access) Bachrudin Ashari Pujakusuma (@Bachrudinashari) - Privilege Escalation IDR 8.000.000 (~ $563) 06/10/2020
Utilizing Lockdown: Blind Sqli leads to Account Takeover & Data Extraction Shakti Mohanty (@3ncryptSaan) - Blind SQL injection, Account takeover $1,400 06/10/2020
The “P5” Link Injection Story Silent Bronco (@silentbronco) - Hyperlink injection - 06/10/2020
Abusing Microsoft Teams rate limiting for DDoS Omayr Zanata (@omayrzanata) Microsoft DoS $0 (Informative) 06/10/2020
Cmd Hijack - a command/argument confusion with path traversal in cmd.exe Julian Horoszkiewicz Microsoft OS Command injection, Path traversal $0 (Informative) 06/10/2020
The Accidental RCE Mr. Beast (@mr_beast) - Unrestricted file upload $4,800 06/09/2020
Local Privilege Escalation Discovered in VMware Fusion Rich Mirch (@0xm1rch) & Jeff Ball (@jeffball55) VMware Local Privilege Escalation - 06/09/2020
This is fine 🐶 Ricardo Iramar dos Santos (@ricardo_iramar) - Information disclosure $0 (Informative, Won’t fix) 06/08/2020
Different host header injection worth 2k Imran Nissar (@Imrannissar3) - Host header injection $2,000 06/07/2020
How i earned $500 from google by change one character . Oday Alhalbe Google CSRF $500 06/06/2020
XSS to Database Credential Leakage & Database Access — Story of total luck! Harsh Bothra (@harshbothra_) - Reflected XSS, Information disclosure - 06/06/2020
From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response YoKo Kho (@YokoAcc) - Privilege Escalation $1,000 06/06/2020
Multiple Information exposed due to misconfigured Service-now ITSM instances Th3G3nt3lman - Lack of authentication, Information disclosure $30,000 06/05/2020
Account takeover via postMessage socket (@yxw21) - Account takeover, postMessage bug $1,500 06/05/2020
Local file read via XSS using PDF generate functionality Sanjay Singh Jhala (@lordjerry0x01) - XSS, LFI - 06/05/2020
Story of Blind SQL with a typo error. Amyrahm (@Amyrahm11) - SQL injection - 06/05/2020
[IDOR] Delete saved credit cards from any Business Manager Account — Facebook Bug Bounty Rohit kumar (@rohitcoder) Meta / Facebook IDOR - 06/05/2020
Three Privilege Escalation Bugs in Google Cloud Platform’s OS Login initstring (@init_string) Google Local privilege Escalation - 06/04/2020
Another image removal vulnerability on Facebook Pouya Darabi (@Pouyadarabi) Meta / Facebook IDOR $10,000 06/04/2020
Privilege Escalation in Google Cloud Platform’s OS Login Chris Moberly (@init_string) Google Privilege escalation - 06/04/2020
How I got my first big bounty payout with Tesla CJ Fairhead (@xyantix) Tesla Information disclosure $5,000 06/04/2020
From CRLF to Account Takeover Valeriy Shevchenko (@Krevetk0Valeriy) - CRLF, HTTP response splitting, Reflected XSS, Account takeover - 06/03/2020
IP-in-IP protocol routes arbitrary traffic by default yannayl (@Yannayli) The Internet DoS, Spoofing $750 06/02/2020
The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers Michał Bentkowski (@securitymb) Google, Mozilla XSS $30,000 06/02/2020
Double URL-encoded XSS vict0ni (@vict0ni) - Reflected XSS - 06/02/2020
When it’s not only about a Kubernetes CVE… Reever Zax (@ReeverZax) & Hach (@_hach) Microsoft SSRF +$40,000 06/02/2020
Information disclosure and reflected XSS on Tokopedia wis4nggeni Tokopedia Reflected XSS, Information disclosure - 06/01/2020
How I leveraged an interesting CSRF vulnerability to turn self XSS into a persistent attack? Akash Methani (@0xAkash) - Self-XSS, CSRF - 06/01/2020
How I made $31500 by submitting a bug to Facebook Bipin Jitiya (@win3zz) Meta / Facebook SSRF $31,500 05/31/2020
h1{Error based XXE - bug bounty writeup} f4d3 (@f4d3_cl) - XXE - 05/31/2020
Hunting on ASPX Application For P1’s [Unauthenticated SOAP,RCE, Info Disclosure] ElMahdi Mrhassel (@ElMrhassel) - RCE, Information disclosure, IDOR - 05/31/2020
Weird “Subdomain Take Over” pattern of Amazon S3 Simgamsetti Manikanta (@zaheckmania) - Subdomain takeover - 05/31/2020
The story of My First $xxx Bug Bounty From Facebook Sudip Shah Meta / Facebook Logic flaw, Information disclosure - 05/31/2020
Cross-site scripting: The power of the hidden parameters. Kassih Mouhssine (@KassihMouhssine) Sony Reflected XSS - 05/30/2020
Zero-day in Sign in with Apple Bhavuk Jain (@bhavukjain1) Apple Account takeover $100,000 05/30/2020
Microsoft’s first bug Lê Hữu Quang Linh (@linhlhq) Microsoft File format vulnerability - 05/30/2020
Weak Cryptography Leads To Open Redirect DarkLotus (@darklotuskdb) - Open redirect - 05/30/2020
Analysis of CVE-2020-13693 Raphael Karger (@aptNum) Wordpress Privilege escalation - 05/29/2020
My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft Ben Sadeghipour (@nahamsec) & Serafina (Sera) Tonin Brocious (@daeken) Lyft SSRF - 05/29/2020
IDOR in session cookie leading to Mass Account Takeover Zonduhackerone (@zonduu1) - IDOR, Account takeover $2,000 05/29/2020
XSS Stored On Messages In [ Outlook Web — Outlook Android App ] ElMahdi Mrhassel (@ElMrhassel) Microsoft Stored XSS - 05/28/2020
Bypassing WAF to perform XSS Kleiton Kurti (@kleiton0x7e) - XSS - 05/28/2020
How I was able to see Private Video Uploader Via Facebook Rights Manager.[Responsible Disclosure] Kishore TK (@kishoretk_off) Meta / Facebook Information disclosure - 05/28/2020
A Long Overdue Write-up: How I got into the Oppo Hall of Fame Shibin B. Shaji (@shibinbshaji06) Oppo Login screen bypass, Authentication bypass 10,000 INR (~ $133) 05/28/2020
Clickjacking to Account Takeover Abhishek Yadav (@abhishake100) - Clickjacking - 05/28/2020
iOS Outlook Stored XSS Write-Up($3000) kminthein (@kyawminthein99) Microsoft XSS $3,000 05/28/2020
Stored XSS in Microsoft outlook kminthein (@kyawminthein99) Microsoft Stored XSS - 05/28/2020
Stored XSS in Yahoo mail IOS app($3500) kminthein (@kyawminthein99) Yahoo Stored XSS $3,500 05/28/2020
Android : SOP Bypass to steal system files. Rahul Kankrale (@RahulKankrale) - SOP bypass - 05/28/2020
Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client Niv Levy (@restr1ct3d) Uber XXE, Reflected XSS - 05/27/2020
No-Rate and Input limitations on password reset page chained into Denial Of Service attack on one of US Dept of Defense website. Gal Nagli (@naglinagli) U.S. Dept Of Defense Password reset flaw, DoS, Lack of rate limiting - 05/27/2020
