pentester.land
Open in
urlscan Pro
2606:4700:3031::681c:17ae
Public Scan
Submission: On February 23 via manual from GR
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 4th 2020. Valid for: 8 months.
This is the only time pentester.land was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 4 | 2606:4700:303... 2606:4700:3031::681c:17ae | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 7 | 143.204.202.34 143.204.202.34 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 23.45.237.132 23.45.237.132 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 2 | 2a00:1450:400... 2a00:1450:4001:800::200e | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:81b::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 16 | 6 |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-34.fra53.r.cloudfront.net
| downloads.mailchimp.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-237-132.deploy.static.akamaitechnologies.com
| mc.us17.list-manage.com |
ASN15169 (GOOGLE, US)
| www.google-analytics.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 7 |
mailchimp.com
downloads.mailchimp.com |
84 KB |
| 4 |
pentester.land
pentester.land |
149 KB |
| 2 |
google-analytics.com
www.google-analytics.com |
18 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
13 KB |
| 1 |
list-manage.com
mc.us17.list-manage.com |
2 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
840 B |
| 16 | 6 |
| Domain | Requested by | |
|---|---|---|
| 7 | downloads.mailchimp.com |
pentester.land
downloads.mailchimp.com |
| 4 | pentester.land |
pentester.land
|
| 2 | www.google-analytics.com |
pentester.land
|
| 1 | fonts.gstatic.com |
pentester.land
|
| 1 | mc.us17.list-manage.com |
downloads.mailchimp.com
|
| 1 | fonts.googleapis.com |
pentester.land
|
| 16 | 6 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-02-04 - 2020-10-09 |
8 months | crt.sh |
| downloads.mailchimp.com Amazon |
2019-07-24 - 2020-08-24 |
a year | crt.sh |
| *.storage.googleapis.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
| wildcardsan.list-manage.com DigiCert SHA2 Secure Server CA |
2019-07-27 - 2020-10-25 |
a year | crt.sh |
| *.google-analytics.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
| *.google.com GTS CA 1O1 |
2020-02-12 - 2020-05-06 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://pentester.land/list-of-bug-bounty-writeups.html
Frame ID: A571A88FBB347DD8102DE5CBCBAE5269
Requests: 12 HTTP requests in this frame
Frame:
https://downloads.mailchimp.com/css/signup-forms/popup/1.0/common.css
Frame ID: 282A011E1ADBB5AC85708121FE068038
Requests: 2 HTTP requests in this frame
Frame:
https://downloads.mailchimp.com/css/signup-forms/popup/1.0/common.css
Frame ID: 3EBF879B889D856BBD9C47FAD2957CE0
Requests: 2 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare
(CDN)
Expand
Detected patterns
- headers server /^cloudflare$/i
Google Analytics
(Analytics)
Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Google Font API
(Font Scripts)
Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
2109 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC
Search URL Search Domain Scan URL
Title: Muhammad Khizer Javed / babayaga47 (@khizer_javed47)
Search URL Search Domain Scan URL
Title: A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell
Search URL Search Domain Scan URL
Title: spaceraccoon (@spaceraccoonsec)
Search URL Search Domain Scan URL
Title: From Recon to Optimizing RCE Results - Simple Story with One of the Biggest ICT Company in the World
Search URL Search Domain Scan URL
Title: YoKo Kho (@YokoAcc)
Search URL Search Domain Scan URL
Title: How We Found Another XSS in Google with Acunetix
Search URL Search Domain Scan URL
Title: Andrey Leonov (@4lemon)
Search URL Search Domain Scan URL
Title: Exploiting WebSocket [Application Wide XSS / CSRF]
Search URL Search Domain Scan URL
Title: Osama Avvan (@osamaavvan)
Search URL Search Domain Scan URL
Title: How I Gain Unrestricted File Upload Remote Code Execution Bug Bounty
Search URL Search Domain Scan URL
Title: Shay Grant (@kidshay)
Search URL Search Domain Scan URL
Title: Uploading Backdoor For Fun And Profit.
Search URL Search Domain Scan URL
Title: Mohammed Abdul Raheem (@mohdaltaf163)
Search URL Search Domain Scan URL
Title: Open-redirect Vulnerability on Facebook
Search URL Search Domain Scan URL
Title: Blind IDOR in LinkedIn iOS application
Search URL Search Domain Scan URL
Title: Hailstorm (@hailstorm1422)
Search URL Search Domain Scan URL
Title: A Simple IDOR to Account Takeover
Search URL Search Domain Scan URL
Title: Swapnil Maurya (@swapmaurya20)
Search URL Search Domain Scan URL
Title: Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches
Search URL Search Domain Scan URL
Title: Ozgur Alp (@ozgur_bbh)
Search URL Search Domain Scan URL
Title: A step-by-step walk-through of an Invalid Endpoint
Search URL Search Domain Scan URL
Title: Mohammed Israil (@mdisrail2468)
Search URL Search Domain Scan URL
Title: External XML Entity via File Upload (SVG)
Search URL Search Domain Scan URL
Title: Atul (@0xatul)
Search URL Search Domain Scan URL
Title: Determine users with detailed role model on behalf of any Facebook Application
Search URL Search Domain Scan URL
Title: Amol Baikar (@AmolBaikar)
Search URL Search Domain Scan URL
Title: IDOR leads to Data leakage and Profile Update
Search URL Search Domain Scan URL
Title: vict0ni (@vict0ni)
Search URL Search Domain Scan URL
Title: How Inspect Element Got me a Bounty
Search URL Search Domain Scan URL
Title: Aditya Soni (@hetroublemakr)
Search URL Search Domain Scan URL
Title: Google APIS ClickJacking ( $1337)
Search URL Search Domain Scan URL
Title: Myo Min Thu (@myominthu1337)
Search URL Search Domain Scan URL
Title: Site wide CSRF on a popular program
Search URL Search Domain Scan URL
Title: Ajinkya Pathare (@fellchase)
Search URL Search Domain Scan URL
Title: How I Made $600 in Bug Bounty in 15 Minutes with Contrast CE – CVE- 2019-8442
Search URL Search Domain Scan URL
Title: David Lindner (@golfhackerdave)
Search URL Search Domain Scan URL
Title: Using CSRF I Got Weird Account Takeover
Search URL Search Domain Scan URL
Title: Mohamed Sayed (@FlEx0Geek)
Search URL Search Domain Scan URL
Title: An Unexpected Bounty — Email Bounce Issues
Search URL Search Domain Scan URL
Title: Hijacking shared report links in Google Data Studio
Search URL Search Domain Scan URL
Title: sushiwushi (@sushiwushi2)
Search URL Search Domain Scan URL
Title: How, I dumped crypto data by chaining directory listing to open S3 Bucket
Search URL Search Domain Scan URL
Title: Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access
Search URL Search Domain Scan URL
Title: Gal Weizman (@WeizmanGal)
Search URL Search Domain Scan URL
Title: Responsible Disclosure: Breaking out of a Sandboxed Editor to perform RCE
Search URL Search Domain Scan URL
Title: Jatin Dhankhar (@jatindhankhar_)
Search URL Search Domain Scan URL
Title: Exploiting Insecure Firebase Database!
Search URL Search Domain Scan URL
Title: Easily leaking passenger information on an Airline
Search URL Search Domain Scan URL
Title: Zseano (@zseano)
Search URL Search Domain Scan URL
Title: CSRF CSRF CSRF…
Search URL Search Domain Scan URL
Title: Navneet (@na5n33t)
Search URL Search Domain Scan URL
Title: Tumblr Bug Bounty ( $200)
Search URL Search Domain Scan URL
Title: Disclose Full Admin List of any Facebook Applications
Search URL Search Domain Scan URL
Title: OK Google: bypass the authentication!
Search URL Search Domain Scan URL
Title: 2FA Bypass via Logical Rate Limiting Bypass
Search URL Search Domain Scan URL
Title: How I was able to takeover the company’s LinkedIn Page
Search URL Search Domain Scan URL
Title: Vijaysimha Reddy Bathini (@fatratfatrat)
Search URL Search Domain Scan URL
Title: How I get my first SWAG from SIDN (Sensitive Data Expose)
Search URL Search Domain Scan URL
Title: Mehedi Hasan Remon (@mehedi1194)
Search URL Search Domain Scan URL
Title: Vimeo Livestream Bug Bounty WriteUp
Search URL Search Domain Scan URL
Title: Hyperlink Injection - Easy Money (sometimes)
Search URL Search Domain Scan URL
Title: Abhishek Yadav (@abhishake100)
Search URL Search Domain Scan URL
Title: Tale of a Misconfiguration in Password Reset
Search URL Search Domain Scan URL
Title: Escalating reflected XSS with HTTP Smuggling
Search URL Search Domain Scan URL
Title: Hazana (@HazanaSec)
Search URL Search Domain Scan URL
Title: XSS on Facebook-Instagram CDN Server bypassing signature protection
Search URL Search Domain Scan URL
Title: Disclose Facebook Business Account ID
Search URL Search Domain Scan URL
Title: XSS on Facebook’s acquisition Oculus CDN Server
Search URL Search Domain Scan URL
Title: Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC
Search URL Search Domain Scan URL
Title: $1,000
Search URL Search Domain Scan URL
Title: Accidental IDOR that Deleted Admin Account.
Search URL Search Domain Scan URL
Title: Sayaan Alam (@ehsayaan)
Search URL Search Domain Scan URL
Title: The unexpected bounty: A story of Zendesk takeover on REDACTED.com
Search URL Search Domain Scan URL
Title: Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover
Search URL Search Domain Scan URL
Title: Samm0uda (@samm0uda)
Search URL Search Domain Scan URL
Title: How I was able to take over any users account with host header injection
Search URL Search Domain Scan URL
Title: Ajay Gautam (@evilboyajay)
Search URL Search Domain Scan URL
Title: CORS Misconfiguration leading to Private Information Disclosure
Search URL Search Domain Scan URL
Title: Virus0X01 (@Virus0X01)
Search URL Search Domain Scan URL
Title: A Less Known Attack Vector, Second Order IDOR Attacks
Search URL Search Domain Scan URL
Title: Password Reset Token Leak Via Referrer
Search URL Search Domain Scan URL
Title: Shrey Shah (@ShreySh43332033)
Search URL Search Domain Scan URL
Title: Facebook Vulnerability: Hidden “Community Manager” in Pages due to “Invitation Accept” logic
Search URL Search Domain Scan URL
Title: User Account Takeover via Signup Feature | Bug Bounty POC
Search URL Search Domain Scan URL
Title: Muzammil Kayani (@muzammilabbas2)
Search URL Search Domain Scan URL
Title: Google Bug Bounty: CSRF in learndigital.withgoogle.com
Search URL Search Domain Scan URL
Title: santuySec (@santuySec)
Search URL Search Domain Scan URL
Title: Cross Site Request Forgery vulnerability Leads to User Profile Change in Microsoft Express Logic
Search URL Search Domain Scan URL
Title: Adesh Kolte (@AdeshKolte)
Search URL Search Domain Scan URL
Title: How i bought my way to subdomain takeover on Tokopedia
Search URL Search Domain Scan URL
Title: GGvulnz — How I hacked hundreds of companies through Google Groups
Search URL Search Domain Scan URL
Title: How I accidentally found Bug in Google Search Console
Search URL Search Domain Scan URL
Title: Tomi (@noobe_io)
Search URL Search Domain Scan URL
Title: Adding a malicious notebook to be treated like a trusted notebook in Google Colab — 1337$
Search URL Search Domain Scan URL
Title: Raushan Raj (@raushan_rajj)
Search URL Search Domain Scan URL
Title: How I discovered an interesting account takeover flaw?
Search URL Search Domain Scan URL
Title: Akash Methani (@0xAkash)
Search URL Search Domain Scan URL
Title: No Rate Limit - 2K Bounty
Search URL Search Domain Scan URL
Title: How I earn $500 from Razer open S3 bucket
Search URL Search Domain Scan URL
Title: Sourav Sahana (@kernel_rider)
Search URL Search Domain Scan URL
Title: My First RCE (Stressed Employee gets me 2x bounty)
Search URL Search Domain Scan URL
Title: Hunting Good Bugs with only <HTML>
Search URL Search Domain Scan URL
Title: Ak1T4 (@akita_zen)
Search URL Search Domain Scan URL
Title: The Bug That Exposed Your PayPal Password
Search URL Search Domain Scan URL
Title: Alex Birsan
Search URL Search Domain Scan URL
Title: Update: Want to take over the Java ecosystem? All you need is a MITM!
Search URL Search Domain Scan URL
Title: Jonathan Leitschuh (@jlleitschuh)
Search URL Search Domain Scan URL
Title: HTML Injection(Unique Exploitation)
Search URL Search Domain Scan URL
Title: Pratik Yadav (@PratikY9967)
Search URL Search Domain Scan URL
Title: Saying Goodbye to my Favorite 5 Minute P1
Search URL Search Domain Scan URL
Title: Allyson O’Malley (@ally_o_malley)
Search URL Search Domain Scan URL
Title: How I found a Privilege Escalation Bug in a private Ecommerce?
Search URL Search Domain Scan URL
Title: Baibhav Anand (@iBaibhavJha)
Search URL Search Domain Scan URL
Title: XSS on Sony subdomain
Search URL Search Domain Scan URL
Title: Gökhan Güzelkokar (@gkhck_)
Search URL Search Domain Scan URL
Title: Account takeover via HTTP Request Smuggling
Search URL Search Domain Scan URL
Title: hipotermia (@hipotermia)
Search URL Search Domain Scan URL
Title: Bypass 2FA in a website
Search URL Search Domain Scan URL
Title: Bypass Mobile PIN Verification
Search URL Search Domain Scan URL
Title: Story of an IDOR via HTTP
Search URL Search Domain Scan URL
Title: Shuaib Oladigbolu (@_sawzeeyy)
Search URL Search Domain Scan URL
Title: Exploiting HTML Injection in Email
Search URL Search Domain Scan URL
Title: From POST to GET Open redirect
Search URL Search Domain Scan URL
Title: Bug Hunting Journey of 2019
Search URL Search Domain Scan URL
Title: Sudhanshu Rajbhar (@sudhanshur705)
Search URL Search Domain Scan URL
Title: Exploiting a Self Stored XSS with an IDOR
Search URL Search Domain Scan URL
Title: How did I earn $3133.70 from Google Translator?
Search URL Search Domain Scan URL
Title: Beri Bey (@uppmen)
Search URL Search Domain Scan URL
Title: Facebook Bug bounty Story: $X000 for an Information Disclosure Bug
Search URL Search Domain Scan URL
Title: Circle Ninja (@circleninja)
Search URL Search Domain Scan URL
Title: How I made $7500 from My First Bug Bounty Found on Google Cloud Platform
Search URL Search Domain Scan URL
Title: Drop the mic?! no! Drop the connection ;)
Search URL Search Domain Scan URL
Title: Sasi Levi (@sasi2103)
Search URL Search Domain Scan URL
Title: Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty
Search URL Search Domain Scan URL
Title: Omkar Bhagwat (@th3_hidd3n_mist)
Search URL Search Domain Scan URL
Title: Bypassing Brand Collabs Manager Eligibility on Facebook
Search URL Search Domain Scan URL
Title: Subdomain takeover via pantheon
Search URL Search Domain Scan URL
Title: Smaran Chand (@smaranchand)
Search URL Search Domain Scan URL
Title: Microsoft Edge (Chromium) - EoP via XSS to Potential RCE
Search URL Search Domain Scan URL
Title: Abdulrahman Al-Qabandi (@Qab)
Search URL Search Domain Scan URL
Title: SOP Bypass via browser-cache
Search URL Search Domain Scan URL
Title: Aaron Costello (@ConspiracyProof)
Search URL Search Domain Scan URL
Title: Abusing ImageMagick to obtain RCE
Search URL Search Domain Scan URL
Title: Strynx (@Strynx_Security)
Search URL Search Domain Scan URL
Title: How we hacked one of the worlds largest Cryptocurrency Website
Search URL Search Domain Scan URL
Title: Airbnb : Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method (IDOR)
Search URL Search Domain Scan URL
Title: Vijay Kumar (@IndoAppSec)
Search URL Search Domain Scan URL
Title: Bugbounty | A Dom Xss
Search URL Search Domain Scan URL
Title: Jinone (@jinonehk)
Search URL Search Domain Scan URL
Title: GraphQL IDOR leads to information disclosure
Search URL Search Domain Scan URL
Title: CSRF Token Bypasss — A Tale of my $2k bug
Search URL Search Domain Scan URL
Title: Adeyefa Oluwatoba (@adeyefa_codes)
Search URL Search Domain Scan URL
Title: reCAPTCHA Exploits
Search URL Search Domain Scan URL
Title: Dr. Neal Krawetz (@hackerfactor)
Search URL Search Domain Scan URL
Title: From broken link to subfolder takeover on Bukalapak
Search URL Search Domain Scan URL
Title: 2 FA Bypass via CSRF Attack
Search URL Search Domain Scan URL
Title: Full Account Takeover (Android Application)
Search URL Search Domain Scan URL
Title: Bypassing Captcha !
Search URL Search Domain Scan URL
Title: Account Takeover Through Password Reset Poisoning
Search URL Search Domain Scan URL
Title: #BugBounty — How Snapdeal (India’s Popular E-commerce Website) Kept their Users Data at Risk!