Chaining an IDOR with a business-logic error to achieve critical impact Julien Cretel (@jub0bs) - IDOR, Logic flaw - 05/26/2020
How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber Andrey Abakumov (@andrewaeva) Uber HTTP request splitting, SSRF, CRLF, RCE - 05/25/2020
Story About OTP Bypass To Stored XSS PJ Borah (@PJBorah1) - OTP bypass, Stored XSS - 05/23/2020
Using P3 Bug to escalate other P4 to P3 Saddam Hussain (@wisdomfreak1) - Information disclosure - 05/22/2020
How Source code reading helped me find an IDOR Sanjay Verdu (@codersanjay) - IDOR, Information disclosure $0 (Swag) 05/22/2020
My First Bug Bounty — 2 Factor Authentication Bypass Talatmehmood - OTP bypass $100 05/22/2020
Parsing the DOM elements of Other pages via XSS: A Bug Bounty Story Mandeep Jadon (@1337tr0lls) - XSS, Information disclosure - 05/22/2020
RCE in Google Cloud Deployment Manager Ezequiel Pereira (@epereiralopez) Google SSRF, RCE $31,337.00 05/21/2020
Bypassing Message Request inbox Abdellah Yaala (@yaalaab) Meta / Facebook Authorization flaw, Logic flaw - 05/21/2020
Change any link at Philippe Harewood (@phwd) Meta / Facebook Authorization flaw, Logic flaw $1,000 05/20/2020
Become member of close & public group abdellah yaala Meta / Facebook Authorization flaw, Logic flaw $7,500 05/20/2020
Easy bounties with subdomain discovery - Using Project Sonar for bug bounty Torben Capiau (@TorbenCapiau) Bpost Broken access control, Authorization flaw $100 05/20/2020
How I got 200$ in 5 minutes – Sensitive data leak Sanjay Verdu (@codersanjay) - Information disclosure $200 05/19/2020
How I was Able To Bypass Email Verification Saddam Hussain (@wisdomfreak1) - Email verification bypass $0 (Duplicate) 05/19/2020
Teradici and CVE-2020-10965: An issue of routing. Benjamin Heald (@heald_ben) Teradici, [Private program] Lack of authentication $1,350 05/18/2020
FB & Messenger for iOS : Address Bar spoofing using data uri Rahul Kankrale (@RahulKankrale) Meta / Facebook Address Bar Spoofing, URL spoofing $3,000 05/18/2020
CVE-2020–1088 — Yet another arbitrary delete EoP Søren Fritzbøger (@fritzboger) Microsoft Windows privilege escalation - 05/18/2020
Multiple flaws leads to Account Takeover within an Application Harshit Sengar (@sengarharshit1) - Account takeover, Password reset flaw, Sign-up flaw - 05/18/2020
My first 10k bdt bounty from an e-commerce site Md Saikat - IDOR 10,000 BDT (~ $117) 05/18/2020
How Netgear meshed(*) up WiFi for Business Thorsten Schröder Netgear Weak crypto, Authentication flaw - 05/18/2020
Tale of Account Takeovers (Part-2) Vijaysimha Reddy Bathini (@fatratfatrat) - Account takeover - 05/17/2020
Stored XSS Leads to Plaintext Password Disclosure bad5ect0r (@bad5ect0r) - Stored XSS, Information disclosure, Unrestricted file upload - 05/17/2020
One Param => $10k Bilal Khan (@bilalmerokhel) - IDOR, XSS, Account takeover $10,000 05/17/2020
Account takeover CSRF Misconfiguration Saddam Hussain (@wisdomfreak1) - CSRF, Account takeover - 05/17/2020
Logical Bug which let me stop Users from Creating Ads at a Website Merbin Russel (e_23_e) - Logic flaw, DoS - 05/17/2020
Vulnerability – Account takeover using OAuth Misconfiguration Saddam Hussain (@wisdomfreak1) - OAuth misconfiguration, Account takeover, CSRF $300 05/16/2020
How I was able to make users loss of money on Google Pay santuySec (@santuySec) Google Clickjacking $0 (Duplicate) 05/16/2020
Chained Bugs [ Account TakeOver ] Bilal Khan (@bilalmerokhel) - IDOR, XSS, Account takeover $1,050 05/16/2020
Password Reset Poisoning leading to Account Takeover Swapnil Maurya (@swapmaurya20) - Password reset flaw, Account takeover - 05/16/2020
How I got my first swag on Edmodo with a simple XSS. Sanjay Verdu (@codersanjay) Edmodo Stored XSS $0 (Swag) 05/16/2020
Weak Cryptography in Password Reset to Full Account Takeover Harsh Bothra (@harshbothra_) - Account takeover, Password reset flaw, Cryptographic issues - 05/15/2020
Bug Bounty — Advanced Manual Penetration Testing Leading to Price Manipulation Vulnerability Talatmehmood - Payment tampering - 05/14/2020
$3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt Johann Rehberger (wunderwuzzi23) - Information disclosure $3,000 05/13/2020
Lucky Bug Which Let Me Change Name of Every Accounts at a Single Click Merbin Russel (e_23_e) - SQL injection - 05/13/2020
Change the profanity filter for any Facebook page Philippe Harewood (@phwd) Meta / Facebook Authorization flaw, Logic flaw $750 05/12/2020
Magic of the Back Slash Anil Tom (mr_4nk) - Path traversal $2,100 05/11/2020
Another Zoho ManageEngine Story frycos (@frycos) Zoho Authentication bypass - 05/11/2020
How I made $10K in bug bounties from GitHub secret leaks Tillson Galloway (tillson_) - Information disclosure $10,000 05/10/2020
Bypass XSS filter using HTML Escape Syahri Ramadan (@adonkidz7) Google XSS $4,133.70 05/08/2020
$20000 Facebook DOM XSS Vinoth Kumar (@vinodsparrow) Meta / Facebook DOM XSS $20,000 05/07/2020
I Found XSS Security Flaws in Rails – Here’s What Happened. Jesse Campos Ruby on Rails XSS $500 05/07/2020
DOM-Based XSS at by Google Voice Extension. missoum1307 (@missoum1307) Google DOM XSS $3,133.7 05/07/2020
How we Hijacked 26+ Subdomains Aishwarya Kendle (@aish_kendle) - Subdomain takeover - 05/07/2020
DOM XSS Walkthrough Youssef Lahouifi (@YLahouifi) - DOM XSS - 05/06/2020
Google Acquisition XSS (Apigee) TnMch (@TnMch_) Google XSS - 05/06/2020
A tale of verbose error message and a JWT token Marek Geleta (@marek_geleta) - Information disclosure, Authorization flaw - 05/05/2020
Stored XSS on Uranium238 (@uraniumhacker) Google (Waze) XSS - 05/05/2020
Multiple XSS Uranium238 (@uraniumhacker) Google Stored XSS - 05/05/2020
G Suite - Device Management XSS Uranium238 (@uraniumhacker) Google XSS - 05/05/2020
Cool paste jacking attack earned me $$$ Aman Rawat (@theamanrawat) - Paste jacking - 05/04/2020
DOM XSS in Gmail with a little help from Chrome Enguerran Gillier (@opnsec) Google DOM XSS $5,000 05/03/2020
#BugBounty — Adding Money Using Response Modification Line_no 6 - Payment tampering, Logic flaw - 05/03/2020
Private Dashboards were accessible by other Admins in Analytics Dashboard Rohit kumar (@rohitcoder) Meta / Facebook Authorization flaw - 05/02/2020