Search URL Search Domain Scan URL
Title: Nanda Kumar (@nk00_nk)
Search URL Search Domain Scan URL
Title: [Google VRP] SSRF in Google Cloud Platform StackDriver
Search URL Search Domain Scan URL
Title: Ron Chan (@ngalongc)
Search URL Search Domain Scan URL
Title: Abusing feature to steal your tokens
Search URL Search Domain Scan URL
Title: Harsh Jaiswal (@rootxharsh)
Search URL Search Domain Scan URL
Title: BreakingApp – WhatsApp Crash & Data Loss Bug
Search URL Search Domain Scan URL
Title: Inf0rM@tion Disclosure via IDOR
Search URL Search Domain Scan URL
Title: Stored Iframe Injection + CSRF = Account Takeover 😎😎
Search URL Search Domain Scan URL
Title: Rounak Dhadiwal (@XploiteR_D)
Search URL Search Domain Scan URL
Title: How I Took Over 2 Subdomains with Azure CDN Profiles
Search URL Search Domain Scan URL
Title: m0chan (@m0chan98)
Search URL Search Domain Scan URL
Title: 4 Google Cloud Shell bugs explained
Search URL Search Domain Scan URL
Title: wtm@offensi.com (@wtm_offensi)
Search URL Search Domain Scan URL
Title: Authorization bug that every bug hunter missed on a popular program
Search URL Search Domain Scan URL
Title: Vimeo upload function SSRF
Search URL Search Domain Scan URL
Title: Sayed Abdelhafiz (@dPhoeniixx)
Search URL Search Domain Scan URL
Title: How I was able to find a logical bug on Instagram?
Search URL Search Domain Scan URL
Title: Jabir Khan (@Jabirkhan0x0)
Search URL Search Domain Scan URL
Title: Facebook New Account Verification Bypass
Search URL Search Domain Scan URL
Title: Santosh Baral (@santoshbrl5)
Search URL Search Domain Scan URL
Title: Multiple Host Header Attacks after bypassing protection with… a Header Attack
Search URL Search Domain Scan URL
Title: A $25 Easy Bug.
Search URL Search Domain Scan URL
Title: SSRF via FFmpeg HLS processing
Search URL Search Domain Scan URL
Title: Pflash Punk (@PflashPunk)
Search URL Search Domain Scan URL
Title: Blind Xss (A mind game to win the battle)
Search URL Search Domain Scan URL
Title: Dirtycoder (@dirtycoder0124)
Search URL Search Domain Scan URL
Title: AirDoS: Remotely render any nearby iPhone or iPad unusable
Search URL Search Domain Scan URL
Title: Kishan Bagaria (@KishanBagaria)
Search URL Search Domain Scan URL
Title: Get pwned by scanning QR Code
Search URL Search Domain Scan URL
Title: Nikhil Mittal (@c0d3G33k)
Search URL Search Domain Scan URL
Title: Authentication Bypass
Search URL Search Domain Scan URL
Title: Rushiikesh (@u1tran00b)
Search URL Search Domain Scan URL
Title: Media deletion CSRF vulnerability on Instagram
Search URL Search Domain Scan URL
Title: Pouya Darabi (@Pouyadarabi)
Search URL Search Domain Scan URL
Title: Telegram (v4.9.155353) was rendering file:// links + opening them via NSWorkspace.open -> code execution.
Search URL Search Domain Scan URL
Title: $500
Search URL Search Domain Scan URL
Title: Reusing Cookies
Search URL Search Domain Scan URL
Title: HTML Injection to XSS bypass in [REDACTED.com]
Search URL Search Domain Scan URL
Title: Evan Ricafort (@evanricafort)
Search URL Search Domain Scan URL
Title: $150 XSS at Error Page of Respository Code
Search URL Search Domain Scan URL
Title: Google Chrome portal element fuzzing
Search URL Search Domain Scan URL
Title: Pawel Wylecial (@h0wlu)
Search URL Search Domain Scan URL
Title: HTTP Request Smuggling + IDOR
Search URL Search Domain Scan URL
Title: XSS like a Pro
Search URL Search Domain Scan URL
Title: Anas Mahmood (@AnasIsHere)
Search URL Search Domain Scan URL
Title: Dank Writeup On Broken Access Control On An Indian Startup
Search URL Search Domain Scan URL
Title: My first RCE: a tale of good ideas and good friends
Search URL Search Domain Scan URL
Title: rez0 (@rez0__)
Search URL Search Domain Scan URL
Title: How I turned Self XSS to Stored via CSRF
Search URL Search Domain Scan URL
Title: Hacking GitHub with Unicode’s dotless ‘i’
Search URL Search Domain Scan URL
Title: John Gracey (@jagracey)
Search URL Search Domain Scan URL
Title: XSS Stored On [ Outlook Web — Outlook Android App ]
Search URL Search Domain Scan URL
Title: ElMahdi Mrhassel (@ElMrhassel)
Search URL Search Domain Scan URL
Title: $2,400
Search URL Search Domain Scan URL
Title: Reflected XSS in graph.facebook.com leads to account takeover in IE/Edge
Search URL Search Domain Scan URL
Title: Getting access to disabled/hidden features with the help of Burpsuite Match and Replace settings
Search URL Search Domain Scan URL
Title: Johns Simon (@Johnssimon22)
Search URL Search Domain Scan URL
Title: How Did Tons of People Like Me on Tinder?
Search URL Search Domain Scan URL
Title: Mustafa iran (@Mustafaran)
Search URL Search Domain Scan URL
Title: Finding a security bug in Discord and what it taught me
Search URL Search Domain Scan URL
Title: Tristan Farkas (@TristanAtFarkas)
Search URL Search Domain Scan URL
Title: CORS Misconfiguration to Account TakeOver [Out of scope to grab items In-Scope]
Search URL Search Domain Scan URL
Title: Mashoud1122 (@mashoud1122)
Search URL Search Domain Scan URL
Title: The AccountTakeOver Killing Chain
Search URL Search Domain Scan URL
Title: أنس روبي (@xhzeem)
Search URL Search Domain Scan URL
Title: Exploiting padding oracles with fixed IVs
Search URL Search Domain Scan URL
Title: Teddy Katz (@not_aardvark)
Search URL Search Domain Scan URL
Title: IDOR via Websockets
Search URL Search Domain Scan URL
Title: Stories Of IDOR-Part 2
Search URL Search Domain Scan URL
Title: Shivbihari Pandey (@ninja_pandit_)
Search URL Search Domain Scan URL
Title: Disable Any Unconfirmed Account in Facebook
Search URL Search Domain Scan URL
Title: Lokesh Kumar (@lokeshdlk77)
Search URL Search Domain Scan URL
Title: 700$ Denial of Service(DoS) vulnerability in script-loader.php (CVE-2018-6389)
Search URL Search Domain Scan URL
Title: Pankaj Thakur (@Nep_1337_1998)
Search URL Search Domain Scan URL
Title: How I paid 2$ for a 1054$ XSS bug + 20 chars blind XSS payloads
Search URL Search Domain Scan URL
Title: Cracking reCAPTCHA, Turbo Intruder style
Search URL Search Domain Scan URL
Title: James Kettle (@albinowax)
Search URL Search Domain Scan URL
Title: Subdomain Takeover via Campaignmonitor.com
Search URL Search Domain Scan URL
Title: Mohamed Haron (@m7mdharon)
Search URL Search Domain Scan URL
Title: How I could delete Facebook Ask for Recommendations post’s place objects in comments
Search URL Search Domain Scan URL
Title: Raja Sudhakar (@Rajasudhakar)
Search URL Search Domain Scan URL
Title: Broken session management leads to bypass 2FA and Permanent access to Facebook user’s
Search URL Search Domain Scan URL
Title: Mahmoud Barakat (@0xBarakat)
Search URL Search Domain Scan URL
Title: Million Users PII Leak Data Leak
Search URL Search Domain Scan URL
Title: XSS in GMail’s AMP4Email via DOM Clobbering
Search URL Search Domain Scan URL
Title: Michał Bentkowski
Search URL Search Domain Scan URL
Title: This is How I was able to hunt a rare bug in a private program
Search URL Search Domain Scan URL
Title: My First Bug ($500)
Search URL Search Domain Scan URL
Title: Bypassing the patch for my previous Instagram bug.
Search URL Search Domain Scan URL
Title: Privilege Escalation with simple recon
Search URL Search Domain Scan URL
Title: Mayur Gupta (@RisingHunter_)
Search URL Search Domain Scan URL
Title: LDAP Admin Account Bypassed :)
Search URL Search Domain Scan URL
Title: Himanshu Pdy (@himanshu_pdy_01)
Search URL Search Domain Scan URL
Title: Authenticated CORS with Access-Control-Allow-Origin: *
Search URL Search Domain Scan URL
Title: BitK (@BitK_)
Search URL Search Domain Scan URL
Title: Chains on Chains!! Chaining several IDOR’s into Account Takeover(PART ONE)
Search URL Search Domain Scan URL
Title: Daniel Marte (@DanielM59720745)
Search URL Search Domain Scan URL
Title: Taking over Facebook Page Tabs
Search URL Search Domain Scan URL
Title: Sagar Tanur (@Sagarvd01)
Search URL Search Domain Scan URL
Title: [Server Side Request Forgery] Blind SSRF due to Sentry Misconfiguration
Search URL Search Domain Scan URL
Title: Kent Bayron (@bayronkentoy)
Search URL Search Domain Scan URL
Title: Command Injection Through BLH
Search URL Search Domain Scan URL
Title: Shankar R (@trapp3r_hat)
Search URL Search Domain Scan URL
Title: Mass XS-Search using Cache Attack
Search URL Search Domain Scan URL
Title: terjanq (@terjanq)
Search URL Search Domain Scan URL
Title: How I accidentally took down GitHub Actions
Search URL Search Domain Scan URL
Title: Bug Bounty: Broken API Authorization
Search URL Search Domain Scan URL
Title: How i Bought VPS, Hosting, Domain only $0.01
Search URL Search Domain Scan URL
Title: Keylogging users via Slack themes
Search URL Search Domain Scan URL
Title: Matt Langlois (@fletchto99)
Search URL Search Domain Scan URL
Title: My First SSRF Using DNS Rebinding
Search URL Search Domain Scan URL
Title: Marek Geleta (@marek_geleta)
Search URL Search Domain Scan URL
Title: DOM-Based XSS | Bug Bounty Writeup
Search URL Search Domain Scan URL
Title: HacknPentest (@HacknPentest)
Search URL Search Domain Scan URL
Title: BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! 😎
Search URL Search Domain Scan URL
Title: Akash Agrawal (@akashmagrawal)
Search URL Search Domain Scan URL
Title: How I Hacked Dutch Government in 5 Minutes? Twitter Account Takeover
Search URL Search Domain Scan URL
Title: Numan ÖZDEMİR (@numanozdemircom)
Search URL Search Domain Scan URL
Title: A simple post auth bypass leads to unauthorized web server access
Search URL Search Domain Scan URL
Title: Hein Thant Zin (@H3Lowr)
Search URL Search Domain Scan URL
Title: Bypassing GitHub’s OAuth flow
Search URL Search Domain Scan URL
Title: [bugbounty] A Simple SSRF
Search URL Search Domain Scan URL
Title: XSS will never die
Search URL Search Domain Scan URL
Title: Oleksandr Opanasiuk (@Lekssik2)
Search URL Search Domain Scan URL
Title: Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty
Search URL Search Domain Scan URL
Title: Sam Curry (@samwcyo)
Search URL Search Domain Scan URL
Title: Live Video facebook application (Android) its not expired when log out the device on https://www.facebook.com/settings?tab=security§ion=sessions&view
Search URL Search Domain Scan URL
Title: Naufal Septiadi
Search URL Search Domain Scan URL
Title: GraphQL introspection leads to sensitive data disclosure
Search URL Search Domain Scan URL
Title: 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
Search URL Search Domain Scan URL
Title: Cross Site Request Forgery Critical Exploitable IN Infected Site?
Search URL Search Domain Scan URL
Title: XSS to Account Takeover
Search URL Search Domain Scan URL
Title: [Leak] Can I take the user information, please?!!
Search URL Search Domain Scan URL
Title: How I hacked 50+ Companies in 6 hrs
Search URL Search Domain Scan URL
Title: Vignesh C (@pwn_r00t)
Search URL Search Domain Scan URL
Title: [Writeup — FB] Crash web — app through application form of job application pages
Search URL Search Domain Scan URL
Title: Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
Search URL Search Domain Scan URL
Title: How to Takover a ldap server.
Search URL Search Domain Scan URL
Title: Ashish Kunwar (@D0rkerDevil)
Search URL Search Domain Scan URL
Title: Session Expiration Bypass in Facebook Creator App
Search URL Search Domain Scan URL
Title: How I earned by finding confidential customer data including plain-text passwords!
Search URL Search Domain Scan URL
Title: Sushant Soni (@sushantsoni5392)
Search URL Search Domain Scan URL
Title: NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114]
Search URL Search Domain Scan URL
Title: Nightwatch Cybersecurity (@nightwatchcyber)
Search URL Search Domain Scan URL
Title: (POC) Disclose members in any closed Facebook group
Search URL Search Domain Scan URL
Title: [ BUG BOUNTY ] Flaw in Authentication ( Hall of Fame Google )
Search URL Search Domain Scan URL
Title: Danang Tri Atmaja (@danangtriatmj)
Search URL Search Domain Scan URL
Title: How PayPal helped me to generate XSS
Search URL Search Domain Scan URL
Title: Escalating Privileges like a Pro
Search URL Search Domain Scan URL
Title: Gaurav Narwani (@gauravnarwani97)
Search URL Search Domain Scan URL
Title: Hunting for bounties antihack.me case study
Search URL Search Domain Scan URL
Title: 0xSha (@0xsha)
Search URL Search Domain Scan URL
Title: Inf0rM@tion Disclosure via IDOR
Search URL Search Domain Scan URL
Title: 1-800-Flowers Credentials and message log leak via facebook.com/facebook
Search URL Search Domain Scan URL
Title: Philippe Harewood (@phwd)
Search URL Search Domain Scan URL
Title: How I was able to bypass OTP code requirement in Razer [The story of a critical bug]
Search URL Search Domain Scan URL
Title: Ananda Dhakal (@dhakal_ananda)
Search URL Search Domain Scan URL
Title: How I found RCE But Got Duplicated
Search URL Search Domain Scan URL
Title: [ Writeup — Bugbounty Facebook ] Disclosure the verified phone number in Checkpoint.
Search URL Search Domain Scan URL
Title: How I bypassed 2 Factor Authentication
Search URL Search Domain Scan URL
Title: Hemant Singh Manral
Search URL Search Domain Scan URL
Title: An inconsistent CSRF
Search URL Search Domain Scan URL
Title: Finding SQL injections fast with white-box analysis — a recent bug example
Search URL Search Domain Scan URL
Title: frycos (@frycos)
Search URL Search Domain Scan URL
Title: Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts.
Search URL Search Domain Scan URL
Title: Rohit kumar (@rohitcoder)
Search URL Search Domain Scan URL
Title: Bypass Uppercase filters like a PRO (XSS Advanced Methods)
Search URL Search Domain Scan URL
Title: How i Hacked BASF Company !!
Search URL Search Domain Scan URL
Title: Murtada Kamil
Search URL Search Domain Scan URL
Title: EXIF Geolocation Data Not Stripped From Uploaded Images
Search URL Search Domain Scan URL
Title: Sourav Newatia (@souravnewatia)
Search URL Search Domain Scan URL
Title: How “Recon” helped Samsung protect their production repositories of SamsungTv, eCommerce / eStores
Search URL Search Domain Scan URL
Title: Prateek Tiwari
Search URL Search Domain Scan URL
Title: From Multiple IDORs leading to Code Execution on a different Host Container
Search URL Search Domain Scan URL
Title: Rahul (@Rahul_R95)
Search URL Search Domain Scan URL
Title: How I made 1000$ with AT&T Bug Bounty(H1)
Search URL Search Domain Scan URL
Title: REST framework Admin Panel bypass and how I recon for this vulnerability
Search URL Search Domain Scan URL
Title: Aziz Hakim (@hackerb0y_)
Search URL Search Domain Scan URL
Title: GraphQL Introspection leads to Sensitive Data Disclosure.
Search URL Search Domain Scan URL
Title: How to get RCE on AEM instance without Java knowledge
Search URL Search Domain Scan URL
Title: byq (@ByQwert)
Search URL Search Domain Scan URL
Title: Stealing login credentials with Reflected XSS
Search URL Search Domain Scan URL
Title: mehulpanchal007 (@007_sharky)
Search URL Search Domain Scan URL
Title: One Way to Find Hidden IDOR Vulnerability
Search URL Search Domain Scan URL
Title: Vulkey_Chen (@Vulkey_Chen)
Search URL Search Domain Scan URL
Title: Bug Hunting: Xss On Cookie Popup Warning
Search URL Search Domain Scan URL
Title: vict0ni (@vict0ni)
Search URL Search Domain Scan URL
Title: Spear texting via parameter injection
Search URL Search Domain Scan URL
Title: Kyle (@B3nac)
Search URL Search Domain Scan URL
Title: XSS Is Love <3 !