Reflected XSS on via Angular Js template injection Pratik Dabhi (@impratikdabhi) Microsoft CSTI, XSS - 05/02/2020
Blind SSRF on Kleiton Kurti (@kleiton0x7e) Coda SSRF $0 (OOS) 05/02/2020
Exposure of Facebook object type by knowing the object ID Samm0uda (@samm0uda) Meta / Facebook Information disclosure - 05/02/2020
Add draft subtitles to any Facebook video and Full Path Disclosure Samm0uda (@samm0uda) Meta / Facebook Information disclosure - 05/02/2020
Ok Google! bypass ‘flag_secure’ Pankaj Upadhyay (@_pupadhyay) Google Authorization flaw - 05/01/2020
The Story of Blind SSRF leads to internal Host discovery. kaustubh padwad (@s3curityb3ast) - SSRF $0 (OOS) 05/01/2020
Hacking Razer Pay Ewallet App Richard Tan (@sambal0x) Razer IDOR $6,000 04/30/2020
Researching Polymorphic Images for XSS on Google Scholar Lorenzo Stella (@lorenzostella) Google Stored XSS $9,401.1 04/30/2020
[Bug Bounty Writeups] Exploiting SQL Injection Vulnerability Ahmed ElTijani - SQL injection $2,000 04/30/2020
Account taken over in style !!! kishore hariram (@kishorehariram) - Logic flaw, CSRF, Account takeover - 04/30/2020
Stealing the Trello token by abusing a cross-iframe XSS on the Butler Plugin Florian Courtial (@theflofly) Trello XSS $3,600 04/29/2020
Indirect UXSS issue on a private Android target app Kunal pandey (@kunalp94) - UXSS $1,000 04/29/2020
Recon to Sensitive Information Disclosure in Minutes Harsh Bothra (@harshbothra_) - Information disclosure, Outdated component with a known vulnerability - 04/28/2020
Private giant chat app – Send message to victim while sender blocked Rahul Kankrale (@RahulKankrale) - Authorization flaw, Logic flaw - 04/28/2020
Piercing the Veal: Short Stories to Read with Friends d0nut DuckDuckGo, [Private programs] SSRF $4,800 04/27/2020
Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams Omer Tsarfati (@OmerTsarfati) Microsoft Account takeover, Subdomain takeover - 04/27/2020
Bitrix WAF bypass Roma Ramazanoff (@r0hack) Reflected XSS $300 04/27/2020
1-click RCE on Keybase smaury (@smaury92) Keybase RCE $0 (Duplicate) 04/27/2020
Fun With CORS Misconfiguration — II Aman Gupta (@gupt4j1) - CORS misconfiguration, XSS - 04/25/2020
XSS in Peerio 2 Windows Application (Write Up) Evan Ricafort (@evanricafort) Peerio XSS C$1,000 04/24/2020
Web Cache Poisoning in Postmates [$1500] Aung Pyae Ko Ko (@BlcKVRtuL1) Postmates Web cache poisoning $1,500 04/24/2020
From Recon to P1 (Critical) — An Easy Win Harsh Bothra (@harshbothra_) - Exposed registration page - 04/24/2020
Two Factor Authentication Bypass [ $50 ] Aung Pyae Ko Ko (@BlcKVRtuL1) - 2FA bypass $50 04/24/2020
Messenger Rooms Bug Bounty Write-up Jane Manchun Wong (@wongmjane) Meta / Facebook Privilege escalation, Authorization flaw - 04/24/2020
Hiding ourself in close friend’s list and avoiding victim to remove us from his close friend’s list. Baibhav Anand (@SpongeBhav) Meta / Facebook Authorization flaw, Logic flaw $500 04/23/2020
Misconfigured WordPress takeover to Remote Code Execution Smaran Chand (@smaranchand) - Wordpress takeover, RCE, Security misconfiguration - 04/22/2020
From P5 to P2, from nothing to 1000+$ Mohamed Daher (@DaherMohamed4) - Race condition, Self-XSS, Blind XSS > $1,000 04/22/2020
The Secret sauce of bug bounty Mohamed Slamat (@oxxy37) - CSTI, Stored XSS, CORS policy bypass - 04/22/2020
Exploiting a Race Condition Vulnerability Vivek Kumar Singh (@v7nc3nz) - Race condition - 04/22/2020
CORS bug on GOOGLE’s 404 page REWARDED!!! Jayateertha Guruprasad (@JayateerthaG) Google CORS misconfiguration - 04/21/2020
DOM based open redirect to the leak of a JWT token Adolphoramirez - Open redirect, DOM-based open redirect, OAuth token theft - 04/20/2020
Google Maps API (Not the Key) Bugs That I Found Over the Years Ozgur Alp (@ozgur_bbh) Google Logic flaws - 04/19/2020
Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts Sam Curry (@samwcyo) Rocket League HTTP cache poisoning, Open redirect N/A (VDP) 04/19/2020
How was i able to find privilege escalation. Akshar Tank (@Akshar__tank) - IDOR, Authorization flaw - 04/18/2020
Here is the Non Technical write-up on Technical Bug for My Second Bounty of $xxxx From Facebook Ashok Chapagai (@ashokcpg) Meta / Facebook Logic flaw, Privacy issue - 04/17/2020
Strange Redirect (Fixed but no bounty) Abhishek Yadav (@abhishake100) - Open redirect - 04/17/2020
OTP Verification Bypass Kanhaiya Kumar Singh - OTP bypass - 04/17/2020
[Writeup][Bug Bounty][Instagram] Instagram Still Send New DMs and Video Calls to Device After Logout [ID][EN] Muhammad Thomas Fadhila Yahya (@fadhilthomas) Facebook (Instagram) Session management flaw $750 04/16/2020
Tricky Oracle SQL Injection Situation yappare (@yappare) - SQL injection - 04/16/2020
Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices Tamir Zahavi-Brunner (@tamir_zb) Qualcomm, Samsung Memory corruption bug, Race condition - 04/15/2020
Netflix Party — XSS Vulnerabilities kr-b (@pirxcy) Netflix XSS - 04/14/2020
$55,000 Facebook token leak vs Funny Airline token leak. MasterSEC (@MasterSEC_AR) - XSS $0, 50,000 miles 04/14/2020
Business Logic Errors - A New Look Shrey Shah (@ShreySh43332033) - Logic flaw - 04/14/2020
Bounty Tip !! Easiest way to bypass API’s Rate Limit. Shaurya Sharma (@ShauryaSharma05) - Rate limiting bypass - 04/14/2020
Hacking a Telecommunication company(MTN) Afolic MTN Group OTP bruteforce - 04/13/2020
How i Unlocked the blocked accounts? Maria Zulfiqar - Password reset flaw, HTTP Parameter Pollution, IDOR - 04/11/2020
The story of a fuzzing integration reward Andrea Brancaleoni (@nJoyneer) Google Memory corruption bug $10,000 bounty 04/08/2020
Listing all registered email addresses on Google’s Crisis Map thanks to IDOR and incremental IDs Thomas Orlita (@ThomasOrlita) Google IDOR - 04/07/2020
Unrestricted CV File Upload vict0ni (@vict0ni) - Unrestricted file upload - 04/07/2020
Stored XSS in Google Nest Harikrishnan Chandraganesan (@hari_cybex) Google Stored XSS - 04/07/2020
$3K Bounty For Elastic-Search Takeover Ashish Kunwar (@D0rkerDevil) - Elastic-Search Takeover $3,000 04/06/2020
How we abused Slack’s TURN servers to gain access to internal services Sandro Gauci (@sandrogauci) Slack SSRF $3,500 04/06/2020
How a Simple CSRF Attack Turned into a P1 Level Bug Lady Secspeare (@bejuveria_) - CSRF, Account takeover - 04/05/2020