Search URL Search Domain Scan URL
Title: Nirmal Dahal (@TheNittam)
Search URL Search Domain Scan URL
Title: Stories Of IDOR
Search URL Search Domain Scan URL
Title: OnePlus Open/Unvalidated Redirects & Forwards
Search URL Search Domain Scan URL
Title: Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure
Search URL Search Domain Scan URL
Title: Information Disclosure at PayPal and Xoom (PayPal Acquisition) via Simple Google Dork - 1,000 USD
Search URL Search Domain Scan URL
Title: YoKo Kho (@YoKoAcc)
Search URL Search Domain Scan URL
Title: ONEPLUS XSS vulnerability in Customer Support Portal
Search URL Search Domain Scan URL
Title: Fuzzing Till
Search URL Search Domain Scan URL
Title: Verneet (@err0rrrrr)
Search URL Search Domain Scan URL
Title: Broken Link Hijacking - s3 buckets
Search URL Search Domain Scan URL
Title: Tutorgeeks (@tutorgeeks)
Search URL Search Domain Scan URL
Title: [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE
Search URL Search Domain Scan URL
Title: [Case Study] OAuth Misconfiguration leads to Account Takeover
Search URL Search Domain Scan URL
Title: Gaurang Bhatnagar (@0xgaurang)
Search URL Search Domain Scan URL
Title: Facebook Workplace Privilege Escalation Vulnerability To Change The Post Privacy As Public
Search URL Search Domain Scan URL
Title: Guhan Raja (@havocgwen)
Search URL Search Domain Scan URL
Title: A Simple bypass of Registration Activation that Lead to many Bug -
Search URL Search Domain Scan URL
Title: Bug or Feature? GitHub Adventure #001
Search URL Search Domain Scan URL
Title: Dominik Opyd (@oad_earth)
Search URL Search Domain Scan URL
Title: Stored XSS on Zendesk via Macro’s PART 2
Search URL Search Domain Scan URL
Title: IDOR in One plus leads to leak User personal Info.
Search URL Search Domain Scan URL
Title: Aditya Sharma (@Assass1nmarcos)
Search URL Search Domain Scan URL
Title: How I able to Takeover 10 subdomains in a Private Program ?
Search URL Search Domain Scan URL
Title: Admin hijacked by Sea Surf Pirates
Search URL Search Domain Scan URL
Title: SSRF | Reading Local Files from DownNotifier server
Search URL Search Domain Scan URL
Title: Dr.FarFar (@3XS0)
Search URL Search Domain Scan URL
Title: RCE with Flask Jinja Template Injection
Search URL Search Domain Scan URL
Title: AkShAy KaTkAr (@AkShAy KaTkAr)
Search URL Search Domain Scan URL
Title: Client, not client!
Search URL Search Domain Scan URL
Title: Google Referer Leak Bug
Search URL Search Domain Scan URL
Title: Jayateertha G (@JayateerthaG)
Search URL Search Domain Scan URL
Title: How I found a simple and weird Account takeover bug
Search URL Search Domain Scan URL
Title: Bijan Murmu (@0xBijan)
Search URL Search Domain Scan URL
Title: OTP Manipulation
Search URL Search Domain Scan URL
Title: Kishan choudhary (@choudhary_1337)
Search URL Search Domain Scan URL
Title: Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)
Search URL Search Domain Scan URL
Title: I Could Have Hacked All Uber Accounts- But I Chose to Report it Instead
Search URL Search Domain Scan URL
Title: Anand Prakash (@sehacure)
Search URL Search Domain Scan URL
Title: How two dead accounts allowed remote crash of any instagram android user
Search URL Search Domain Scan URL
Title: Valerio brussani (@val_brux)
Search URL Search Domain Scan URL
Title: Unauthorized access to all user information leaks
Search URL Search Domain Scan URL
Title: C1h2e1 (@C1h2e11)
Search URL Search Domain Scan URL
Title: HTTP Request Smuggling CL.TE
Search URL Search Domain Scan URL
Title: memN0ps (@memN0ps)
Search URL Search Domain Scan URL
Title: Exploiting File Uploads Pt. 2 – A Tale of a $3k worth RCE.
Search URL Search Domain Scan URL
Title: HackerOn2Wheels (@HackerOn2Wheels)
Search URL Search Domain Scan URL
Title: Facebook employee internal tool and conversations leaked in Facebook video
Search URL Search Domain Scan URL
Title: How I could have hacked your Uber account
Search URL Search Domain Scan URL
Title: How does my recon win $250 in 15 minutes
Search URL Search Domain Scan URL
Title: Add users to roles on Facebook pages without an invitation consent
Search URL Search Domain Scan URL
Title: Pwn Them All #BugBounty
Search URL Search Domain Scan URL
Title: Bilal Khan (@bilalmerokhel)
Search URL Search Domain Scan URL
Title: Subscribe to the list of requesters to join a Facebook live video using MQTT
Search URL Search Domain Scan URL
Title: H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress
Search URL Search Domain Scan URL
Title: Julien Ahrens (@MrTuxracer)
Search URL Search Domain Scan URL
Title: Telegram addresses another privacy issue
Search URL Search Domain Scan URL
Title: Dhiraj (@RandomDhiraj)
Search URL Search Domain Scan URL
Title: Accessing 2 million Verizon Pay Monthly contracts
Search URL Search Domain Scan URL
Title: Daley Bee (@daley)
Search URL Search Domain Scan URL
Title: Oculus identity verification bypass through brute-force
Search URL Search Domain Scan URL
Title: karthik kumar reddy (@karthiksunny007)
Search URL Search Domain Scan URL
Title: XSS in Zoho Mail
Search URL Search Domain Scan URL
Title: Exploiting JSONP and Bypassing Referer Check
Search URL Search Domain Scan URL
Title: Write up of two HTTP Requests Smuggling
Search URL Search Domain Scan URL
Title: Finding Gem in Someone’s Report: Instant $500USD at HackerOne Platform
Search URL Search Domain Scan URL
Title: DOM Based XSS in Private Program
Search URL Search Domain Scan URL
Title: Readme.com Account Takeover
Search URL Search Domain Scan URL
Title: Ankush Goel (@0xankush)
Search URL Search Domain Scan URL
Title: Exposed Jenkins to RCE on 8 Adobe Experience Managers
Search URL Search Domain Scan URL
Title: Corben Leo (@hacker_)
Search URL Search Domain Scan URL
Title: Add new user with Admin permission and takeover the organization
Search URL Search Domain Scan URL
Title: Tarek Mohamed (@Conan0x3)
Search URL Search Domain Scan URL
Title: RCE using Path Traversal
Search URL Search Domain Scan URL
Title: inc0gbyt3 (@incogbyte)
Search URL Search Domain Scan URL
Title: HTML to PDF converter bug leads to RCE in Facebook server
Search URL Search Domain Scan URL
Title: Google Cloud Blog platform vulnerability
Search URL Search Domain Scan URL
Title: Alexandru Coltuneac (@dekeeu)
Search URL Search Domain Scan URL
Title: Graphql Bug to Steal Anyone’s Address
Search URL Search Domain Scan URL
Title: My First LFI
Search URL Search Domain Scan URL
Title: Tirtha Mandal (@tirtha_mandal)
Search URL Search Domain Scan URL
Title: Shodan is your friend!!! If you ignore him you will lose many…
Search URL Search Domain Scan URL
Title: How to look for JS files Vulnerability for fun and profit?
Search URL Search Domain Scan URL
Title: Private bug bounty ,$ USD: “RCE as root on Marathon-Mesos instance”
Search URL Search Domain Scan URL
Title: @omespino
Search URL Search Domain Scan URL
Title: How I Hacked Instagram Again
Search URL Search Domain Scan URL
Title: Laxman Muthiyah (@LaxmanMuthiyah)
Search URL Search Domain Scan URL
Title: Bug Bounty: Bypassing a crappy WAF to exploit a blind SQL injection
Search URL Search Domain Scan URL
Title: Robin Verton (@robinverton)
Search URL Search Domain Scan URL
Title: Create living room polls as a Facebook page analyst
Search URL Search Domain Scan URL
Title: From Github Recon To Account Takeover
Search URL Search Domain Scan URL
Title: Dipak kumar Das (@d1pakdas)
Search URL Search Domain Scan URL
Title: Cookie worth a fortune
Search URL Search Domain Scan URL
Title: One Bug To Rule Them All: Modern Android Password Managers and FLAG_SECURE Misuse
Search URL Search Domain Scan URL
Title: Rights Manager Graph API Disclosure of business employee to non business employee
Search URL Search Domain Scan URL
Title: Jafar Abo Nada (@Jafar_Abo_Nada)
Search URL Search Domain Scan URL
Title: Instagram account is reactivated without entering 2FA ($500)
Search URL Search Domain Scan URL
Title: Aman Shahid (@amansmughal)
Search URL Search Domain Scan URL
Title: Sending Message as page being an analyst/ advertiser?
Search URL Search Domain Scan URL
Title: How I made my first $$$ from finding a bug in Facebook
Search URL Search Domain Scan URL
Title: Aayush Pokhrel (@aayushpok)
Search URL Search Domain Scan URL
Title: How I upgraded my privileges to the administrator of Odnoklassniki’s url shortener
Search URL Search Domain Scan URL
Title: Sergey Kashatov (@iframe0x01)
Search URL Search Domain Scan URL
Title: Facebook Bug Bounty: Reading WhatsApp contacts list without unlocking the device
Search URL Search Domain Scan URL
Title: U.S. Department of Defense - Info Disclosure and SQLi Writeup
Search URL Search Domain Scan URL
Title: Aaron Esau (@arinerron)
Search URL Search Domain Scan URL
Title: Removing profile pictures for any Facebook user
Search URL Search Domain Scan URL
Title: How I was able to earn 1000$ with just 10 minutes of bug bounty?
Search URL Search Domain Scan URL
Title: Ninad Mathpati (@ninad_mathpati)
Search URL Search Domain Scan URL
Title: ByPassing fix of Domain Blocking feature in Business Manager
Search URL Search Domain Scan URL
Title: Facebook Messenger exposing deleted messages using [Remove for Everyone]
Search URL Search Domain Scan URL
Title: Renwa
Search URL Search Domain Scan URL
Title: BookMyShow account takeover using social login
Search URL Search Domain Scan URL
Title: Sukhmeet Singh (@MadGuyyy)
Search URL Search Domain Scan URL
Title: [Business Logic] Bypassing Nickname Feature
Search URL Search Domain Scan URL
Title: [Business Logic Bug] Bypassing Nickname Feature
Search URL Search Domain Scan URL
Title: BugBounty WriteUp — take attention and get Stored XSS
Search URL Search Domain Scan URL
Title: How I XSSed Admin Account
Search URL Search Domain Scan URL
Title: SSRF Vulnerability in https://app.[REDACTED].com
Search URL Search Domain Scan URL
Title: Reporting - Amazon 1 click device XSS
Search URL Search Domain Scan URL
Title: Sneakerhax (@sneakerhax)
Search URL Search Domain Scan URL
Title: Clickjacking DOM XSS on Google.org
Search URL Search Domain Scan URL
Title: Thomas Orlita (@ThomasOrlita)
Search URL Search Domain Scan URL
Title: Application Level Denial of Service [DoS] using SVG file in https://[REDACTED].com (Write Up)
Search URL Search Domain Scan URL
Title: Two Easy RCE in Atlassian Products
Search URL Search Domain Scan URL
Title: Read other user support tickets in https://support..com (Write Up)
Search URL Search Domain Scan URL
Title: Privilege Escalation using Api endpoint
Search URL Search Domain Scan URL
Title: Ronak Patel (@ronak_9889)
Search URL Search Domain Scan URL
Title: Writing my Medium blog to complete account takeover
Search URL Search Domain Scan URL
Title: Rotem Reiss (@rotem_reiss)
Search URL Search Domain Scan URL
Title: Exploiting Out Of Band XXE using internal network and php wrappers
Search URL Search Domain Scan URL
Title: Mahmoud Gamal (@Zombiehelp54)
Search URL Search Domain Scan URL
Title: BugBounty WriteUp — Creative thinking is our everything (Race Condition + Business Logic Error)
Search URL Search Domain Scan URL
Title: Stored XSS on LaporBug.id
Search URL Search Domain Scan URL
Title: rizal (@sayadarijawa)
Search URL Search Domain Scan URL
Title: Vulnerability in Hangouts Chat: from open redirect to code execution
Search URL Search Domain Scan URL
Title: Leveraging AngularJS-based XSS to Privilege Escalation
Search URL Search Domain Scan URL
Title: Shawar Khan (@ShawarkOFFICIAL)
Search URL Search Domain Scan URL
Title: How I Found XSS By Searching In Shodan
Search URL Search Domain Scan URL
Title: D1vy4n5hu 5hukl4 (@justm0rph3u5)
Search URL Search Domain Scan URL
Title: No Rate limiting eligible for bounty ?
Search URL Search Domain Scan URL
Title: From Sub domain Takeover to Open-Redirect
Search URL Search Domain Scan URL
Title: Anil Tom (mr_4nk)
Search URL Search Domain Scan URL
Title: One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies!
Search URL Search Domain Scan URL
Title: Avinash Jain (@logicbomb_1)
Search URL Search Domain Scan URL
Title: Bypassing CORS
Search URL Search Domain Scan URL
Title: Complete information disclosure using Broken Access Control
Search URL Search Domain Scan URL
Title: Download predictions details of ads plans of any business.
Search URL Search Domain Scan URL
Title: Internal path disclosure in Instagram server
Search URL Search Domain Scan URL
Title: Access portal of Facebook mobile retailers and see earnings and referrals reports.
Search URL Search Domain Scan URL
Title: View orders and financial reports lists for any page shop.
Search URL Search Domain Scan URL
Title: Bypassing CORS
Search URL Search Domain Scan URL
Title: Saad Ahmed (@XSaadAhmedX)
Search URL Search Domain Scan URL
Title: RCE in Ruby using Mustache Templates
Search URL Search Domain Scan URL
Title: Rhys Elsmore (@rhyselsmore)
Search URL Search Domain Scan URL
Title: Reposted [2017]: LinkedIn Hacker’s Experience
Search URL Search Domain Scan URL
Title: Reposted [2019]: Hacking YouTube for #fun and #profit
Search URL Search Domain Scan URL
Title: Paypal bug $10K - All Secondary users account takeover leads to unauthorized money transfer from paypal business accounts
Search URL Search Domain Scan URL
Title: Mohd haji (@mohdhaji24)
Search URL Search Domain Scan URL
Title: SQL Injection in private-site.com/login.php
Search URL Search Domain Scan URL
Title: 1st Bounty Story | Rewarded 300$ (IDOR)
Search URL Search Domain Scan URL
Title: Story of an IDOR via Email
Search URL Search Domain Scan URL
Title: Old GitHub Profile Takeover!
Search URL Search Domain Scan URL
Title: Chaining Cache Poisoning To Stored XSS
Search URL Search Domain Scan URL
Title: Rohan aggarwal (@nahoragg)
Search URL Search Domain Scan URL
Title: Solr Injection by abusing Local Parameters on Zomato.com
Search URL Search Domain Scan URL
Title: Story about Facebook Oauth Account Takeover
Search URL Search Domain Scan URL
Title: Facebook BugBounty: Tale of an Instagram bug disclosing user’s phone number via checkpoint
Search URL Search Domain Scan URL
Title: Full Account Takeover via Changing Email And Password of any User through API Parameters
Search URL Search Domain Scan URL
Title: Price Parameter Tampering On Bukalapak
Search URL Search Domain Scan URL
Title: Apapedulimu (@LocalHost31337)
Search URL Search Domain Scan URL
Title: How I found the most critical bug in live bug bounty event?
Search URL Search Domain Scan URL
Title: Lakshay (@inn0c3ntd3v1L)
Search URL Search Domain Scan URL
Title: XSS to RCE in …
Search URL Search Domain Scan URL
Title: Hungry Bytes (@hungrybytes)
Search URL Search Domain Scan URL
Title: Disclose any main and 3rd party contributors email address and movie local path thru XML file in Plex TV - plex.tv (Write Up)
Search URL Search Domain Scan URL
Title: XX to XXX in one day
Search URL Search Domain Scan URL
Title: Pwning child company to get access to ParentCompany’s Slack Team
Search URL Search Domain Scan URL
Title: Parth Malhotra (@Parth_Malhotra)
Search URL Search Domain Scan URL
Title: XSS On Twitter [Worth 1120$]
Search URL Search Domain Scan URL
Title: Bywalks (@bywalkss)
Search URL Search Domain Scan URL
Title: Reflected XSS in Ebay.com
Search URL Search Domain Scan URL
Title: Subscribe to typing notifications for any Instagram user
Search URL Search Domain Scan URL
Title: Not a fancy bug, just HTML Injection in Clause - clause.io (Write Up)
Search URL Search Domain Scan URL
Title: Shopping Products For Free- Parameter Tampering Vulnerability
Search URL Search Domain Scan URL
Title: Exploiting a Tricky Blind SQL Injection inside LIMIT clause
Search URL Search Domain Scan URL
Title: Rahul Maini
Search URL Search Domain Scan URL
Title: Get Page Inbox notifications for any Facebook page
Search URL Search Domain Scan URL
Title: Microsoft ID Open Redirect
Search URL Search Domain Scan URL
Title: Microsoft Office 365 - Outlook XSS
Search URL Search Domain Scan URL
Title: SQL Injection in Forget Password Function
Search URL Search Domain Scan URL
Title: How to lock a GitHub user out of their repos (bug or feature?)