Page Admin Disclosure: Facebook Bug Bounty 2020 Saugat Pokharel (@saugatpk5) Meta / Facebook Information disclosure, Logic flaw - 04/04/2020
Cannot Delete Post on Facebook Group: Facebook Bug Bounty Saugat Pokharel (@saugatpk5) Meta / Facebook Logic flaw - 04/04/2020
Playing with JSON Web Tokens for Fun and Profit Muhammad Qasim Munir (@MeetAn0nym0us) - Password reset flaw, Email confirmation bypass - 04/04/2020
Touch ID Authentication Bypass on Evernote and Dropbox IOS Apps Sahil Tikoo (@viperbluff) Evernote, Dropbox Authentication bypass - 04/03/2020
iPhone Camera Hack Ryan Pickren Apple Zero-Click Unauthorized Access to Sensitive Data $75,000 04/02/2020
Hundreds of internal servicedesks exposed due to COVID-19 Inti De Ceukelaire (@securinti) - Security misconfiguration >$10,000 04/02/2020
Always escalate! From Self-XSS to Persistent XSS on Login Portal Phuriphat Boontanon (@zanezenzane) - Self-XSS, CSRF $650 04/02/2020
Account Take Over without user Interaction Ravilla Bharath - Password reset flaw, Information disclosure, Account takeover $0 (Duplicate) 04/02/2020
Privilege Escalation - Hello Admin Shrey Shah (@ShreySh43332033) - Privilege escalation - 04/02/2020
The story of my first ever, 1500$, bounty from Facebook. Ashok Chapagai (@ashokcpg) Meta / Facebook Logic flaw $1,500 04/01/2020
$3133.7 Google Bug Bounty Writeup- XSS Vulnerability! Pethuraj (@Pethuraj) Google Reflected XSS $3,133.7 04/01/2020
Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC Muhammad Khizer Javed / babayaga47 (@khizer_javed47) Microsoft RCE $0 03/31/2020
Akamai Web Application Firewall Bypass Journey: Exploiting “Google BigQuery” SQL Injection Vulnerability Duc Nguyen (@ducnt_) - SQL injection - 03/31/2020
Hacking makes me forget my pain Abida Fahd - SQL injection - 03/31/2020
Limited freemarker ssti to arbitrary liql query and manage lithium cms Mert (@mertistaken) & F. Celal Erdik (@celalerdik) - SSTI - 03/30/2020
Restriction is not a promise : Privilege escalation on Google. Hariharan.s (@DJHARIZ1) Google Privilege escalation, Authorization flaw $500 03/30/2020
CVE-2019-17004—Semi Universal XSS affecting Firefox for iOS cliqz (@cliqz) Mozilla, Brave Universal XSS - 03/30/2020
OTP Bruteforce- Account Takeover Ranjit Kumar - OTP bruteforce, Account takeover - 03/29/2020
Attacking HelpDesks Part 1: RCE Chain on DeskPro, with Bitdefender as a Case Study Abdulrahman Nour (@aboodnour) Bitdefender RCE $5,000 03/28/2020
Executing scripts in Safari Reader Mode to CSP Bypass Nikhil Mittal (@c0d3G33k) Apple XSS, CSP bypass - 03/28/2020
I Want that Cookie !!! Adnan Malik (@infoadnanmalik) - Logic flaw - 03/27/2020
Exploiting magic links, critical bugs are one line away 0xSha (@0xsha) Razer Information disclosure, Lack of authentication $0 (Duplicate) 03/27/2020
1st Bug Bounty Write-Up — Open Redirect Vulnerability on Login Page Phuriphat Boontanon (@zanezenzane) - Open redirect $250 03/27/2020
Getting lucky in bug bounty — shamelessly profiting off of other’s work Jeppe Bonde Weikop - Authentication bypass, Lack of rate limiting, Credentials sent over unencrypted channel $3,200 03/26/2020
Account Takeover Flow In ‘s Ext.A Domain [ $150 ] Myo Min Thu (@myominthu1337) - Logic flaw, Account takeover $150 03/26/2020
Exploitation of the CVE-2018-15961 – Unrestricted File Upload in Adobe ColdFusion Supras (@LdrTom) - Unrestricted file upload - 03/26/2020
Stealing Videos From VLC Dhiraj (@RandomDhiraj) The Internet IDOR - 03/26/2020
XSS WAF & Character limitation bypass like a boss Prial Islam Khan (@prial261) - XSS - 03/25/2020
VPN bypass vulnerability in Apple iOS Proton Team Apple Privacy issue - 03/25/2020
Self XSS to Account Takeover Ch3ckM4te - Account takeover, XSS, CSRF - 03/24/2020
The Ticklish XSS Adnan Malik (@adnanmalikinfo) - XSS - 03/23/2020
Remote Image Upload Leads to RCE (Inject Malicious Code to PHP-GD Image) Muhammad R. Maulana - RCE, Unrestricted file upload - 03/21/2020
API DOCS takeover on Oktavandi (@0ktavandi) - Subdomain takeover - 03/19/2020
EN | Administrator level Privilege Escalation story Samet Sahin (@sametsahinnet) - Privilege escalation $0 (Duplicate) 03/19/2020
Reflected XSS on subdomains Raimonds Liepins (@lv_linkers) Microsoft Reflected XSS $0 03/19/2020
Hacking — Always Check the Cross-domain Policy Jack Starbucks SOP bypass, CSRF $750 03/19/2020
XXE-scape through the front door: circumventing the firewall with HTTP request smuggling Pieter Hiele (@honoki) - XXE - 03/18/2020
Where is my Train : Tracking to Hacking ! Anil Tom (mr_4nk) Google Reflected XSS, SQL injection - 03/17/2020
How I was able to verify any contact number for my account? Paras Arora (@parasarora06) - OTP bypass, 2FA bypass - 03/17/2020
Razer mobile PIN verification bypass $1k Bug Sourav Sahana (@kernel_rider) Razer OTP bypass, 2FA bypass $1,000 03/17/2020
How I Earned $1750 at Shopify Bug Bounty Program Ashish Dhone Shopify XSS, Open redirect $1,750 03/16/2020
Weak session validation bug let you login even after changing the session IDs and logging out from the accounts Manasjha (@manas_hunter) Logic flaw, Session management flaw - 03/16/2020
Using Vulnerability Analytics Feature Like a Boss Ozgur Alp (@ozgur_bbh) - SSRF, Reflected XSS, Authentication bypass $8,600 03/15/2020
How I earned $800 for Host Header Injection Vulnerability Pethuraj (@Pethuraj) - Host header injection, Password reset flaw $800 03/15/2020
My Weirdest Bug Bounty — Getting PII from O365. Omaid Faizyar (@rulesofthetrade) Microsoft Subdomain takeover $1,000 03/14/2020
Blocked User Can Send Notification Due to Logical Bug in Instagram | First Instagram Bug Divyanshu Shukla Meta / Facebook Logic flaw $0 (Duplicate) 03/14/2020
What is your GCP infra worth?…about ~$700 [Bugbounty] Chris Gates (@carnal0wnage) Tokopedia Information disclosure $700 (Never paid) 03/13/2020
User’s email disclosure via invalid password reset link [$250] Myo Min Thu (@myominthu1337) - Password reset flaw, Information disclosure $250 03/13/2020
API secret key Leakage leads to disclosure of Employee’s Information Ace Candelario (@phspades) - Information disclosure $2,000 03/13/2020
Generate valid signatures for FBCDN urls Philippe Harewood (@phwd) Meta / Facebook Logic flaw, Authorization flaw - 03/13/2020
How I got access to critical data of a Company in no time ? Kaustubh Kale - Information disclosure, Lack of rate limiting, Bruteforce - 03/12/2020
[Bug Bounty] Email Content Injection Navneet (@na5n33t) - Email content injection $25 03/12/2020
How I Reported a DoS Vulnerability to AWS Amey Anekar (@ameyanekar) Amazon DoS - 03/11/2020
Generate valid signatures for files hosted in Facebook CDNs Samm0uda (@samm0uda) Meta / Facebook Authorization flaw, Logic flaw - 03/11/2020
Ability to bruteforce Instagram account’s password due to lack of rate limitation protection Samm0uda (@samm0uda) Meta / Facebook Lack of rate limiting, Bruteforce $3,000 03/11/2020
How I was able to bypass the current password? Ninad Mathpati (@ninad_mathpati) - Account takeover, CSRF - 03/11/2020
OTP Bypass - Developer’s Check Shrey Shah (@ShreySh43332033) - OTP bypass - 03/11/2020
Finding a P1 in one minute with (RCE) sw33tLie (@sw33tLie) - RCE - 03/11/2020
Got Easiest Bounty with HTML injection via email confirmation! Shaurya Sharma (@ShauryaSharma05) - HTML injection - 03/11/2020
Vulnerable design leads to personal data leakage- yet another case of an inter-application vulnerability… Marcin Szydlowski (@SecurityKsl) - Logic flaw - 03/09/2020
Broke limited scope with a chain of bugs (tips for every rider CORS) Valeriy Shevchenko (@Krevetk0Valeriy) - CORS misconfiguration, RCE - 03/09/2020
The unexpected Google wide domain check bypass David Schütz (@xdavidhu) Google Logic flaw $6,000 03/08/2020
Breaking the Competition (Bug Bounty Write-up) George O (@georgeomnet) - Race condition, DoS, Logic flaw, Session management flaw $0, Swag 03/08/2020
$5,005 worth vulnerability Duplicated, How I loose $5,005 in a day? Denial of Service - Billion LAUGH Attack (XXE) Muhammad Asim Shahzad - DoS, XXE $0 (Duplicate) 03/08/2020
Google Ads Self-XSS & Html Injection $5000 Syahri Ramadan (@adonkidz7) Google Self-XSS, HTML injection $5,000 03/07/2020
How I exploit the JSON CSRF with method override technique Simgamsetti Manikanta (@zaheckmania) - CSRF - 03/07/2020
Google Bug Bounty: Clickjacking on Google Payment (1337$) santuySec (@santuySec) Google Clickjacking $1,337 03/06/2020
Got Bounty with Account takeover (ATO ) Unicode-Case Mapping Collision ! Shaurya Sharma (@ShauryaSharma05) - Account takeover - 03/05/2020
Abusing Slack for Offensive Operations Cody Thomas (@its_a_feature_) Slack Logic flaw $0 (Informative) 03/04/2020
SSRF vulnerability in Uppy, Detected by Shieldfy Eslam Salem (@net_code) Node.js third-party modules SSRF - 03/03/2020
SOP Bypass Kenan (@kenanistaken) - SOP Bypass - 03/03/2020
Exploiting an SSRF: Trials and Tribulations A Bug’z Life (@abugzlife1) - SSRF $0 (Duplicate) 03/03/2020
ManageEngine ServiceDesk Plus: Arbitrary File Upload Duc Anh Bui - Arbitrary file upload, RCE - 03/03/2020
How I CSRF’d My First Bounty! Rajesh Ranjan (@rajesh_ranjan4) - CSRF $500 03/03/2020
SQL Injection Via Stopping the redirection to a login page Abde Ouabala (@4mgh0z) - SQL injection, Authorization flaw - 03/03/2020
SSRF on PDF generator. John Michael (@michan2514) - SSRF - 03/02/2020
Discord embed spoofing DarkMatterMatt Discord Phishing $0 03/02/2020
Facebook OAuth Framework Vulnerability Amol Baikar (@AmolBaikar) Meta / Facebook OAuth flaw $55,000 03/01/2020
A mysterious bug in the firmware of Google’s Titan M chip (CVE-2019-9465) Alexander Bakker Google Cryptographic issues - 02/29/2020
Account Hijack using Authorization bypass \(\) Bhavesh Thakur (@Bhavesh_Thakur_) - Account takeover, Authorization flaw - 02/28/2020
Page Admin Disclosure via an Upgraded Page Post Dan Fabro (@0x61_) Meta / Facebook Authorization flaw, Information disclosure $3,000 02/28/2020
The Tricky XSS Smaran Chand (@smaranchand) - XSS $0 (Won’t fix) 02/28/2020
Facebook CSRF bug which lead to Instagram Partial account takeover. Samm0uda (@samm0uda) Meta / Facebook CSRF, OAuth flaw $12,500 02/28/2020
RCE via Apache Struts2 - Still out there. Abhishek (@abhishake100) - RCE - 02/27/2020
Write-up: AWS Document Signing Security Control Bypass Ozgur Alp (@ozgur_bbh) - AWS flaw $1,000 02/26/2020
Long String DoS Shrey Shah (@ShreySh43332033) - DoS $100 02/26/2020
How I Get my first P1 (Sensitive Information Disclosure) using WPScan Harrmahar (@harrmahar) - Information disclosure - 02/26/2020
How i found 3 SSRF in one day on different bug bounty targets Damanpreet Singh (@MrDamanSingh) - SSRF - 02/25/2020
Mail.Ru Ext.B Scope Account Takeover [ $1500 ] Myo Min Thu (@myominthu1337) Account takeover, OAuth flaw $1,500 02/25/2020
Stored-XSS-on-groups-google-com Alessandro Rumampuk (@Rando02355205) Google Stored XSS $0 (Won’t fix) 02/25/2020
Discord DoS with a single message DarkMatterMatt Discord DoS $0 02/24/2020
Blind XSS against a Googler Uranium238 (@uraniumhacker) Google Blind XSS - 02/23/2020
Reflected XSS In AT&T Myo Min Thu (@myominthu1337) AT&T Reflected XSS - 02/23/2020
Tale of Account Takeovers (Part-1) Vijaysimha Reddy Bathini (@fatratfatrat) - Account takeover, HTTP Parameter Pollution, Password reset flaw, OTP bypass $5,000 02/22/2020
Hunting Tesla Model Y Secrets in the Parts Catalog Evan Connelly (@Evan_Connelly) Tesla Authorization flaw - 02/22/2020
Exploiting Jira for Host Discovery Alex Peña Atlassian CSRF - 02/20/2020
Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC Muhammad Khizer Javed / babayaga47 (@khizer_javed47) - Information disclosure, Hardcoded credentials - 02/19/2020
A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell Eugene Lim (@spaceraccoonsec) - XXE, RCE, Directory Traversal - 02/18/2020
From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World YoKo Kho (@YokoAcc) - Information disclosure, RCE - 02/18/2020
My First Bounty From Google. Syahri Ramadan (@adonkidz7) Google Self-XSS, HTML injection $5,000 02/18/2020
How We Found Another XSS in Google with Acunetix Andrey Leonov (@4lemon) Google XSS $5,000 02/17/2020
Plan Change Logic in Google Fiber (Webpass) Craig Arendt (@signalchaos) Google Logic flaw, Payment tampering - 02/17/2020
Exploiting WebSocket [Application Wide XSS / CSRF] Osama Avvan (@osamaavvan) - XSS, CSRF - 02/17/2020
How I Gain Unrestricted File Upload Remote Code Execution Bug Bounty Shay Grant (@kidshay) - Unrestricted file upload - 02/17/2020