Search URL Search Domain Scan URL
Title: Сookie-based XSS exploitation | $2300 Bug Bounty story
Search URL Search Domain Scan URL
Title: Max (@iSecMax)
Search URL Search Domain Scan URL
Title: Account Takeover Vulnerability :)
Search URL Search Domain Scan URL
Title: Sumit Jain (@sumit_cfe)
Search URL Search Domain Scan URL
Title: How Recon helped me to to find a Facebook domain takeover
Search URL Search Domain Scan URL
Title: Facebook Informative Bug From Triaged
Search URL Search Domain Scan URL
Title: CSRF Email Confirmation Vulnerability for Gmail & G-Suite in Facebook
Search URL Search Domain Scan URL
Title: Bypass CSRF With ClickJacking Worth $1250
Search URL Search Domain Scan URL
Title: What do Netcat, SMTP and self XSS have in common? Stored XSS
Search URL Search Domain Scan URL
Title: Plenum (@plenumlab)
Search URL Search Domain Scan URL
Title: How I Could Get The Instagram Username of Anyone on Tinder
Search URL Search Domain Scan URL
Title: The Bugs Are Out There, Hiding in Plain Sight
Search URL Search Domain Scan URL
Title: A Bug’z Life (@abugzlife1)
Search URL Search Domain Scan URL
Title: 500$ bounty: Man in the Middle on Slack
Search URL Search Domain Scan URL
Title: Wiard van Rij / Sysrant (@RijWiard)
Search URL Search Domain Scan URL
Title: Facebook Bug : Sending messages as a page with jobmanager permission
Search URL Search Domain Scan URL
Title: Devansh batham (@devanshwolf)
Search URL Search Domain Scan URL
Title: [TOKOPEDIA] Site-wide CSRF through GraphQL request
Search URL Search Domain Scan URL
Title: Rafie Muhammad (@rafiem777)
Search URL Search Domain Scan URL
Title: How I Could Have Hacked Any Instagram Account
Search URL Search Domain Scan URL
Title: Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program
Search URL Search Domain Scan URL
Title: Hacking intoTinder’s Premium Model
Search URL Search Domain Scan URL
Title: Sanskar Jethi (@sansyrox)
Search URL Search Domain Scan URL
Title: Account takeover on Airbnb acquisition | An Unusual Bug Part-2 🐛
Search URL Search Domain Scan URL
Title: PRince CHaddha (@princechaddha)
Search URL Search Domain Scan URL
Title: Facebook Bug bounty page admin disclose bug {Facebook Android app}
Search URL Search Domain Scan URL
Title: Yusuf Furkan (@h1_yusuf)
Search URL Search Domain Scan URL
Title: XSS on Google Custom Search Engine
Search URL Search Domain Scan URL
Title: KL Sreeram (@kl_sree)
Search URL Search Domain Scan URL
Title: Story of my Biggest Bounty ever : Command Execution on Jenkin
Search URL Search Domain Scan URL
Title: Jay Jani (@JayJani007)
Search URL Search Domain Scan URL
Title: SQL Injection Bug Bounty POC!
Search URL Search Domain Scan URL
Title: Tale of account takeover — Sensitive info Disclosure + Broken Access Control
Search URL Search Domain Scan URL
Title: Md Saqib (@sakyb7)
Search URL Search Domain Scan URL
Title: OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect
Search URL Search Domain Scan URL
Title: Evgeniy Yakovchuk (@h1_sp1d3r)
Search URL Search Domain Scan URL
Title: A malicious editor of a page can support to a community action which can’t be unsupported by the admin!
Search URL Search Domain Scan URL
Title: Information Disclosure via Misconfigured AWS to AWS Bucket Takeover
Search URL Search Domain Scan URL
Title: Cleartext password in LocalStorage (Writeup)
Search URL Search Domain Scan URL
Title: Blind (time-based) SQLi - Bug Bounty
Search URL Search Domain Scan URL
Title: Facebook Vulnerability: Unremovable Co-Host in facebook page events
Search URL Search Domain Scan URL
Title: Account Takeover Using CSRF(json-based)
Search URL Search Domain Scan URL
Title: shub rathore (@shub66452)
Search URL Search Domain Scan URL
Title: Story of a stored xss to full account takeover vulnerability(N/A to accepted)
Search URL Search Domain Scan URL
Title: Jatin Aesthetic (@techyfreakk)
Search URL Search Domain Scan URL
Title: Finding hidden gems vol. 4: Rakefile a.k.a. how to get AWS keys again
Search URL Search Domain Scan URL
Title: Mateusz Olejarka
Search URL Search Domain Scan URL
Title: Yeah! I got P2 in 1 minute - Stored XSS via Markdown Editor
Search URL Search Domain Scan URL
Title: Injecting {{6*200}} to $1200
Search URL Search Domain Scan URL
Title: Another Download Protection Bypass in Google Chrome – BIN files in Mac OS
Search URL Search Domain Scan URL
Title: How I escalated RFI into LFI
Search URL Search Domain Scan URL
Title: Hassan Khan Yusufzai (@Splint3r7)
Search URL Search Domain Scan URL
Title: Accidental IDOR
Search URL Search Domain Scan URL
Title: Stored XSS on Indeed
Search URL Search Domain Scan URL
Title: One more Parameter manipulation bug (🤑)
Search URL Search Domain Scan URL
Title: Kanchan Singh Yadav (@KanchanSingh0)
Search URL Search Domain Scan URL
Title: Facebook BugBounty : Short story on Page admin disclosure
Search URL Search Domain Scan URL
Title: Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution
Search URL Search Domain Scan URL
Title: Reegun J (@reegun21)
Search URL Search Domain Scan URL
Title: Gain adfly SMTP access with SSRF via Gopher Protocol
Search URL Search Domain Scan URL
Title: View Facebook payouts for any Facebook Trivia Game
Search URL Search Domain Scan URL
Title: 1-Click Account Takeover in Virgool.io — a Nice Case Study
Search URL Search Domain Scan URL
Title: Yasho (@YShahinzadeh)
Search URL Search Domain Scan URL
Title: CORS To CSRF Attack
Search URL Search Domain Scan URL
Title: Toggle Group Rules Agreement as a non-member
Search URL Search Domain Scan URL
Title: Sensitive Information Disclosure: Web Cache Deception Attack
Search URL Search Domain Scan URL
Title: Wasim Shaikh (@Wa_sim_sim)
Search URL Search Domain Scan URL
Title: Download .arexport files for any public AR Studio Effect
Search URL Search Domain Scan URL
Title: CSV injection at Comment Section.
Search URL Search Domain Scan URL
Title: Password Reset Vulnerability — Full Account takeover (Insecure Direct Object Reference)
Search URL Search Domain Scan URL
Title: Page Admin Disclosure | Facebook Bug Bounty 2019
Search URL Search Domain Scan URL
Title: How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105
Search URL Search Domain Scan URL
Title: Bryan Appleby (@bryapp)
Search URL Search Domain Scan URL
Title: Catching support emails from my internet service provider
Search URL Search Domain Scan URL
Title: $1800 worth Clickjacking
Search URL Search Domain Scan URL
Title: About a Sucuri RCE…and How Not to Handle Bug Bounty Reports
Search URL Search Domain Scan URL
Title: IDOR: Payment Fraud
Search URL Search Domain Scan URL
Title: Vibhurushi Chotaliya (@Vibhurushi)
Search URL Search Domain Scan URL
Title: Self XSS To Evil XSS
Search URL Search Domain Scan URL
Title: A Fight For Duplicate Marked Bug: Story of BBC Hall Of Fame
Search URL Search Domain Scan URL
Title: How a classical XSS can lead to persistent ATO Vulnerability?
Search URL Search Domain Scan URL
Title: Milind Purswani (@MilindPurswani)
Search URL Search Domain Scan URL
Title: Yash Sodha (@y_sodha)
Search URL Search Domain Scan URL
Title: Facebook Vulnerability: Unremovable Co-Host in facebook group events
Search URL Search Domain Scan URL
Title: Account Takeover with Clickjacking
Search URL Search Domain Scan URL
Title: XSS Filter Evasion
Search URL Search Domain Scan URL
Title: m0z (@LooseSecurity)
Search URL Search Domain Scan URL
Title: Business user Employees could have applied block list to all ad accounts listed in the business manager.
Search URL Search Domain Scan URL
Title: Reflected XSS in Tokopedia Train Ticket
Search URL Search Domain Scan URL
Title: Jon Bottarini (@jon_bottarini)
Search URL Search Domain Scan URL
Title: Using Burp Suite match and replace settings to escalate your user privileges and find hidden features
Search URL Search Domain Scan URL
Title: Parameter Pollution issue in API resulting $XXX
Search URL Search Domain Scan URL
Title: SQl Injection
Search URL Search Domain Scan URL
Title: Bypassing XSS filter and Stealing User Payment Data
Search URL Search Domain Scan URL
Title: Password Bypass and Something Else…
Search URL Search Domain Scan URL
Title: How I earned $1,500 in just 15 mins due to Amazon S3 bucket misconfiguration?
Search URL Search Domain Scan URL
Title: Account Takeover Worth $900
Search URL Search Domain Scan URL
Title: Stealing Cookies to Login in any Account
Search URL Search Domain Scan URL
Title: Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion
Search URL Search Domain Scan URL
Title: Λявєη (@spenkkkkk)
Search URL Search Domain Scan URL
Title: Çlirim Emini (@0xcela)
Search URL Search Domain Scan URL
Title: Complete Web Server Access
Search URL Search Domain Scan URL
Title: Fullscreen API Attack’s Revisited and the FaceBook NA Story
Search URL Search Domain Scan URL
Title: XSSing Google Employees — Blind XSS on googleplex.com
Search URL Search Domain Scan URL
Title: Admin Account total Information Disclosure
Search URL Search Domain Scan URL
Title: Nishant Saurav (@inishantsinha)
Search URL Search Domain Scan URL
Title: IDOR — Account Takeover
Search URL Search Domain Scan URL
Title: How spending our Saturday hacking earned us 20k
Search URL Search Domain Scan URL
Title: Matti Bijnens (@MattiBijnens)
Search URL Search Domain Scan URL
Title: Chaining Improper Authorization To Race Condition To Harvest Credit Card Details : A Bug Bounty Story
Search URL Search Domain Scan URL
Title: Mandeep Jadon (@1337tr0lls)
Search URL Search Domain Scan URL
Title: Redstrom Denial Of Service — Write Up
Search URL Search Domain Scan URL
Title: Reflected XSS on Error Page
Search URL Search Domain Scan URL
Title: Facebook Vulnerability: Non-unfriendable user in /hacked workflow
Search URL Search Domain Scan URL
Title: Account takeover using IDOR and the misleading case of error 403.
Search URL Search Domain Scan URL
Title: IDOR Leads To Project Takeover
Search URL Search Domain Scan URL
Title: Don’t underestimates the Errors They can provide good $$$ Bounty!
Search URL Search Domain Scan URL
Title: How I was able to get private ticket response panel and FortiGate web panel via blind XSS
Search URL Search Domain Scan URL
Title: Microsoft Edge Extensions Host Permission Bypass (CVE-2019-0678)
Search URL Search Domain Scan URL
Title: Unicode vs WAF — XSS WAF Bypass
Search URL Search Domain Scan URL
Title: Prial Islam Khan (@prial261)
Search URL Search Domain Scan URL
Title: Bypassing CSP with policy injection
Search URL Search Domain Scan URL
Title: Gareth Heyes (@garethheyes)
Search URL Search Domain Scan URL
Title: REMOTE CODE EXECUTION ! 😜 Recon Wins
Search URL Search Domain Scan URL
Title: Chaining multiple low-impact bugs to arbitrary file read in GitLab
Search URL Search Domain Scan URL
Title: Li Rongxi (@nyan_gawa)
Search URL Search Domain Scan URL
Title: Simple PathTraversal bypass
Search URL Search Domain Scan URL
Title: Missing access control at play store
Search URL Search Domain Scan URL
Title: Vishwaraj Bhattrai (@vishwaraj101)
Search URL Search Domain Scan URL
Title: The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise
Search URL Search Domain Scan URL
Title: Story of a uri based xss with some simple google dorking
Search URL Search Domain Scan URL
Title: Edmodo Account Deactivation Vulnerability
Search URL Search Domain Scan URL
Title: My First CSRF to Account Takeover worth $750
Search URL Search Domain Scan URL
Title: Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS #bugbounty
Search URL Search Domain Scan URL
Title: Stored XSS on Edmodo
Search URL Search Domain Scan URL
Title: Rohit Verma (@rv0x00)
Search URL Search Domain Scan URL
Title: Source Code disclose Vulnerability
Search URL Search Domain Scan URL
Title: Mohamed R. Serwah (@mohamedrserwah)
Search URL Search Domain Scan URL
Title: An unexploited CORS misconfiguration reflecting further issues.
Search URL Search Domain Scan URL
Title: How did I bypass a Custom Brute Force protection and why that solution is not a good idea?
Search URL Search Domain Scan URL
Title: Disclose files content from Facebook internal CDNs
Search URL Search Domain Scan URL
Title: Google bug bounty: LFI on production servers in “springboard.google.Com” — $13,337 USD
Search URL Search Domain Scan URL
Title: Multiple API issues due to Fixed Authorization token.
Search URL Search Domain Scan URL
Title: Mustafa Khan (@by6153)
Search URL Search Domain Scan URL
Title: From file upload to email:pass
Search URL Search Domain Scan URL
Title: Security assessment on the staging domains
Search URL Search Domain Scan URL
Title: How I acquired $XXX bounty by investing 99 cents
Search URL Search Domain Scan URL
Title: Escalating subdomain takeovers to steal cookies by abusing document.domain
Search URL Search Domain Scan URL
Title: Ameya (@iamTakeMyHand)
Search URL Search Domain Scan URL
Title: Determine a Facebook user from an email address
Search URL Search Domain Scan URL
Title: Google Adwords(Privilege Escalation): Read-only user able to add YouTube channels via Linked accounts
Search URL Search Domain Scan URL
Title: Local File Inclusion in peering.google.com
Search URL Search Domain Scan URL
Title: $3,133.7
Search URL Search Domain Scan URL
Title: Leaking OpenID tokens with “ — the bug right infront of you
Search URL Search Domain Scan URL
Title: WRITE UP – GOOGLE BUG BOUNTY: LFI ON PRODUCTION SERVERS in “springboard.google.com” – $13,337 USD
Search URL Search Domain Scan URL
Title: Open-redirect to Account Takeover.
Search URL Search Domain Scan URL
Title: Rishabh (@__cypher__)
Search URL Search Domain Scan URL
Title: A base64 encoded parameter.
Search URL Search Domain Scan URL
Title: XSSed my way to 1000$
Search URL Search Domain Scan URL
Title: Stealing Downloads from Slack Users
Search URL Search Domain Scan URL
Title: Bypassing Instagram’s stories restriction
Search URL Search Domain Scan URL
Title: ‘Try-Harder’ for XSS
Search URL Search Domain Scan URL
Title: Frans Hendrik Botes (@initroott)
Search URL Search Domain Scan URL
Title: From parameter pollution to XSS
Search URL Search Domain Scan URL
Title: You do not need to run 80 reconnaissance tools to get access to user accounts
Search URL Search Domain Scan URL
Title: Stefano Vettorazzi (@stefanohablando)
Search URL Search Domain Scan URL
Title: Is MIME Sniffing XSS a real thing? [The story of weird Google bug bounties]
Search URL Search Domain Scan URL
Title: Think Outside the Scope: Advanced CORS Exploitation Techniques
Search URL Search Domain Scan URL
Title: Ayoub (@sandh0t)
Search URL Search Domain Scan URL
Title: Stored XSS on Techprofile Microsoft
Search URL Search Domain Scan URL
Title: BLIND SSRF in *.stripe.com due to Sentry Misconfiguration
Search URL Search Domain Scan URL
Title: Oktavandi (@0ktavandi)
Search URL Search Domain Scan URL
Title: 4x CSRFs Chained For Company Account Takeover
Search URL Search Domain Scan URL
Title: pcextreme.nl fake bug bounty
Search URL Search Domain Scan URL
Title: Daniel Maksimovic
Search URL Search Domain Scan URL
Title: SQL injection through User-Agent
Search URL Search Domain Scan URL
Title: Subdomain takeover [Awarded $200]
Search URL Search Domain Scan URL
Title: Friendly (@SkeletorKeys)
Search URL Search Domain Scan URL
Title: Server Side Request Forgery(SSRF){port issue hidden approch }
Search URL Search Domain Scan URL
Title: Deepak Holani (@w_hat_boy)
Search URL Search Domain Scan URL
Title: Tale of a Wormable Twitter XSS
Search URL Search Domain Scan URL
Title: @0xSobky
Search URL Search Domain Scan URL
Title: Why You Shouldn’t Use a Password Manager For Your Linode Account
Search URL Search Domain Scan URL
Title: XSS attacks on Googlebot allow search index manipulation
Search URL Search Domain Scan URL
Title: Remote code execution On Microsoft edge using URL Protocol
Search URL Search Domain Scan URL
Title: Matt harr0ey (@harr0ey)
Search URL Search Domain Scan URL
Title: From NA to $3000 : Facebook’s URL spoofing vulnerability
Search URL Search Domain Scan URL
Title: Rahul Kankrale (@RahulKankrale)
Search URL Search Domain Scan URL
Title: From Reflected XSS to Account Takeover — Showing XSS Impact
Search URL Search Domain Scan URL
Title: Don’t Follow The Masses: Bug Hunting in JavaScript Engines
Search URL Search Domain Scan URL
Title: Dimitri Fourny (@dimitrifourny)
Search URL Search Domain Scan URL
Title: Two-Factor Authentication Bypass
Search URL Search Domain Scan URL
Title: Broken Access: Posting to Google private groups through any user in the group
Search URL Search Domain Scan URL
Title: Elber Andre (@Elber333)
Search URL Search Domain Scan URL
Title: Denial of Service using Cookie Bombing
Search URL Search Domain Scan URL
Title: How to bypass a 2FA with a HTTP header
Search URL Search Domain Scan URL
Title: for PayPal security team,“get user balances and transaction details” is not a vulnerability!
Search URL Search Domain Scan URL
Title: Todaro (@tod4ro)
Search URL Search Domain Scan URL
Title: Missing Authorization check while deleting App Review for Marketing API
Search URL Search Domain Scan URL
Title: Stealing local storage data through XSS
Search URL Search Domain Scan URL
Title: Harshad Gaikwad (@h4rsh4d)
Search URL Search Domain Scan URL
Title: The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise!
Search URL Search Domain Scan URL
Title: CSRF Attack can lead to Stored XSS
Search URL Search Domain Scan URL
Title: Mohamed Sayed (@FlEx0Geek)
Search URL Search Domain Scan URL
Title: A picture that steals data
Search URL Search Domain Scan URL
Title: Getting access to Zendesk’s Google Cloud and Artifactory from GitHub dotfile repos
Search URL Search Domain Scan URL
Title: Ruby Nealon (@_ruby)
Search URL Search Domain Scan URL
Title: Facebook’s Burglary Shopping List
Search URL Search Domain Scan URL
Title: John Moss (@x41x41x41)
Search URL Search Domain Scan URL
Title: The neglected bug that can infect All Facebook users who pay for leads ads.
Search URL Search Domain Scan URL
Title: Yet Other Examples of Abusing CSRF in Logout
Search URL Search Domain Scan URL
Title: Soroush Dalili (@irsdl)
Search URL Search Domain Scan URL
Title: [XSS] Reflected XSS Bypass Filter
Search URL Search Domain Scan URL
Title: Disclose the content of internal Facebook Javascript modules.
Search URL Search Domain Scan URL
Title: Ssrf to Read Local Files and Abusing the AWS metadata
Search URL Search Domain Scan URL
Title: [CONFIRMATION BYPASS ]
Search URL Search Domain Scan URL
Title: Twitter - protected tweets exposure
Search URL Search Domain Scan URL
Title: Responsible disclosure: improper access control in Gitlab private project.
Search URL Search Domain Scan URL
Title: Riccardo Padovani (@rpadovani93)
Search URL Search Domain Scan URL
Title: Scary Tickets😨
Search URL Search Domain Scan URL
Title: Uranium238 (@uraniumhacker)
Search URL Search Domain Scan URL
Title: PDFReacter SSRF to ROOT Level Local File Read which led to RCE
Search URL Search Domain Scan URL
Title: Armaan Pathan (@armaancrockroax)
Search URL Search Domain Scan URL
Title: Code execution - Evernote
Search URL Search Domain Scan URL
Title: Dhiraj (@mishradhiraj_)
Search URL Search Domain Scan URL
Title: How I was able to Bypass XSS Protection on HackerOne’s Private Program
Search URL Search Domain Scan URL
Title: Banner Grabbing to DoS and Memory Corruption
Search URL Search Domain Scan URL
Title: A $5000 IDOR…
Search URL Search Domain Scan URL
Title: Mr.Hacker (@mr_hacker0007)
Search URL Search Domain Scan URL
Title: How i found credential enriched redis dump
Search URL Search Domain Scan URL
Title: Just 5 minute to get my 2nd stored XSS on Edmodo.com
Search URL Search Domain Scan URL
Title: ZishanAdThandar (@ZishanAdThandar)
Search URL Search Domain Scan URL
Title: How I hacked Vending Machine
Search URL Search Domain Scan URL
Title: Google Groups Authorization Bypass
Search URL Search Domain Scan URL
Title: The Outlook Winner is Dash
Search URL Search Domain Scan URL
Title: marcan2020 (@marcan2020)
Search URL Search Domain Scan URL
Title: How I gained access to revenue and traffic data of thousands of Shopify stores
Search URL Search Domain Scan URL
Title: Ayoub Fathi (@ayoubfathi)
Search URL Search Domain Scan URL
Title: Web Cache Deception to API endpoint attack using cached token header
Search URL Search Domain Scan URL
Title: Kunal pandey (@kunalp94)
Search URL Search Domain Scan URL
Title: [RCE] Remote code execution at api.PrivateProgram.com (CVE-2017-5638)
Search URL Search Domain Scan URL
Title: Unauthenticated Account Takeover Through HTTP Leak
Search URL Search Domain Scan URL
Title: Nik srivastava (@niksthehacker)
Search URL Search Domain Scan URL
Title: Account Takeover by chaining two vulnerabilities.
Search URL Search Domain Scan URL
Title: Multiple xss in *.skype.com
Search URL Search Domain Scan URL
Title: Multiple xss in *.skype.com (2)
Search URL Search Domain Scan URL
Title: Spokeo Bug bounty Experience
Search URL Search Domain Scan URL
Title: Nur A Alam Dipu
Search URL Search Domain Scan URL
Title: Dell KACE K1000 Remote Code Execution — the Story of Bug K1–18652
Search URL Search Domain Scan URL
Title: SSRF Tips: SSRF/XSPA in Microsoft’s Bing Webmaster Central
Search URL Search Domain Scan URL
Title: Obtaining XSS Using Moodle Features and Minor Bugs
Search URL Search Domain Scan URL
Title: XSS “403 forbidden” bypass (Akamai Security )write up
Search URL Search Domain Scan URL
Title: How I got a trip to amsterdam through bug bounty
Search URL Search Domain Scan URL
Title: Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice
Search URL Search Domain Scan URL
Title: Email content spoofing at IKEA.com
Search URL Search Domain Scan URL
Title: Jonathan Bouman (@JonathanBouman)
Search URL Search Domain Scan URL
Title: Edmodo — IDOR to view private files of any class
Search URL Search Domain Scan URL
Title: Rohan Pagey (@rohan_x3)
Search URL Search Domain Scan URL
Title: Scary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack Hackers
Search URL Search Domain Scan URL
Title: Google Ads — Information Disclosure via null pointer exception
Search URL Search Domain Scan URL
Title: Handlebars template injection and RCE in a Shopify app
Search URL Search Domain Scan URL
Title: Leaked Salesforce API access token at IKEA.com
Search URL Search Domain Scan URL
Title: DownNotifier SSRF
Search URL Search Domain Scan URL
Title: _m_q_t (@_m_q_t)
Search URL Search Domain Scan URL
Title: How I am able to hijack you.
Search URL Search Domain Scan URL
Title: terjanq (@terjanq)
Search URL Search Domain Scan URL
Title: Facebook Vulnerability: Hiding from Facebook Page Admin(s) in /hacked workflow
Search URL Search Domain Scan URL
Title: FileZilla Untrusted Search Path
Search URL Search Domain Scan URL
Title: FileZilla ‘fzsftp’ Untrusted Search Path
Search URL Search Domain Scan URL
Title: Chris Lyne (@lynerc)
Search URL Search Domain Scan URL
Title: How I was able to get your facebook private friend list [Responsible Disclosure]
Search URL Search Domain Scan URL
Title: EdM0d0 IDOR Vulnerabilities
Search URL Search Domain Scan URL
Title: Comma is forbidden! No worries!! Inject in insert/update queries without it
Search URL Search Domain Scan URL
Title: Ahmed Sultan (@0x4148)
Search URL Search Domain Scan URL
Title: Recon in 2 minutes and got $250 easy
Search URL Search Domain Scan URL
Title: How I was able to turn self xss into reflected xss
Search URL Search Domain Scan URL
Title: alert(“A tale of 3 XSS!”)
Search URL Search Domain Scan URL
Title: My very first bug: a dreaded dupe and then an IDOR jackpot!
Search URL Search Domain Scan URL
Title: John H4X00R (@JohnH4X00R)
Search URL Search Domain Scan URL
Title: How I could have hijacked a victim’s YouTube notifications! (Google VRP Writeup)
Search URL Search Domain Scan URL
Title: An Unusual Bug 🐛 on Braintree [PayPal]
Search URL Search Domain Scan URL
Title: Twitter Denial of Service bug or How i could prevent all followers from reading or accessing literally ANY tweets!
Search URL Search Domain Scan URL
Title: Seif Elsallamy
Search URL Search Domain Scan URL
Title: Stored (XSS) on [google.com]
Search URL Search Domain Scan URL
Title: Stored XSS in the guide’s GameplayVersion (www.dota2.com)
Search URL Search Domain Scan URL
Title: Self (XSS) on [komunitas.bukalapak.com]
Search URL Search Domain Scan URL
Title: Reflected (XSS)on [alibabacloud.com]
Search URL Search Domain Scan URL
Title: Facebook Marketing Confidential Call Transcript
Search URL Search Domain Scan URL
Title: Google Books X-Hacking
Search URL Search Domain Scan URL
Title: How to hunt for Malvertising ads on Android
Search URL Search Domain Scan URL
Title: A real XSS in OLX Bug Bounty
Search URL Search Domain Scan URL
Title: Paulo Choupina (@PauloChoupina)
Search URL Search Domain Scan URL
Title: Slack announcement-only channel post restriction bypass
Search URL Search Domain Scan URL
Title: Disclose private/scheduled streams of any Livestream user due to open .m3u8 endpoint
Search URL Search Domain Scan URL
Title: Abss TBH @abss_tbh
Search URL Search Domain Scan URL
Title: Denial of service in Facebook Fizz due to integer overflow (CVE-2019-3560)
Search URL Search Domain Scan URL
Title: Kevin Backhouse (@kevin_backhouse)
Search URL Search Domain Scan URL
Title: Discovering a zero day and getting code execution on Mozilla’s AWS Network
Search URL Search Domain Scan URL
Title: Shubham Shah (@infosec_au)
Search URL Search Domain Scan URL
Title: Mathias Karlsson (@avlidienbrunn)
Search URL Search Domain Scan URL
Title: DoS Across Facebook Endpoints
Search URL Search Domain Scan URL
Title: From http:// domain to res:// domain xss by using IE Adobe’s PDF ActiveX plugin
Search URL Search Domain Scan URL
Title: Heige (@80vul)
Search URL Search Domain Scan URL
Title: Should you be concerned about LastPass uploading your passwords to its server?
Search URL Search Domain Scan URL
Title: Avinash Kumar (@itsavinash_)
Search URL Search Domain Scan URL
Title: Disclosure of Pending Roles for any Facebook Page
Search URL Search Domain Scan URL
Title: Target Finds Cross-Site Scripting in Microsoft SharePoint
Search URL Search Domain Scan URL
Title: How I was able to pwned 30000+ user’s webhook
Search URL Search Domain Scan URL
Title: gujjuboy10x00 (@vis_hacker)
Search URL Search Domain Scan URL
Title: Privilege escalation on private program.
Search URL Search Domain Scan URL
Title: Imran Parray (@CreedHackers)
Search URL Search Domain Scan URL
Title: User Account Takeover [Password Change]— Nice Catch!
Search URL Search Domain Scan URL
Title: Write up – $1,000 usd in 5 minutes, xss stored in outlook.com (ios browsers)
Search URL Search Domain Scan URL
Title: WordPress 5.1 CSRF to Remote Code Execution
Search URL Search Domain Scan URL
Title: Simon Scannell (@scannell_simon)
Search URL Search Domain Scan URL
Title: OLX Bug Bounty: Reflected XSS
Search URL Search Domain Scan URL
Title: Mukhammad Akbar (@abaykandotcom)
Search URL Search Domain Scan URL
Title: My First Stored XSS on Edmodo.com
Search URL Search Domain Scan URL
Title: Hack Your Form-New vector for Blind XSS
Search URL Search Domain Scan URL
Title: Youssef A. Mohamed (@GeneralEG64)
Search URL Search Domain Scan URL
Title: How I found Blind XSS Vulnerability in redacted.com
Search URL Search Domain Scan URL
Title: ssid (@newp_th)
Search URL Search Domain Scan URL
Title: Inserting malware into anyone’s Google Earth Projects Archive
Search URL Search Domain Scan URL
Title: Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack.
Search URL Search Domain Scan URL
Title: Escalating SSRF to RCE
Search URL Search Domain Scan URL
Title: CVE-2018-16794 on fs.thefacebook.com
Search URL Search Domain Scan URL
Title: SQL injection for $50 bounty, but still worth reading!!
Search URL Search Domain Scan URL
Title: Account Takeover Using Cross-Site WebSocket Hijacking (CSWH)
Search URL Search Domain Scan URL
Title: Sharan Panegav (@PanegavSharan)
Search URL Search Domain Scan URL
Title: Vimeo SSRF with code execution potential.
Search URL Search Domain Scan URL
Title: Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack
Search URL Search Domain Scan URL
Title: Facebook Messenger server random memory exposure through corrupted GIF image
Search URL Search Domain Scan URL
Title: 3 XSS in ProtonMail for iOS
Search URL Search Domain Scan URL
Title: $1,000
Search URL Search Domain Scan URL
Title: Fixed : Register any email address on Facebook Account
Search URL Search Domain Scan URL
Title: Fixed : Brute-force Instagram account’s passwords
Search URL Search Domain Scan URL
Title: Facebook exploit – Confirm website visitor identities
Search URL Search Domain Scan URL
Title: Auditing GitHub Repo Wikis for Fun and Profit
Search URL Search Domain Scan URL
Title: Smeege (@SmeegeSec)
Search URL Search Domain Scan URL
Title: XSS in Edmodo within 5 Minute (My First Bug Bounty)
Search URL Search Domain Scan URL
Title: A simple Account takeover misusing JWT late expiration
Search URL Search Domain Scan URL
Title: Bypassing a restrictive JS sandbox
Search URL Search Domain Scan URL
Title: Yet Another (unexpected) Hack for Bounty
Search URL Search Domain Scan URL
Title: Horizontal Privilege Escalation on Quora which can compromise all users on Quora
Search URL Search Domain Scan URL
Title: SpyD3r (@TarunkantG)
Search URL Search Domain Scan URL
Title: [Still work] Redirect Yahoo Subdomain XSS Reflected from americangreetings.com
Search URL Search Domain Scan URL
Title: How I alert(1) in Azure DevOps
Search URL Search Domain Scan URL
Title: Web Cache Deception Attack leads to user info disclosure
Search URL Search Domain Scan URL
Title: Chain of hacks leading to Database Compromise!
Search URL Search Domain Scan URL
Title: Bug Bounty 101 — Always Check The Source Code
Search URL Search Domain Scan URL
Title: Download any organisation Data — S3 amazonaws Misconfiguration
Search URL Search Domain Scan URL
Title: Chand Singh (@Chand_42)
Search URL Search Domain Scan URL
Title: Subdomain Misconfiguration lead to AWS S3 Buckets Reader
Search URL Search Domain Scan URL
Title: Exploiting Google Calendars
Search URL Search Domain Scan URL
Title: Brandon Nguyen (@cmdrsnuggle)
Search URL Search Domain Scan URL
Title: Swiss_E-Voting_Publications
Search URL Search Domain Scan URL
Title: setuid0 (@setuid0)
Search URL Search Domain Scan URL
Title: Abusing autoresponders and email bounces
Search URL Search Domain Scan URL
Title: Inti De Ceukelaire
Search URL Search Domain Scan URL
Title: Reflected XSS at https://photos.shopify.com/
Search URL Search Domain Scan URL
Title: Ahamed Morad (@Modam3r5
Search URL Search Domain Scan URL
Title: How I Registered Multiple Accounts in PrivateInternetAccess VPN Service for FREE
Search URL Search Domain Scan URL
Title: Bug Writeup: FBCTF IDOR
Search URL Search Domain Scan URL
Title: Leakage of Client Secret, Server tokens of all Uber developer applications
Search URL Search Domain Scan URL
Title: Multiple Stored XSS On Tokopedia
Search URL Search Domain Scan URL
Title: Apapedulimu (@Apapedulimu)
Search URL Search Domain Scan URL
Title: Using URI to pop shells via the Discord Client
Search URL Search Domain Scan URL
Title: RagSec (@rag_sec)
Search URL Search Domain Scan URL
Title: DoS on WAF Protected Sites by Abusing Cookie
Search URL Search Domain Scan URL
Title: 2 Subdomains Takeover via Unbounce in a Private Program
Search URL Search Domain Scan URL
Title: Stored XSS on Edmodo
Search URL Search Domain Scan URL
Title: $1.000 SSRF in Slack
Search URL Search Domain Scan URL
Title: Bypass password confirmation in Facebook “DYI” feature
Search URL Search Domain Scan URL
Title: Facebook/Workplace Bug Exposed Offsite Employee Events, Sensitive emails Putting Employees at Risk
Search URL Search Domain Scan URL
Title: Subdomain Takeover via Wufoo Service in a Private Program
Search URL Search Domain Scan URL
Title: Open Redirect in SLACK
Search URL Search Domain Scan URL
Title: Bypassing rate limit abusing misconfiguration rules
Search URL Search Domain Scan URL
Title: Subdomain Takeover via HubSpot
Search URL Search Domain Scan URL
Title: Souq.com Subdomain Takeover via jazzhr.com service
Search URL Search Domain Scan URL
Title: Informative
Search URL Search Domain Scan URL
Title: Never Stop at Banner Grabbing
Search URL Search Domain Scan URL
Title: Third Party Android App Storing Facebook Data Insecurely (Facebook Data Abuse Program)
Search URL Search Domain Scan URL
Title: [SSRF] Server Side Request Forgery in a private Program developers.example.com
Search URL Search Domain Scan URL
Title: Disclose private attachments in Facebook Messenger Infrastructure - 15,000$
Search URL Search Domain Scan URL
Title: Sarmad Hassan (@JubaBaghdad)
Search URL Search Domain Scan URL
Title: Facebook CSRF protection bypass which leads to Account Takeover
Search URL Search Domain Scan URL
Title: Hacking YouTube for #fun and #profit
Search URL Search Domain Scan URL
Title: Export Facebook audience network reports of any business
Search URL Search Domain Scan URL
Title: I Found Clickjacking on Google CSE. Is This Important?