Uploading Backdoor For Fun And Profit. Mohammed Abdul Raheem (@mohdaltaf163) - Unrestricted file upload, RCE - 02/17/2020
How to hack a company by circumventing its WAF through the abuse of a different security appliance and win bug bounties Red Timmy Security (@redtimmysec) - RCE - 02/16/2020
Open-redirect Vulnerability on Facebook dw1 Meta / Facebook Open redirect $500 02/16/2020
Blind IDOR in LinkedIn iOS application Hailstorm (@hailstorm1422) LinkedIn IDOR $0 02/16/2020
A Simple IDOR to Account Takeover Swapnil Maurya (@swapmaurya20) - IDOR, Account takeover $4,500 02/11/2020
Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches Ozgur Alp (@ozgur_bbh) - Information disclosure $1,500 02/11/2020
How I discovered an SSRF leading to AWS Metadata Leakage Amey Anekar (@ameyanekar) - SSRF - 02/10/2020
A step-by-step walk-through of an Invalid Endpoint Mohammed Israil (@mdisrail2468) - Information disclosure - 02/09/2020
External XML Entity via File Upload (SVG) Atul (@0xatul) - XXE, Unrestricted file upload - 02/08/2020
Determine users with detailed role model on behalf of any Facebook Application Amol Baikar (@AmolBaikar) Meta / Facebook IDOR - 02/08/2020
IDOR leads to Data leakage and Profile Update vict0ni (@vict0ni) - IDOR, Bruteforce - 02/07/2020
How Inspect Element Got me a Bounty Aditya Soni (@hetroublemakr) - Client-side enforcement of server-side security - 02/06/2020
Popping Alerts in Mixmax Chrome Extension (Write Up) Evan Ricafort (@evanricafort) Mixmax XSS - 02/06/2020
Simple Remote Code Execution Vulnerability Examples for Beginners Ozgur Alp (@ozgur_bbh) - RCE, Unrestricted file upload $15,000 02/05/2020
Google APIS ClickJacking ( $1337) Myo Min Thu (@myominthu1337) Google Clickjacking $1,337 02/05/2020
Site wide CSRF on a popular program Ajinkya Pathare (@fellchase) - CSRF - 02/05/2020
How I Made $600 in Bug Bounty in 15 Minutes with Contrast CE – CVE- 2019-8442 David Lindner (@golfhackerdave) Atlassian (Jira) Information disclosure $600 02/05/2020
Using CSRF I Got Weird Account Takeover Mohamed Sayed (@FlEx0Geek) - CSRF, Account takeover - 02/05/2020
An Unexpected Bounty — Email Bounce Issues Keshav Malik (@g0t_rOoT_) - DoS, Email Bounce Issue - 02/05/2020
Hijacking shared report links in Google Data Studio sushiwushi (@sushiwushi2) Google Authorization flaw - 02/05/2020
How, I dumped crypto data by chaining directory listing to open S3 Bucket Ddigvijay - AWS misconfiguration, Directory listing, Information disclosure - 02/05/2020
Arbitary File Upload too Stored XSS - Bug Bounty m0chan (@m0chan98) - Arbitrary file upload, Stored XSS - 02/04/2020
Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access Gal Weizman (@WeizmanGal) Facebook (WhatsApp) Stored XSS, CSP bypass, Open redirect, RCE $12,500 02/04/2020
Responsible Disclosure: Breaking out of a Sandboxed Editor to perform RCE Jatin Dhankhar (@jatindhankhar_) HackerEarth RCE - 02/04/2020
Exploiting Insecure Firebase Database! Muhammad Khizer Javed / babayaga47 (@khizer_javed47) - Insecure Firebase database - 02/04/2020
Easily leaking passenger information on an Airline Zseano (@zseano) - IDOR - 02/04/2020 Alternative link
CSRF CSRF CSRF… Navneet (@na5n33t) - CSRF $50 02/03/2020
Tumblr Bug Bounty ( $200) Myo Min Thu (@myominthu1337) Automattic (Tumblr) Unrestricted file upload, XSS, Authorization flaw $200 02/02/2020
Disclose Full Admin List of any Facebook Applications Amol Baikar (@AmolBaikar) Meta / Facebook IDOR - 02/02/2020
OK Google: bypass the authentication! Mattia Vinci Google Authentication bypass $0 (Wontfix) 01/31/2020
2FA Bypass via Logical Rate Limiting Bypass Jeppe Bonde Weikop - 2FA bypass, Logic flaw $500 01/30/2020
How I was able to takeover the company’s LinkedIn Page Vijaysimha Reddy Bathini (@fatratfatrat) - Broken Link Hijacking $500 01/29/2020
How I get my first SWAG from SIDN (Sensitive Data Expose) Mehedi Hasan Remon (@mehedi1194) SIDN Broken access control, Information disclosure $0, Swag 01/29/2020
Vimeo Livestream Bug Bounty WriteUp Mohamed Slamat (@oxxy37) Livestream IDOR, Parameter tampering - 01/29/2020
Hyperlink Injection - Easy Money (sometimes) Abhishek Yadav (@abhishake100) - Hyperlink injection $450 01/28/2020
Adding anyone including non-friend and blocked people as co-host in personal event! Binit Ghimire (@WHOISbinit) Meta / Facebook IDOR $750 01/28/2020
Tale of a Misconfiguration in Password Reset Naveenroy - Password reset flaw, Information disclosure - 01/27/2020
Escalating reflected XSS with HTTP Smuggling Hazana (@HazanaSec) - Reflected XSS, HTTP Request Smuggling - 01/27/2020
XSS on Facebook-Instagram CDN Server bypassing signature protection Amol Baikar (@AmolBaikar) Meta / Facebook XSS - 01/26/2020
Disclose Facebook Business Account ID Amol Baikar (@AmolBaikar) Meta / Facebook Information disclosure $1,500 01/26/2020
XSS on Facebook’s acquisition Oculus CDN Server Amol Baikar (@AmolBaikar) Meta / Facebook XSS - 01/26/2020
Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC Muhammad Khizer Javed / babayaga47 (@khizer_javed47) Meta / Facebook (Snapchat) Parameter tampering $1,000 01/26/2020
Accidental IDOR that Deleted Admin Account. Sayaan Alam (@ehsayaan) - IDOR $325 01/25/2020
The unexpected bounty: A story of Zendesk takeover on wis4nggeni - Subdomain takeover - 01/25/2020
Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover Samm0uda (@samm0uda) Meta / Facebook Cross-Site Websocket Hijacking (CSWH), Account takeover $12,500 01/23/2020
How I was able to take over any users account with host header injection Ajay Gautam (@evilboyajay) - Host header injection $900 01/23/2020
CORS Misconfiguration leading to Private Information Disclosure Virus0X01 (@Virus0X01) - CORS misconfiguration - 01/23/2020
A Less Known Attack Vector, Second Order IDOR Attacks Ozgur Alp (@ozgur_bbh) - IDOR - 01/22/2020
Password Reset Token Leak Via Referrer Shrey Shah (@ShreySh43332033) - Password reset flaw, Information disclosure - 01/22/2020
Facebook Vulnerability: Hidden “Community Manager” in Pages due to “Invitation Accept” logic Ritish Kumar Singh Meta / Facebook Logic flaw $500 01/22/2020
User Account Takeover via Signup Feature | Bug Bounty POC Muzammil Kayani (@muzammilabbas2) - Account takeover, Logic flaw, Authorization flaw - 01/22/2020