Search URL Search Domain Scan URL
Title: Csrf Bypass Using Cross Frame Scripting
Search URL Search Domain Scan URL
Title: How I hacked ASUS?
Search URL Search Domain Scan URL
Title: Mustafa Kemal Can (@muskecan)
Search URL Search Domain Scan URL
Title: Setting Up Gitrob and using it to find Leaking Repository of an Employee in a hackerone private program.
Search URL Search Domain Scan URL
Title: Sahil Tikoo (@viperbluff)
Search URL Search Domain Scan URL
Title: Design Flaws - Scenario One and Fix
Search URL Search Domain Scan URL
Title: Alli-Balogun Faruq (@node_shack)
Search URL Search Domain Scan URL
Title: Paypal’s Security Check Bypassed
Search URL Search Domain Scan URL
Title: Anees Khan (@AneesEthical)
Search URL Search Domain Scan URL
Title: Internal paths disclosure due to improper exception handling
Search URL Search Domain Scan URL
Title: Leak of private/in-development app ids, names and translation requests
Search URL Search Domain Scan URL
Title: LFI To 10 Servers Pwn
Search URL Search Domain Scan URL
Title: How i was able to dump SqlDB | Simple bug
Search URL Search Domain Scan URL
Title: Cache Deception: How I discovered a vulnerability in Medium and helped them fix it
Search URL Search Domain Scan URL
Title: Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard
Search URL Search Domain Scan URL
Title: Lee Christensen (@tifkin_)
Search URL Search Domain Scan URL
Title: Jumping Over The Fence
Search URL Search Domain Scan URL
Title: How I hacked 40,000 user accounts of Microsoft using 2FA bypass(outlook.live.com)
Search URL Search Domain Scan URL
Title: Vartul Goyal (@hackvartul)
Search URL Search Domain Scan URL
Title: Detecting and exploiting mass-assignments in order to manipulate user columns and read private messages
Search URL Search Domain Scan URL
Title: Paul (@padannewitz)
Search URL Search Domain Scan URL
Title: Reverse RDP Attack: Code Execution on RDP Clients
Search URL Search Domain Scan URL
Title: A Unique XSS Scenario in SmartSheet || $1000 bounty
Search URL Search Domain Scan URL
Title: Rohan Chavan (@rohanchavan1918)
Search URL Search Domain Scan URL
Title: How I was able to Extract Information of Other Users- Exploiting IDOR
Search URL Search Domain Scan URL
Title: Rupika Luhach (@Rup_Ki_Rani)
Search URL Search Domain Scan URL
Title: LFI in Apigee portals
Search URL Search Domain Scan URL
Title: How I found a simple bug in Facebook without any Test
Search URL Search Domain Scan URL
Title: $7.5k Google Cloud Platform organization issue
Search URL Search Domain Scan URL
Title: Ezequiel Pereira (@epereiralopez)
Search URL Search Domain Scan URL
Title: How I hacked a website integrated w/ Facebook having 1.1 mil. users under 45 seconds.
Search URL Search Domain Scan URL
Title: Piyush Raj (@0x48piraj)
Search URL Search Domain Scan URL
Title: Publish tweets by any other user
Search URL Search Domain Scan URL
Title: Kedrisec (@kedrisec)
Search URL Search Domain Scan URL
Title: Guest blog: Eray Mitrani - Hacking isn’t an exact science
Search URL Search Domain Scan URL
Title: Eray Mitrani (@ErayMitrani)
Search URL Search Domain Scan URL
Title: Protonmail XSS — Stored
Search URL Search Domain Scan URL
Title: Unsecured access to personal data of a million Leo Express users
Search URL Search Domain Scan URL
Title: Hijacking accounts by retrieving JWT tokens via unvalidated redirects
Search URL Search Domain Scan URL
Title: A short tale of Account verification bypass
Search URL Search Domain Scan URL
Title: Chaining Tricky OAuth Exploitation To Stored XSS
Search URL Search Domain Scan URL
Title: Misconfiguration-Whatsapp Messenger
Search URL Search Domain Scan URL
Title: Pratheesh P Narayanan
Search URL Search Domain Scan URL
Title: AntiHack IDOR on Create Submission
Search URL Search Domain Scan URL
Title: Syahrul Akbar Rohmani (@sahruldotid)
Search URL Search Domain Scan URL
Title: Facebook Change Product Availability as a PageAnalyst
Search URL Search Domain Scan URL
Title: How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)
Search URL Search Domain Scan URL
Title: Magento – RCE & Local File Read with low privilege admin rights
Search URL Search Domain Scan URL
Title: Daniel Le Gall
Search URL Search Domain Scan URL
Title: Antihack.me Blind XSS To PHP File Upload Vulnerability
Search URL Search Domain Scan URL
Title: SayCure (@SaycureIO)
Search URL Search Domain Scan URL
Title: Privilege Escalation to Highest Admin Privileges
Search URL Search Domain Scan URL
Title: Frappé Technologies ERPNext Server Side Template Injection
Search URL Search Domain Scan URL
Title: Brian Hyde
Search URL Search Domain Scan URL
Title: Enroll in Facebook Ad-break program without Facebook approval
Search URL Search Domain Scan URL
Title: Disclose page’s admins and its Monetization payout details
Search URL Search Domain Scan URL
Title: Disclose page violations and its eligibility to use Ad-breaks
Search URL Search Domain Scan URL
Title: Disclose Instagram business account linked to a Facebook page
Search URL Search Domain Scan URL
Title: Change payment account of any Facebook commerce page
Search URL Search Domain Scan URL
Title: Expose business email and payment account balance of any Facebook commerce page.
Search URL Search Domain Scan URL
Title: Samm0uda (@Samm0uda)
Search URL Search Domain Scan URL
Title: Reveal if a Facebook merchant page has pending or completed orders.
Search URL Search Domain Scan URL
Title: Bruteforce Instagram account’s passwords (lack of rate limiting protection).
Search URL Search Domain Scan URL
Title: Generate Access Tokens for any Facebook user
Search URL Search Domain Scan URL
Title: Modify users profiles of techprep.fb.com
Search URL Search Domain Scan URL
Title: Uploading files to api.techprep.fb.com
Search URL Search Domain Scan URL
Title: Reflected XSS in Zomato
Search URL Search Domain Scan URL
Title: How I Found and Reporting Vulnerabilities to AntiHack.me by Tomi
Search URL Search Domain Scan URL
Title: A Simple CORS Misconfig Leaked Private Post Of Twitter, Facebook & Instagram
Search URL Search Domain Scan URL
Title: Oauth Misconfiguration lead to complete account takeover
Search URL Search Domain Scan URL
Title: Jackson kv (@Jacksonkv22)
Search URL Search Domain Scan URL
Title: XSS Through SWF file!
Search URL Search Domain Scan URL
Title: Bypass Content Security Policy framing restriction rule - OLX
Search URL Search Domain Scan URL
Title: Taha Ibrahim Draidia
Search URL Search Domain Scan URL
Title: Command Injection PoC
Search URL Search Domain Scan URL
Title: NoGe
Search URL Search Domain Scan URL
Title: Facebook Vulnerability: Unremovable facebook group admin
Search URL Search Domain Scan URL
Title: #BugBounty How I Hack Billion $ Company
Search URL Search Domain Scan URL
Title: Abusing MySQL clients to get LFI from the server/client
Search URL Search Domain Scan URL
Title: Jarkko Vesiluoma (@jvesiluoma)
Search URL Search Domain Scan URL
Title: Gaining access to Uber’s user data through AMPScript evaluation
Search URL Search Domain Scan URL
Title: Turning Self XSS to good XSS via access control
Search URL Search Domain Scan URL
Title: Yusuf Yazir (@Hacklad)
Search URL Search Domain Scan URL
Title: Hack Your Form – New vector for Blind XSS
Search URL Search Domain Scan URL
Title: Workplace Logo ID to workplace owner name Disclosure Facebook Bug Bounty
Search URL Search Domain Scan URL
Title: Facebook PageAnalyst Could Add oneself as Moderator on Group
Search URL Search Domain Scan URL
Title: AntiHack.me Multiple Vulnerabilities
Search URL Search Domain Scan URL
Title: View the contact list for a Messenger Kid as a parent-approved contact
Search URL Search Domain Scan URL
Title: Tips for bug bounty beginners from a real life experience
Search URL Search Domain Scan URL
Title: Renaud Martinet (@karouf)
Search URL Search Domain Scan URL
Title: When Cookie Hijacking + HTML Injection become dangerous
Search URL Search Domain Scan URL
Title: Reflected XSS ON ASUS.
Search URL Search Domain Scan URL
Title: Stored XSS Via Alternate Text At Zendesk Support
Search URL Search Domain Scan URL
Title: How I hacked Altervista.org
Search URL Search Domain Scan URL
Title: Jacopo Tediosi (@jacopotediosi)
Search URL Search Domain Scan URL
Title: Facebook Android Application
Search URL Search Domain Scan URL
Title: Ash King
Search URL Search Domain Scan URL
Title: How I could have taken over any Pinterest account
Search URL Search Domain Scan URL
Title: Arnold Anthony (@armold9anthony)
Search URL Search Domain Scan URL
Title: How I stumbled upon a Stored XSS(My first bug bounty story).
Search URL Search Domain Scan URL
Title: Cookie Based Self-XSS to Good XSS
Search URL Search Domain Scan URL
Title: Stealing Side-Channel Attack Tokens in Facebook Account Switcher
Search URL Search Domain Scan URL
Title: Yes I can see your OTP
Search URL Search Domain Scan URL
Title: Vulnerables
Search URL Search Domain Scan URL
Title: A Tricky Open Redirect
Search URL Search Domain Scan URL
Title: How I was able to Harvest other Vine users IP address
Search URL Search Domain Scan URL
Title: How i found web shell on AntiHack.me and Awarded Gold Coin And SWAG
Search URL Search Domain Scan URL
Title: Rudra Sarkar (@rudr4_sarkar)
Search URL Search Domain Scan URL
Title: A Curious Case From Little To Complete Email Verification Bypass
Search URL Search Domain Scan URL
Title: Megaman (@N0_M3ga_Hacks)
Search URL Search Domain Scan URL
Title: Tale of a Misconfiguration in Password Reset
Search URL Search Domain Scan URL
Title: Bypassing Access Control in a Program on Hackerone !!
Search URL Search Domain Scan URL
Title: How I was able to delete Google Gallery Data [IDOR]
Search URL Search Domain Scan URL
Title: Abusing ACL Permissions to Overwrite other User’s Uploaded Files/Videos on s3 Bucket
Search URL Search Domain Scan URL
Title: How I Takeover Wordpress Admin fiiipay.my
Search URL Search Domain Scan URL
Title: How I Was Able To Takeover All User Account And Admin Panel
Search URL Search Domain Scan URL
Title: Reflected XSS on ws-na.amazon-adsystem.com(Amazon)
Search URL Search Domain Scan URL
Title: From Hunting for a Laptop to Hunting down Remote Code Execution
Search URL Search Domain Scan URL
Title: RCE in nokia.com
Search URL Search Domain Scan URL
Title: Unauthenticated user can upload an attachment at HackerOne
Search URL Search Domain Scan URL
Title: Tokopedia Account Takeover Bug Worth 8 Million IDR
Search URL Search Domain Scan URL
Title: Ironfirst (@ironfisto)
Search URL Search Domain Scan URL
Title: Server-side Request Forgery in OpenID support
Search URL Search Domain Scan URL
Title: Client side validation strikes again: PIN code bypass !
Search URL Search Domain Scan URL
Title: Davy (@RandoriSec)
Search URL Search Domain Scan URL
Title: How I accidentally found a clickjacking “feature” in Facebook
Search URL Search Domain Scan URL
Title: Lasq (@lasq88)
Search URL Search Domain Scan URL
Title: XSS worm – A creative use of web application vulnerability
Search URL Search Domain Scan URL
Title: Nicolas Heiniger (@NicolasHeiniger)
Search URL Search Domain Scan URL
Title: Facebook BugBounty — Disclosing page members
Search URL Search Domain Scan URL
Title: Nirmal Thapa (@tnirmalz)
Search URL Search Domain Scan URL
Title: Story of my two (but actually three) RCEs in SharePoint in 2018
Search URL Search Domain Scan URL
Title: Exploiting Two Endpoints to get Account Takeover
Search URL Search Domain Scan URL
Title: Asus’S Admin Panel Auth Bypass
Search URL Search Domain Scan URL
Title: WordPress Privilege Escalation through Post Types
Search URL Search Domain Scan URL
Title: Subdomain Takeover — New Level
Search URL Search Domain Scan URL
Title: Reading ASP secrets for $17,000
Search URL Search Domain Scan URL
Title: Accessing VoIP Internal service via Port 8009: Routing traffic through local Apache proxy
Search URL Search Domain Scan URL
Title: Self XSS to Interesting Stored XSS
Search URL Search Domain Scan URL
Title: How i hacked help desk of a Company
Search URL Search Domain Scan URL
Title: Ali Razzaq (@AliRazzaq_)
Search URL Search Domain Scan URL
Title: Remote Code Execution on a Facebook server
Search URL Search Domain Scan URL
Title: XSSing Google Code-in thanks to improperly escaped JSON data
Search URL Search Domain Scan URL
Title: $3k Bug Bounty - Twitter’s OAuth Mistakes
Search URL Search Domain Scan URL
Title: Terence Eden (@edent)
Search URL Search Domain Scan URL
Title: Unremovable Tags In Facebook Page Reviews
Search URL Search Domain Scan URL
Title: Chaining Two Vulnerabilities to Break Facebook Appointment Times For the Second Time
Search URL Search Domain Scan URL
Title: #BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account”
Search URL Search Domain Scan URL
Title: Exploiting XXE with local DTD files
Search URL Search Domain Scan URL
Title: Arseniy Sharoglazov (@_mohemiv)
Search URL Search Domain Scan URL
Title: Pilot Into Facebook Group Support
Search URL Search Domain Scan URL
Title: Jane Manchun Wong (@wongmjane)
Search URL Search Domain Scan URL
Title: [Open redirect] Developers are lazy(or maybe busy)
Search URL Search Domain Scan URL
Title: KatsuragiCSL (@ZuuitterE)
Search URL Search Domain Scan URL
Title: Second bite on GitLab, and some interesting Ruby functions/features
Search URL Search Domain Scan URL
Title: From blind XXE to root-level file read access
Search URL Search Domain Scan URL
Title: Pieter Hiele (@honoki)
Search URL Search Domain Scan URL
Title: How i was able to pwned application by Bypassing Cloudflare WAF
Search URL Search Domain Scan URL
Title: Microsoft Account Takeover Vulnerability Affecting 400 Million Users
Search URL Search Domain Scan URL
Title: How I could have stolen your photos from Google - my first 3 bug bounty writeups
Search URL Search Domain Scan URL
Title: Gergő Turcsányi (@GergoTurcsanyi)
Search URL Search Domain Scan URL
Title: How I was able to generate Access Tokens for any Facebook user.
Search URL Search Domain Scan URL
Title: Bruteforcing Instagram account’s passwords without limit.
Search URL Search Domain Scan URL
Title: A Misconfiguration in techprep.fb.com REST API allowed me to modify any user profile.
Search URL Search Domain Scan URL
Title: How i was able to upload files to api.techprep.fb.com
Search URL Search Domain Scan URL
Title: Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over
Search URL Search Domain Scan URL
Title: My first bug bounty writeup
Search URL Search Domain Scan URL
Title: Change Anyone’s profile picture-Exploiting IDOR
Search URL Search Domain Scan URL
Title: Proof Of Concept Nokia Cross Site Scripting
Search URL Search Domain Scan URL
Title: How I was Able To Bypass Email Verification
Search URL Search Domain Scan URL
Title: RCE in Hubspot with EL injection in HubL
Search URL Search Domain Scan URL
Title: Fyoorer (@ƒyoorer)
Search URL Search Domain Scan URL
Title: Facebook WhiteHat: Able to access group plan even after leaving the group
Search URL Search Domain Scan URL
Title: Billion Laugh Attack in https://sites.google.com
Search URL Search Domain Scan URL
Title: Antonio Sanso (@asanso)
Search URL Search Domain Scan URL
Title: XSS to XXE in Prince v10 and below (CVE-2018-19858)
Search URL Search Domain Scan URL
Title: Complete User Account Takeover on an Android Application
Search URL Search Domain Scan URL
Title: Taking over Google calendar of a company
Search URL Search Domain Scan URL
Title: How to accidentally find a XSS in ProtonMail iOS app
Search URL Search Domain Scan URL
Title: SecuNinja (@secuninja)
Search URL Search Domain Scan URL
Title: GitHub Desktop RCE (OSX)
Search URL Search Domain Scan URL
Title: André Baptista (@0xACB)
Search URL Search Domain Scan URL
Title: Digging in to SCP Command Injection
Search URL Search Domain Scan URL
Title: Dylan Katz (@Plazmaz)
Search URL Search Domain Scan URL
Title: [BBP系列三] Hijack the JS File of Uber’s Website
Search URL Search Domain Scan URL
Title: Chaobin Zhang
Search URL Search Domain Scan URL
Title: Love Story Of A Account Takeover (Chaining Host Header Injection To Takeover Someones Account)
Search URL Search Domain Scan URL
Title: Story about my first bug bounty
Search URL Search Domain Scan URL
Title: Exploiting post message to steal and replace user’s cookies
Search URL Search Domain Scan URL
Title: Yasser Gersy (@yassergersy)
Search URL Search Domain Scan URL
Title: Story of Stored Xss
Search URL Search Domain Scan URL
Title: Walid Hossain (@NoobWalid)
Search URL Search Domain Scan URL
Title: Broken Authentication — Bug Bounty
Search URL Search Domain Scan URL
Title: IRCTC — Millions of Passenger Details left at huge risk!
Search URL Search Domain Scan URL
Title: Pwning eBay - How I Dumped eBay Japan’s Website Source Code
Search URL Search Domain Scan URL
Title: David (@slashcrypto)
Search URL Search Domain Scan URL
Title: Instagram Multi-factor authentication Bypass
Search URL Search Domain Scan URL
Title: Disclose contact_email of any Facebook application
Search URL Search Domain Scan URL
Title: XSS on Facebook’s acquisition Oculus CDN
Search URL Search Domain Scan URL
Title: Facebook Source Code Disclosure in ads API
Search URL Search Domain Scan URL
Title: From CTFs to Bug Bounty Booty
Search URL Search Domain Scan URL
Title: XML XSS in *.yandex.ru by Accident
Search URL Search Domain Scan URL
Title: My Journey To The Google Hall Of Fame
Search URL Search Domain Scan URL
Title: Abartan Dhakal (@imhaxormad)
Search URL Search Domain Scan URL
Title: Stored XSS Vulnerability in Jotform and H1C Private Site
Search URL Search Domain Scan URL
Title: Bypassing Scratch Cards On Google Pay
Search URL Search Domain Scan URL
Title: Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!
Search URL Search Domain Scan URL
Title: Zain Sabahat (@Zain_Sabahat)
Search URL Search Domain Scan URL
Title: An interesting XXE in SAP.
Search URL Search Domain Scan URL
Title: How i Found Information Disclosure on Scribd.com
Search URL Search Domain Scan URL
Title: How I Hacked Netflix users & Use it free forever
Search URL Search Domain Scan URL
Title: Blueberryinfosec (@bbinfosec)
Search URL Search Domain Scan URL
Title: XS-Searching Google’s bug tracker to find out vulnerable source code
Search URL Search Domain Scan URL
Title: Luan Herrera (@lbherrera_)
Search URL Search Domain Scan URL
Title: Authentication bypass in NodeJS application — a bug bounty story
Search URL Search Domain Scan URL
Title: bl4de (@_bl4de)
Search URL Search Domain Scan URL
Title: XSS bypass using META tag in realestate.postnl.nl
Search URL Search Domain Scan URL
Title: From Security Misconfiguration to Gaining Access of SMTP server
Search URL Search Domain Scan URL
Title: Edmodo XSS Bug
Search URL Search Domain Scan URL
Title: Sameer Phad (@sameerphad72)
Search URL Search Domain Scan URL
Title: Bypassing “How I hacked Google’s bug tracking system itself for $15,600 in bounties.”
Search URL Search Domain Scan URL
Title: Gopal Singh (@gopalsinghcse)
Search URL Search Domain Scan URL
Title: How I Managed to Create Unauthorized Comments on Facebook Live Stream
Search URL Search Domain Scan URL
Title: Microsoft BingPlaces Business - (url) Redirect Vulnerability
Search URL Search Domain Scan URL
Title: XSS in hidden input fields
Search URL Search Domain Scan URL
Title: [POC] Cross-Site Scripting on Garuda Indonesia Website
Search URL Search Domain Scan URL
Title: HackenProof Customer Story: Uklon
Search URL Search Domain Scan URL
Title: HackenProof (@hackenproof)
Search URL Search Domain Scan URL
Title: Most common security vulnerabilities in npm static server modules
Search URL Search Domain Scan URL
Title: Lintern@ute Account Takeover via Cross site request forgery
Search URL Search Domain Scan URL
Title: Spoofing file extensions on HackerOne
Search URL Search Domain Scan URL
Title: Anurag Jain(@csanuragjain)
Search URL Search Domain Scan URL
Title: Disclose Page Admins via Gaming Dashboard Bans
Search URL Search Domain Scan URL
Title: Facebook Vulnerability: Hiding from the view of Business Admin in the Business Manager
Search URL Search Domain Scan URL
Title: How I Discovered XSS that Affects around 20 Uber Subdomains
Search URL Search Domain Scan URL
Title: Fady Othman (@Fady_Othman)
Search URL Search Domain Scan URL
Title: Breaking Appointments and Job Interview Schedules With Malformed Times
Search URL Search Domain Scan URL
Title: Spoof All Domains Containing ‘d’ in Apple Products [CVE-2018-4277]
Search URL Search Domain Scan URL
Title: Tencent’s Xuanwu Lab
Search URL Search Domain Scan URL
Title: OOB XXE in PrizmDoc (CVE-2018–15805)
Search URL Search Domain Scan URL
Title: [DOM based XSS] Or why you should not rely on Cloudflare too much
Search URL Search Domain Scan URL
Title: Patched Facebook Vulnerability Could Have Exposed Private Information About You and Your Friends
Search URL Search Domain Scan URL
Title: Chain exploitation of XSS
Search URL Search Domain Scan URL
Title: Mikhail Klyuchnikov (@__Mn1__)
Search URL Search Domain Scan URL
Title: Clickjacking on Google MyAccount Worth 7,500$
Search URL Search Domain Scan URL
Title: #bugbounty How I Takeover Microsoft Store.
Search URL Search Domain Scan URL
Title: Object name Exposure — ING Bank Responsible Disclosure Program
Search URL Search Domain Scan URL
Title: How I earned 5040$ from Twitter by showing a way to Harvest other users IP address
Search URL Search Domain Scan URL
Title: Vine User’s Private information disclosure
Search URL Search Domain Scan URL
Title: WordPress Design Flaw Leads to WooCommerce RCE
Search URL Search Domain Scan URL
Title: XSS in Dynamics 365
Search URL Search Domain Scan URL
Title: Tim Kent (@__timk)
Search URL Search Domain Scan URL
Title: Evernote For Windows Read Local File and Command Execute Vulnerabilities
Search URL Search Domain Scan URL
Title: Duplicate but still cool
Search URL Search Domain Scan URL
Title: Unauthenticated RSFTP to Command Injection
Search URL Search Domain Scan URL
Title: Nicodemo Gawronski
Search URL Search Domain Scan URL
Title: Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining)
Search URL Search Domain Scan URL
Title: How Outdated JIRA Instances suffers from multiple security vulnerabilities?
Search URL Search Domain Scan URL
Title: Imagemagick GIF coder vulnerability leads to memory disclosure (Hackerone)
Search URL Search Domain Scan URL
Title: Finding hidden gems vol. 3: quick win with .sh file
Search URL Search Domain Scan URL
Title: P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC
Search URL Search Domain Scan URL
Title: Stored XSS in Bug Bounty
Search URL Search Domain Scan URL
Title: [Open Redirect] When your PoC doesn’t work because of the server load balancers
Search URL Search Domain Scan URL
Title: tololovejoi (@tolo7010)
Search URL Search Domain Scan URL
Title: Bypass HackerOne 2FA requirement and reporter blacklist
Search URL Search Domain Scan URL
Title: Japz Divino (@japzdivino)
Search URL Search Domain Scan URL
Title: It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive knowledge about the program
Search URL Search Domain Scan URL
Title: IDOR in JWT and the shortest token you will ever see {}.{“uid”: “1234567890”}
Search URL Search Domain Scan URL
Title: Journey through Google referer leakage bugs.
Search URL Search Domain Scan URL
Title: #BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!
Search URL Search Domain Scan URL
Title: Privilege Escalation like a Boss
Search URL Search Domain Scan URL
Title: How Misconfigured API leaked user private information?
Search URL Search Domain Scan URL
Title: A very useful technique to bypass the CSRF protection for fun and profit.
Search URL Search Domain Scan URL
Title: CSRF account takeover Explained Automated/Manual — Bug Bounty
Search URL Search Domain Scan URL
Title: CSRF account takeover in a company worth 1B$
Search URL Search Domain Scan URL
Title: Subdomain takeover dew to missconfigured project settings for Custom domain .
Search URL Search Domain Scan URL
Title: DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE.
Search URL Search Domain Scan URL
Title: SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software
Search URL Search Domain Scan URL
Title: Facebook hidden redirection vulnerability
Search URL Search Domain Scan URL
Title: XSS with HTML and how to convert the HTML into charcode()
Search URL Search Domain Scan URL
Title: Google sites and exploiting same origin policy
Search URL Search Domain Scan URL
Title: Cookie-based-injection XSS making exploitable with-out exploiting other Vulns
Search URL Search Domain Scan URL
Title: Utkarsh Agrawal
Search URL Search Domain Scan URL
Title: Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature
Search URL Search Domain Scan URL
Title: A possibility of Account Takeover in Medium
Search URL Search Domain Scan URL
Title: Prashant Kumar (@notsoshant)
Search URL Search Domain Scan URL
Title: XSS with PUT in Ghost Blog
Search URL Search Domain Scan URL
Title: Derek (@StackCrash)
Search URL Search Domain Scan URL
Title: XSS using a bug in Safari and why blacklists are stupid
Search URL Search Domain Scan URL
Title: Linus Särud (@_zulln)
Search URL Search Domain Scan URL
Title: Add comment on a private Oculus Developer bug report
Search URL Search Domain Scan URL
Title: Security teams Internal attachments can be exported via “Export as .zip” feature on HackerOne
Search URL Search Domain Scan URL
Title: XXE in IBM’s MaaS360 Platform
Search URL Search Domain Scan URL
Title: Path traversal while uploading results in RCE
Search URL Search Domain Scan URL
Title: Brave Browser Script Blocker Bypass Vulnerability
Search URL Search Domain Scan URL
Title: Xiaoyin Liu
Search URL Search Domain Scan URL
Title: Microsoft CSRF Vulnerability
Search URL Search Domain Scan URL
Title: [Bug bounty | mail.ru] Access to the admin panel of the partner site and data disclosure of 2 million users
Search URL Search Domain Scan URL
Title: Magic XSS with two parameters
Search URL Search Domain Scan URL
Title: Mahmood Shahabi (@m4shahab1)
Search URL Search Domain Scan URL
Title: Add description to Instagram Posts on behalf of other users - 6500$
Search URL Search Domain Scan URL
Title: Microsoft Edge Remote Code Execution
Search URL Search Domain Scan URL
Title: Access to staging environment via User-Agent string
Search URL Search Domain Scan URL
Title: Symantec Messaging Gateway authentication bypass
Search URL Search Domain Scan URL
Title: Artem Kondratenko (@artkond)
Search URL Search Domain Scan URL
Title: Payment bypass
Search URL Search Domain Scan URL
Title: Facebook Business Takeover
Search URL Search Domain Scan URL
Title: Get as image function pulls any Insights/NRQL data from any New Relic account (IDOR)
Search URL Search Domain Scan URL
Title: DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More
Search URL Search Domain Scan URL
Title: VPN Mentor (@vpnmentor)
Search URL Search Domain Scan URL
Title: Make any Unit in Facebook Groups Undeletable
Search URL Search Domain Scan URL
Title: [Critical] Bypass CSRF protection on IBM
Search URL Search Domain Scan URL
Title: Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com
Search URL Search Domain Scan URL
Title: My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY
Search URL Search Domain Scan URL
Title: Ali Tütüncü(@alicanact60)
Search URL Search Domain Scan URL
Title: Blind XML External Entities Out-Of-Band Channel Vulnerability : PayPal Case Study
Search URL Search Domain Scan URL
Title: Clickjacking in Google Docs and Voice typing feature.
Search URL Search Domain Scan URL
Title: GoogleMeetRoulette: Joining random meetings
Search URL Search Domain Scan URL
Title: Martin Vigo (@martin_vigo)
Search URL Search Domain Scan URL
Title: An interesting Google vulnerability that got me 3133.7 reward.
Search URL Search Domain Scan URL
Title: Ebrahem Hegazy (@Zigoo0)
Search URL Search Domain Scan URL
Title: Persistent XSS (Unvalidated oEmbed) at Medium.com
Search URL Search Domain Scan URL
Title: Exploiting an unknown vulnerability
Search URL Search Domain Scan URL
Title: Abhishek Bundela (@abhibundela)
Search URL Search Domain Scan URL
Title: Facebook Bug Bounty: Email Id, Phone Number Can be exposed Through Business Manager
Search URL Search Domain Scan URL
Title: AWS takeover through SSRF in JavaScript
Search URL Search Domain Scan URL
Title: Gwendal Le Coguic (@gwendallecoguic)
Search URL Search Domain Scan URL
Title: Applying a small bypass to steal Facebook Session tokens in Uber
Search URL Search Domain Scan URL
Title: Samuel (@saamux)
Search URL Search Domain Scan URL
Title: How i found Stored xss on your-domain.redacted.com
Search URL Search Domain Scan URL
Title: Collecting Shells by the Sea of NAS Vulnerabilities
Search URL Search Domain Scan URL
Title: Rick Ramgattie (@RRamgattie)
Search URL Search Domain Scan URL
Title: Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com ) with Steps
Search URL Search Domain Scan URL
Title: Google Stored XSS in Payments
Search URL Search Domain Scan URL
Title: Barış Sağdıç (@brsgdc)
Search URL Search Domain Scan URL
Title: How I was able to takeover account’s of an Earning App
Search URL Search Domain Scan URL
Title: Hacking the Subway Android app
Search URL Search Domain Scan URL
Title: Wesley Gahr (@wesley_gahr)
Search URL Search Domain Scan URL
Title: IDOR, Content Spoofing and Url Redirection via unsubscribe email in Confluent
Search URL Search Domain Scan URL
Title: Just another tale of severe bugs on a private program.
Search URL Search Domain Scan URL
Title: Siva Krishna Samireddi (@le4rner)
Search URL Search Domain Scan URL
Title: #BugBounty — From finding Jenkins instance to Command Execution.Secure your Jenkins Instance!
Search URL Search Domain Scan URL
Title: Thick Client — Attacking databases the fun/easy way
Search URL Search Domain Scan URL
Title: Arbitrary File Read in one of the largest CRMs
Search URL Search Domain Scan URL
Title: [XSS] survey.dropbox.com
Search URL Search Domain Scan URL
Title: Weaponizing XSS Attacking Internal System
Search URL Search Domain Scan URL
Title: Subdomain Takeover via Unsecured S3 Bucket Connected to the Website
Search URL Search Domain Scan URL
Title: Responsible disclosure: retrieving a user’s private Facebook friends.
Search URL Search Domain Scan URL
Title: How I XSS’ed Uber and Bypassed CSP
Search URL Search Domain Scan URL
Title: Efkan (@mefkansec)
Search URL Search Domain Scan URL
Title: R-XSS -> CSRF bypass to account takeover/
Search URL Search Domain Scan URL
Title: Bypassing Firebase authorization to create custom goo.gl subdomains
Search URL Search Domain Scan URL
Title: Another XSS in Google Colaboratory
Search URL Search Domain Scan URL
Title: Shopify Athena Bug
Search URL Search Domain Scan URL
Title: Local file inclusion at IKEA.com
Search URL Search Domain Scan URL
Title: Bypassing Authentication Using Javascript Debugger.
Search URL Search Domain Scan URL
Title: Mohit Dabas (@mohitdabas08)
Search URL Search Domain Scan URL
Title: How i bypassed AKAMAI KONA WAF , XSS in overstock.com !
Search URL Search Domain Scan URL
Title: Facebook $750 Reward for a Simple Bug
Search URL Search Domain Scan URL
Title: Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution )
Search URL Search Domain Scan URL
Title: Reflected XSS at Philips.com
Search URL Search Domain Scan URL
Title: XSS Vulnerabilities in Multiple iFrame Busters Affecting Top Tier Sites
Search URL Search Domain Scan URL
Title: Randy Westergren (@RandyWestergren)
Search URL Search Domain Scan URL
Title: Vertical escalation of privileges Leading to Sensitive Data Exposure
Search URL Search Domain Scan URL
Title: Umair Ahmed (@u_ahmedofficial)
Search URL Search Domain Scan URL
Title: User Account takeover in India’s largest digital business company
Search URL Search Domain Scan URL
Title: Minali Arora (@AroraMinali)
Search URL Search Domain Scan URL
Title: IDOR User Account Takeover By Connecting My Facebook Account with victims Account
Search URL Search Domain Scan URL
Title: Persistent Cross-Site Scripting on redacted worth $2,000
Search URL Search Domain Scan URL
Title: How I hijacked your account when you opened my cat picture
Search URL Search Domain Scan URL
Title: Hacking your own antivirus for fun and profit (Safe browsing gone wrong)
Search URL Search Domain Scan URL
Title: Martin Thirup Christensen (@Mthirup)
Search URL Search Domain Scan URL
Title: Subdomain Takeover worth 200$
Search URL Search Domain Scan URL
Title: Reflected DOM XSS and CLICKJACKING on https://silvergoldbull.de/bt.html
Search URL Search Domain Scan URL
Title: Subdomain Takeover via Campaignmonitor
Search URL Search Domain Scan URL
Title: Open-Redirect Vulnerability in udacity.com
Search URL Search Domain Scan URL
Title: Hacking a Crypto Debit Card Service
Search URL Search Domain Scan URL
Title: Muhammad Abdullah
Search URL Search Domain Scan URL
Title: XXE at Bol.com
Search URL Search Domain Scan URL
Title: How to do 55.000+ Subdomain Takeover in a Blink of an Eye
Search URL Search Domain Scan URL
Title: BuckHacker (@thebuckhacker)
Search URL Search Domain Scan URL
Title: Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC
Search URL Search Domain Scan URL
Title: Stored XSS Vulnerability in H1C Private site
Search URL Search Domain Scan URL
Title: Making the Facebook app more secure - $8500 bounty
Search URL Search Domain Scan URL
Title: ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC
Search URL Search Domain Scan URL
Title: How I find Open-Redirect Vulnerability in redacted.com (One of the top online payment processing service website)
Search URL Search Domain Scan URL
Title: Disclosure of Facebook Page Admin due to insecure tagging behavior
Search URL Search Domain Scan URL
Title: Aj Dumanhug (@ajdumanhug)
Search URL Search Domain Scan URL
Title: Stored XSS Vulnerability in Tumblr
Search URL Search Domain Scan URL
Title: Reflected XSS in Google Code Jam
Search URL Search Domain Scan URL
Title: SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC
Search URL Search Domain Scan URL
Title: LFI to 10 servers pwn
Search URL Search Domain Scan URL
Title: Bypassing Hotstar Premium with DOM manipulation and some JavaScript
Search URL Search Domain Scan URL
Title: OpSecX
Search URL Search Domain Scan URL
Title: RCE Unsecure Jenkins Instance | Bug Bounty POC
Search URL Search Domain Scan URL
Title: Write-up - Love story, from closed as informative to $3,500 USD, XSS stored in Yahoo! iOS MaiL app
Search URL Search Domain Scan URL
Title: Simple Login Brute Force / Current Password Requirement Bypass
Search URL Search Domain Scan URL
Title: #BugBounty — How Naaptol (India’s popular home shopping company) Kept their Millions of User Data at Risk!