Google Bug Bounty: CSRF in santuySec (@santuySec) Google CSRF $0 (Duplicate) 01/21/2020
Cross Site Request Forgery vulnerability Leads to User Profile Change in Microsoft Express Logic Adesh Nandkishor kolte (@AdeshKolte) Microsoft CSRF - 01/21/2020
How i bought my way to subdomain takeover on Tokopedia wis4nggeni Tokopedia Subdomain takeover - 01/20/2020
GGvulnz — How I hacked hundreds of companies through Google Groups Milan Magyar Google Logic flaw - 01/20/2020
How I accidentally found Bug in Google Search Console Tomi (@noobe_io) Google Logic flaw, Authorization flaw $1,337 01/18/2020
Adding a malicious notebook to be treated like a trusted notebook in Google Colab — 1337$ Raushan Raj (@raushan_rajj) Google Authorization flaw, Logic flaw $1,337 01/17/2020
The trouble with Microsoft’s Troubleshooters Imre Rad (@ImreRad) Microsoft RCE, MiTM $0 (Won’t fix) 01/15/2020
From . in regex to SSRF — part 2 Niemiec Marcin (@xvnpw) - SSRF - 01/14/2020
How I discovered an interesting account takeover flaw? Akash Methani (@0xAkash) - Account takeover, Password reset flaw, Lack of rate limiting - 01/14/2020
In Cloud we “Trust”: Wrong Kubernetes implementation by Google Cloud Platform & Microsoft Azure affecting customers Chen Cohen (@chencococococo) Microsoft, Google Old components with known vulnerabilities - 01/12/2020
No Rate Limit - 2K Bounty Shrey Shah (@ShreySh43332033) Yahoo Lack of rate limiting $2,000 01/12/2020
How I earn $500 from Razer open S3 bucket Sourav Sahana (@kernel_rider) Razer AWS misconfiguration $500 01/12/2020
My First RCE (Stressed Employee gets me 2x bounty) Abhishek Yadav (@abhishake100) - RCE, Unrestricted file upload $900 01/10/2020
Hunting Good Bugs with only <HTML> Ak1T4 (@akita_zen) - Open redirect, HTML injection, SSRF - 01/10/2020
Google Chrome display locking fuzzing Pawel Wylecial (@h0wlu) Google Heap Use-After-Free $5,000 01/08/2020
The Bug That Exposed Your PayPal Password Alex Birsan Paypal XSSI $15,300 01/08/2020
Update: Want to take over the Java ecosystem? All you need is a MITM! Jonathan Leitschuh (@jlleitschuh) Github Insecure communications $2,300 01/08/2020
HTML Injection(Unique Exploitation) Pratik Yadav (@PratikY9967) - HTML injection $250 01/07/2020
Saying Goodbye to my Favorite 5 Minute P1 Allyson O’Malley (@ally_o_malley) Microsoft Information disclosure - 01/06/2020
How I found a Privilege Escalation Bug in a private Ecommerce? Baibhav Anand (@SpongeBhav) - Privilege escalation - 01/06/2020
XSS on Sony subdomain Gökhan Güzelkokar (@gkhck_) Sony Reflected XSS - 01/06/2020
From . in regex to SSRF — part 1 Niemiec Marcin (@xvnpw) - SSRF - 01/05/2020
Account takeover via HTTP Request Smuggling hipotermia (@hipotermia) - HTTP request smuggling, Account takeover, Open redirect, Internal header disclosure - 01/03/2020
Bypass 2FA in a website Sourav Sahana (@kernel_rider) - 2FA bypass - 01/01/2020
Bypass Mobile PIN Verification Sourav Sahana (@kernel_rider) - Authentication bypass $100 01/01/2020

Bug bounty writeups published in 2019

Title & URL Author Bug bounty program Vulnerability Reward $$$ Publication date Alternative link
Story of an IDOR via HTTP Shuaib Oladigbolu (@_sawzeeyy) - IDOR - 12/31/2019
Exploiting HTML Injection in Email Shuaib Oladigbolu (@_sawzeeyy) - HTML injection - 12/31/2019
From POST to GET Open redirect Sourav Sahana (@kernel_rider) - Open redirect $450 12/31/2019
Bug Hunting Journey of 2019 Sudhanshu Rajbhar (@sudhanshur705) Alibaba, Verizon Media, [Private program] XSS, Privilege escalation, Information disclosure $2,500 12/31/2019
Exploiting a Self Stored XSS with an IDOR Shuaib Oladigbolu (@_sawzeeyy) - Self-XSS, Stored XSS, IDOR - 12/31/2019
How did I earn $3133.70 from Google Translator? Beri Bey (@uppmen) Google XSS $3,133.70 12/30/2019
Facebook Bug bounty Story: $X000 for an Information Disclosure Bug Circle Ninja (@circleninja) Meta / Facebook Information disclosure - 12/29/2019
How I made $7500 from My First Bug Bounty Found on Google Cloud Platform James Grunewald Google Logic flaw $7,500 12/29/2019
Drop the mic?! no! Drop the connection ;) Sasi Levi (@sasi2103) Google DOM XSS - 12/29/2019
Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty Omkar Bhagwat (@th3_hidd3n_mist) - XSSI $0 (Duplicate) 12/27/2019
Bypassing Brand Collabs Manager Eligibility on Facebook Ajay Gautam (@evilboyajay) Meta / Facebook Authorization flaw $0 12/26/2019
Subdomain takeover via pantheon Smaran Chand (@smaranchand) - Subdomain takeover - 12/26/2019
Microsoft Edge (Chromium) - EoP via XSS to Potential RCE Abdulrahman Alqabandi (@Qab) Microsoft XSS, RCE $40,000 12/24/2019
SOP Bypass via browser-cache Aaron Costello (@ConspiracyProof) Keybase SOP bypass $1,500 12/24/2019
Abusing ImageMagick to obtain RCE Strynx (@Strynx_Security) - ImageMagick, RCE $5,000 12/24/2019
How we hacked one of the worlds largest Cryptocurrency Website Strynx (@Strynx_Security) - SQL injection, RCE - 12/24/2019
Airbnb : Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method (IDOR) Vijay Kumar (@IndoAppSec) Airbnb IDOR $3,000 12/24/2019
Bugbounty | A Dom Xss Jinone (@jinonehk) - DOM XSS $500 12/24/2019
GraphQL IDOR leads to information disclosure Eshan Singh (@R0X4R) - IDOR - 12/24/2019
CSRF Token Bypasss — A Tale of my $2k bug Adeyefa Oluwatoba (@adeyefa_codes) - CSRF, Account takeover $2,000 12/23/2019
reCAPTCHA Exploits Dr. Neal Krawetz (@hackerfactor) Google reCAPTCHA bypass $0 12/23/2019
From broken link to subfolder takeover on Bukalapak wis4nggeni Bukalapak AWS flaw - 12/23/2019
2 FA Bypass via CSRF Attack Vishal Bharad 2FA bypass, CSRF $0 (OOS) 12/23/2019
Full Account Takeover (Android Application) Vishal Bharad - Information disclosure, Account takeover - 12/21/2019
Bypassing Captcha ! Abhishek Yadav (@abhishake100) - Captcha bypass $200 12/20/2019
Account Takeover Through Password Reset Poisoning Vishal Bharad - Password reset flaw, Account takeover - 12/19/2019
#BugBounty — How Snapdeal (India’s Popular E-commerce Website) Kept their Users Data at Risk! Nanda Kumar (@nk00_nk) Snapdeal Insecure storage of sensitive information - 12/19/2019
[Google VRP] SSRF in Google Cloud Platform StackDriver Ron Chan (@ngalongc) Google SSRF - 12/19/2019
Abusing feature to steal your tokens Harsh Jaiswal (@rootxharsh) - OAuth flaw $3,750 12/17/2019
BreakingApp – WhatsApp Crash & Data Loss Bug Dikla Barda, Roman Zaikin & Yaara Shriki Meta / Facebook DoS - 12/17/2019
[email protected] Disclosure via IDOR Pratyush Anjan Sarangi - IDOR $750 12/16/2019
Stored Iframe Injection + CSRF = Account Takeover 😎😎 Rounak Dhadiwal (@XploiteR_D) - HTML injection, CSRF - 12/16/2019
How I Took Over 2 Subdomains with Azure CDN Profiles m0chan (@m0chan98) - Subdomain takeover - 12/16/2019
4 Google Cloud Shell bugs explained [email protected] (@wtm_offensi) Google RCE - 12/16/2019
Authorization bug that every bug hunter missed on a popular program Ajinkya Pathare (@fellchase) - Authorization flaw - 12/15/2019
Vimeo upload function SSRF Sayed Abdelhafiz (@dPhoeniixx) - SSRF $5,000 12/13/2019
How I was able to find a logical bug on Instagram? Jabir Khan (@Jabirkhan0x0) Meta / Facebook Logic flaw - 12/13/2019
Facebook New Account Verification Bypass Santosh Baral (@santoshbrl5) Meta / Facebook Authentication bypass $0 (Internal duplicate) 12/13/2019
Multiple Host Header Attacks after bypassing protection with… a Header Attack vict0ni (@vict0ni) - Host header injection - 12/12/2019
$500 getClass Ezequiel Pereira (@epereiralopez) Google Java vulnerability $500 12/12/2019
A $25 Easy Bug. Navneet (@na5n33t) - Session management flaw $25 12/12/2019
SSRF via FFmpeg HLS processing Pflash Punk (@PflashPunk) - SSRF $0 (Duplicate) 12/11/2019
Blind XSS (A mind game to win the battle) Dirtycoder (@dirtycoder0124) - Blind XSS $1,000 12/11/2019
AirDoS: Remotely render any nearby iPhone or iPad unusable Kishan Bagaria (@KishanBagaria) Apple DoS - 12/10/2019
Get pwned by scanning QR Code Nikhil Mittal (@c0d3G33k) Mozilla XSS, CSP bypass - 12/10/2019
Authentication Bypass Rushiikesh (@u1tran00b) - 2FA bypass $700 12/09/2019
Media deletion CSRF vulnerability on Instagram Pouya Darabi (@Pouyadarabi) Meta / Facebook CSRF $3,000 12/09/2019
Telegram (v4.9.155353) was rendering file:// links + opening them via -> code execution. Vladimir Metnew (@vladimir_metnew) Telegram RCE $500 12/08/2019
Spilling Local Files via XXE when HTTP OOB fails Rahul Maini - XXE - 12/07/2019
Reusing Cookies Ricardo Iramar dos Santos - Session management flaws $400 12/07/2019
HTML Injection to XSS bypass in [] Evan Ricafort (@evanricafort) - Reflected XSS $600 12/07/2019
$150 XSS at Error Page of Respository Code Navneet (@na5n33t) - Reflected XSS $150 12/07/2019
Google Chrome portal element fuzzing Pawel Wylecial (@h0wlu) Google RCE, Heap Buffer Overflow, Heap Use-After-Free $8,000 12/06/2019
HTTP Request Smuggling + IDOR hipotermia (@hipotermia) - HTTP request smuggling, IDOR - 12/05/2019
XSS like a Pro Anas Mahmood (@AnasIsHere) - XSS $450 12/05/2019
Dank Writeup On Broken Access Control On An Indian Startup Divyanshu Shukla - Unrestricted file upload, Authorization flaw - 11/30/2019
My first RCE: a tale of good ideas and good friends rez0 (@rez0__) - RCE, ImageTragick - 11/29/2019
How I turned Self XSS to Stored via CSRF Abhishek Yadav (@abhishake100) - Self-XSS, CSRF $550 11/29/2019
Hacking GitHub with Unicode’s dotless ‘i’ John Gracey (@jagracey) Github Logic flaw - 11/28/2019
XSS Stored On [ Outlook Web — Outlook Android App ] ElMahdi Mrhassel (@ElMrhassel) Microsoft Stored XSS $2,400 11/28/2019
Reflected XSS in leads to account takeover in IE/Edge Samm0uda (@samm0uda) Meta / Facebook Reflected XSS, Account takeover $5,000 11/27/2019
Site Isolation bypass via Chrome extension Anthony Weems Google Browser bug, Site Isolation bypass $3,133.70 11/27/2019
Getting access to disabled/hidden features with the help of Burpsuite Match and Replace settings Johns Simon (@Johnssimon22) - Authorization flaw - 11/27/2019
How Did Tons of People Like Me on Tinder? Mustafa iran (@Mustafaran) - HTTP request smuggling $2,500 11/25/2019
Finding a security bug in Discord and what it taught me Tristan Farkas (@TristanAtFarkas) Discord OAuth flaw - 11/24/2019
CORS Misconfiguration to Account TakeOver [Out of scope to grab items In-Scope] Mashoud1122 (@mashoud1122) - CORS misconfiguration, Open redirect, Reflected XSS, Session management flaw $1,500 11/24/2019
The AccountTakeOver Killing Chain أنس روبي (@xhzeem) - Account takeover, CSRF, Self-XSS - 11/23/2019
Exploiting padding oracles with fixed IVs Teddy Katz (@not_aardvark) - Padding oracle attack, Account takeover - 11/23/2019
IDOR via Websockets Shuaib Oladigbolu (@_sawzeeyy) - IDOR - 11/23/2019
Stories Of IDOR-Part 2 Shivbihari Pandey (@ninja_pandit_) - IDOR $3,650 11/21/2019
Disable Any Unconfirmed Account in Facebook Lokesh Kumar (@lokeshdlk77) Meta / Facebook Bruteforce $1,000 11/21/2019
700$ Denial of Service(DoS) vulnerability in script-loader.php (CVE-2018-6389) Pankaj Thakur (@Nep_1337_1998) - DoS $700 11/21/2019
Reply To Instagram Stories where privacy of who can reply is set to ‘Nobody’. (Part 2) Baibhav Anand (@SpongeBhav) Meta / Facebook Authorization flaw $1,000 11/21/2019
Cracking reCAPTCHA, Turbo Intruder style James Kettle (@albinowax) Google Captcha bypass, Race condition $0 (Won’t fix) 11/20/2019
How I paid 2$ for a 1054$ XSS bug + 20 chars blind XSS payloads Mohamed Daher (@DaherMohamed4) - XSS $1,054 11/20/2019
Subdomain Takeover via Mohamed Haron (@m7mdharon) - Subdomain takeover $900 11/20/2019
How I could delete Facebook Ask for Recommendations post’s place objects in comments Raja Sudhakar (@Rajasudhakar) Meta / Facebook IDOR - 11/20/2019
Broken session management leads to bypass 2FA and Permanent access to Facebook user’s Mahmoud Barakat (@0xBarakat) Meta / Facebook Authentication bypass - 11/19/2019
Disclose the owner of a recruiting manager in Jobs Beta Philippe Harewood (@phwd) Meta / Facebook Information disclosure - 11/19/2019
Million Users PII Leak Data Leak Shivbihari Pandey (@ninja_pandit_) - Information disclosure, Blind XSS $3,250 11/18/2019
XSS in GMail’s AMP4Email via DOM Clobbering Michał Bentkowski (@securitymb) Google XSS, DOM Clobbering - 11/18/2019
This is How I was able to hunt a rare bug in a private program Abida Fahd - Lack of authentication, Privilege escalation - 11/18/2019
My First Bug ($500) Abhishek Yadav (@abhishake100) - No valid SPF records $500 11/18/2019
Bypassing the patch for my previous Instagram bug. Baibhav Anand (@SpongeBhav)