Search URL Search Domain Scan URL
Title: How I could download the source code of an Indian e-commerce website!!
Search URL Search Domain Scan URL
Title: P1 Vulnerability in 60 seconds
Search URL Search Domain Scan URL
Title: Facebook Bug Bounty! {Permission Bug}
Search URL Search Domain Scan URL
Title: Admin Disclosure of Facebook Business all Pages by normal employees:
Search URL Search Domain Scan URL
Title: How I could have launched a spear phishing campaign with Starbucks email servers
Search URL Search Domain Scan URL
Title: Kyle (@b3nac)
Search URL Search Domain Scan URL
Title: Send request to Martians. Earthlings are already your friends.
Search URL Search Domain Scan URL
Title: Sagar VD
Search URL Search Domain Scan URL
Title: I Own Your Customers !!!
Search URL Search Domain Scan URL
Title: Pwned Together: Hacking dev.to
Search URL Search Domain Scan URL
Title: Antony Garand
Search URL Search Domain Scan URL
Title: $100 Bounty in 300 seconds isn’t bad !!!
Search URL Search Domain Scan URL
Title: Reflected XSS in Django REST Framework Api at MapBox Subdomain
Search URL Search Domain Scan URL
Title: Finding hidden gems vol. 2: REAMDE.md, the story of a bit too helpful readme file
Search URL Search Domain Scan URL
Title: A Infinite Loop Story.
Search URL Search Domain Scan URL
Title: A $1000 Bounty
Search URL Search Domain Scan URL
Title: Reflected Swf XSS at ( https://plugins.svn.wordpress.org )
Search URL Search Domain Scan URL
Title: How i found a 1500$ worth Deserialization vulnerability
Search URL Search Domain Scan URL
Title: IDOR FACEBOOK: malicious person add people to the “Top Fans”
Search URL Search Domain Scan URL
Title: Jafar Abo Nada
Search URL Search Domain Scan URL
Title: Traversing the Path to RCE
Search URL Search Domain Scan URL
Title: Uber Bug Bounty: 1000$ for two “high severity” issue
Search URL Search Domain Scan URL
Title: Open Redirection
Search URL Search Domain Scan URL
Title: My first valid xss(@Hackerone)
Search URL Search Domain Scan URL
Title: Privileged Escalation in Facebook Messenger Rooms
Search URL Search Domain Scan URL
Title: SQL Injection Vulnerability In University Of Cambridge
Search URL Search Domain Scan URL
Title: Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org
Search URL Search Domain Scan URL
Title: API key: The real goldmine
Search URL Search Domain Scan URL
Title: Privileged Escalation in Facebook Messenger Rooms
Search URL Search Domain Scan URL
Title: User credential are sent in clear text in Whatsapp web— FIXED | Facebook Bug Bounty
Search URL Search Domain Scan URL
Title: YAHOO IDOR -elimination of any comment
Search URL Search Domain Scan URL
Title: Bada Diaz (@bada77)
Search URL Search Domain Scan URL
Title: 3 Minutes & XSS!
Search URL Search Domain Scan URL
Title: IDOR leads to account takeover
Search URL Search Domain Scan URL
Title: @s0cket7
Search URL Search Domain Scan URL
Title: ICloud.com DOM-Based XSS! #BugBounty
Search URL Search Domain Scan URL
Title: Another “TicketTrick” story
Search URL Search Domain Scan URL
Title: XSS at Hubspot and XSS in email areas.
Search URL Search Domain Scan URL
Title: IDOR leads to getting Access tokens of users linked to Google Drive on Edmodo
Search URL Search Domain Scan URL
Title: Aagam shah (@neutrinoguy)
Search URL Search Domain Scan URL
Title: Distorted and Undeletable Posts in Facebook Group
Search URL Search Domain Scan URL
Title: How I Chained 4 Bugs(Features?) into RCE on Amazon Collaboration System
Search URL Search Domain Scan URL
Title: Orange Tsai (@orange_8361)
Search URL Search Domain Scan URL
Title: S3 Bucket Misconfiguration in Amazon
Search URL Search Domain Scan URL
Title: Adminer Script Results to Pwning Server?, Private Bug Bounty Program
Search URL Search Domain Scan URL
Title: Misconfigured JIRA setting - Apigee
Search URL Search Domain Scan URL
Title: [Twitter Bug Bounty] Misconfigured JSON endpoint on ads.twitter.com lead to Access control issue and Information Disclosure of role privileged users.
Search URL Search Domain Scan URL
Title: Peerzada Fawaz Ahmad Qureshi (@zk34911)
Search URL Search Domain Scan URL
Title: Subdomain Takeover: Yet another Starbucks case
Search URL Search Domain Scan URL
Title: Patrik Hudak
Search URL Search Domain Scan URL
Title: From TOMCAT to NT AUTHORITY\SYSTEM
Search URL Search Domain Scan URL
Title: My Disclosed Report about Basic auth Api details at Reverb.com
Search URL Search Domain Scan URL
Title: This is how can I spoof ANY Sentry.Io log infinitely and create fake error-logs
Search URL Search Domain Scan URL
Title: My First Critical Report
Search URL Search Domain Scan URL
Title: Miguel Corral (@mcorral74)
Search URL Search Domain Scan URL
Title: How I hacked a Crypto Exchange (Bug Bounty Writeup)
Search URL Search Domain Scan URL
Title: From data leak to account takeover
Search URL Search Domain Scan URL
Title: How I gained commit access to Homebrew in 30 minutes
Search URL Search Domain Scan URL
Title: Eric Holmes (@vesirin)
Search URL Search Domain Scan URL
Title: Sending out phishing e-mails from @microsoft.com
Search URL Search Domain Scan URL
Title: @si9int
Search URL Search Domain Scan URL
Title: Unauth meetings access
Search URL Search Domain Scan URL
Title: Self XSS leads to blind XSS and reflected XSS.
Search URL Search Domain Scan URL
Title: Reflected XSS Primagames.com
Search URL Search Domain Scan URL
Title: My First Swag Pack : A Logical Bug on Edmodo
Search URL Search Domain Scan URL
Title: Stored XSS in GameSkinny
Search URL Search Domain Scan URL
Title: Blind-XSS in Chrome Experiments - Google (Write Up)
Search URL Search Domain Scan URL
Title: #BugBounty — @Paytm Customer Information is at risk — India’s largest digital wallet company
Search URL Search Domain Scan URL
Title: Discovering and Exploiting a Vulnerability in Android’s Personal Dictionary (CVE-2018-9375)
Search URL Search Domain Scan URL
Title: Daniel Kachakil
Search URL Search Domain Scan URL
Title: Exploiting a Microsoft Edge Vulnerability to Steal Files
Search URL Search Domain Scan URL
Title: Ziyahan Albeniz
Search URL Search Domain Scan URL
Title: Shipt Subdomain TakeOver via HeroKu ( test.shipt.com )
Search URL Search Domain Scan URL
Title: Disclose Facebook Internal Server Information With A Strange Poll
Search URL Search Domain Scan URL
Title: CRLF Injection Into PHP’s cURL Options
Search URL Search Domain Scan URL
Title: TomNomNom
Search URL Search Domain Scan URL
Title: How I could access your internal servers, steal and modify your image repository
Search URL Search Domain Scan URL
Title: PoC || GO
Search URL Search Domain Scan URL
Title: Hacking Imgur for Fun and Profit
Search URL Search Domain Scan URL
Title: Nathan (@NathOnSecurity)
Search URL Search Domain Scan URL
Title: 18th Acknowledgement From Microsoft
Search URL Search Domain Scan URL
Title: Muhammad Muhaddis
Search URL Search Domain Scan URL
Title: Yahoo — Two XSSi vulnerabilities chained to steal user information. ($750 Bounty)
Search URL Search Domain Scan URL
Title: Microsoft Office 365 Stored XSS
Search URL Search Domain Scan URL
Title: @Pethuraj
Search URL Search Domain Scan URL
Title: Making a Blind SQL Injection a Little Less Blind
Search URL Search Domain Scan URL
Title: Binary.com ClickJacking Vulnerability — Exploiting HTML5 Security Features
Search URL Search Domain Scan URL
Title: Ameer Assadi
Search URL Search Domain Scan URL
Title: How I found XSS on Amazon?
Search URL Search Domain Scan URL
Title: Coding_Karma
Search URL Search Domain Scan URL
Title: Exfiltration via CSS Injection
Search URL Search Domain Scan URL
Title: d0nut
Search URL Search Domain Scan URL
Title: SQL Injection and A silly WAF
Search URL Search Domain Scan URL
Title: Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]
Search URL Search Domain Scan URL
Title: Sebastian (ha.cker.info)
Search URL Search Domain Scan URL
Title: Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirect great again
Search URL Search Domain Scan URL
Title: Finding hidden gems vol. 1: forging OAuth tokens using discovered client id and client secret
Search URL Search Domain Scan URL
Title: IDOR FACEBOOK: malicious person add people to the “Top Fans”
Search URL Search Domain Scan URL
Title: Unclaimed Medium Publication takeover in WeTransfer
Search URL Search Domain Scan URL
Title: Google Assistant Bug Worth $3133.7 !
Search URL Search Domain Scan URL
Title: RCE due to ShowExceptions
Search URL Search Domain Scan URL
Title: Into the Borg – SSRF inside Google production network
Search URL Search Domain Scan URL
Title: Enguerran Gillier
Search URL Search Domain Scan URL
Title: The call is coming from inside the house — DNS rebinding in EOSIO keosd wallet
Search URL Search Domain Scan URL
Title: François Proulx
Search URL Search Domain Scan URL
Title: RCE on Yahoo Luminate
Search URL Search Domain Scan URL
Title: How I was able to delete 13k+ Microsoft Translator projects
Search URL Search Domain Scan URL
Title: Haider Mahmood
Search URL Search Domain Scan URL
Title: Hey Developer, Give me your API keys.!!
Search URL Search Domain Scan URL
Title: Bypass Admin approval, Mute Member and Posting Permissions for Only admins in Facebook groups
Search URL Search Domain Scan URL
Title: Hacking thousands of companies through their helpdesk
Search URL Search Domain Scan URL
Title: CVE-2018-13784: PrestaShop 1.6.x Privilege Escalation
Search URL Search Domain Scan URL
Title: WRITE UP – TELEGRAM BUG BOUNTY – WHATSAPP N/A [“Blind” XSS Stored iOS in messengers twins, who really care about your security?]
Search URL Search Domain Scan URL
Title: Attacking PostgreSQL Database
Search URL Search Domain Scan URL
Title: Bug Bounty at Bangladeshi Site.
Search URL Search Domain Scan URL
Title: Shaifullah Shaon
Search URL Search Domain Scan URL
Title: Should this be public though?
Search URL Search Domain Scan URL
Title: XSS in Microsoft subdomain
Search URL Search Domain Scan URL
Title: The tradeRifle Vulnerability Identified in LBank Mobile Service (CVE-2018-13363)
Search URL Search Domain Scan URL
Title: PeckShield
Search URL Search Domain Scan URL
Title: Gsuite Hangouts Chat 5k IDOR
Search URL Search Domain Scan URL
Title: Cam (@SecretlyHidden1)
Search URL Search Domain Scan URL
Title: Persistent XSS at AH.nl
Search URL Search Domain Scan URL
Title: #BugBounty - Compromising User Account- “How I was able to compromise user account via HTTP Parameter Pollution(HPP)”
Search URL Search Domain Scan URL
Title: Server Side Request Forgery on Vanilla Forums
Search URL Search Domain Scan URL
Title: Vikash Chaudhary
Search URL Search Domain Scan URL
Title: Latex to RCE, Private Bug Bounty Program
Search URL Search Domain Scan URL
Title: The $12,000 Intersection between Clickjacking, XSS, and Denial of Service
Search URL Search Domain Scan URL
Title: Chaining Multiple Vulnerabilities to Gain Admin Access
Search URL Search Domain Scan URL
Title: Ben Sadeghipour (@nahamsec)
Search URL Search Domain Scan URL
Title: Bug Bounty: Tumblr reCAPTCHA vulnerability write up
Search URL Search Domain Scan URL
Title: Leigh-Anne Galloway (@L_AGalloway)
Search URL Search Domain Scan URL
Title: Authentication bypass in Cisco Meraki
Search URL Search Domain Scan URL
Title: This popular Facebook app publicly exposed your data for years
Search URL Search Domain Scan URL
Title: Take Advantage of Out-of-Scope Domains in Bug Bounty Programs
Search URL Search Domain Scan URL
Title: Abdullah Hussam (@Abdulahhusam)
Search URL Search Domain Scan URL
Title: How re-signing up for an account lead to account takeover
Search URL Search Domain Scan URL
Title: @zseano
Search URL Search Domain Scan URL
Title: Subdomain Takeover: Starbucks points to Azure
Search URL Search Domain Scan URL
Title: Account Take over via reset password
Search URL Search Domain Scan URL
Title: How I got access to local AWS info via Jira
Search URL Search Domain Scan URL
Title: Coen Goedegebure
Search URL Search Domain Scan URL
Title: Fastest Fix on Open Bug Bounty Platform
Search URL Search Domain Scan URL
Title: Wen Bin KONG
Search URL Search Domain Scan URL
Title: How I hacked Apple.com (Unrestricted File Upload)
Search URL Search Domain Scan URL
Title: XSS in Google Colaboratory + CSP bypass
Search URL Search Domain Scan URL
Title: Using a GitHub app to escalate to an organization owner for a $10,000 bounty
Search URL Search Domain Scan URL
Title: Tanner
Search URL Search Domain Scan URL
Title: Setting arbitrary request headers in Chromium via CRLF injection
Search URL Search Domain Scan URL
Title: I discovered a browser bug
Search URL Search Domain Scan URL
Title: Jake Archibald
Search URL Search Domain Scan URL
Title: [Responsible disclosure] How I could have booked movie tickets through other user accounts
Search URL Search Domain Scan URL
Title: Bharathvaj Ganesan
Search URL Search Domain Scan URL
Title: How i found blind XSS in Apple
Search URL Search Domain Scan URL
Title: Taha Smily
Search URL Search Domain Scan URL
Title: Reflected Client XSS at Amazon.com
Search URL Search Domain Scan URL
Title: Yay! 3133.70$ for RCE on *.withgoogle.com subdomain.
Search URL Search Domain Scan URL
Title: lalka
Search URL Search Domain Scan URL
Title: Password reset to full account takeover
Search URL Search Domain Scan URL
Title: Hamza Bettache
Search URL Search Domain Scan URL
Title: Reflected XSS in 360totalsecurity
Search URL Search Domain Scan URL
Title: The 2.5 BTC Stored XSS
Search URL Search Domain Scan URL
Title: How I got paid premium plan for free on many popular websites
Search URL Search Domain Scan URL
Title: Vulnerability Netflix (cross-site-scripting) XSS
Search URL Search Domain Scan URL
Title: Unvalidated Open Redirect Bol.com
Search URL Search Domain Scan URL
Title: Full account Takeover via reset password function
Search URL Search Domain Scan URL
Title: Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution
Search URL Search Domain Scan URL
Title: How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL
Search URL Search Domain Scan URL
Title: Darrell Damstedt
Search URL Search Domain Scan URL
Title: [PayPal BBP] I could’ve deleted All SMC messages. Using Brute-Force technique.
Search URL Search Domain Scan URL
Title: Ayoub Ait Elmokhtar
Search URL Search Domain Scan URL
Title: Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
Search URL Search Domain Scan URL
Title: Matthew Bryan
Search URL Search Domain Scan URL
Title: Steam Inventory Helper
Search URL Search Domain Scan URL
Title: How I was able to list some internal information from PayPal #BugBounty
Search URL Search Domain Scan URL
Title: Adrien Jeanneau
Search URL Search Domain Scan URL
Title: How I found XSS via SSRF vulnerability -Adesh Kolte
Search URL Search Domain Scan URL
Title: #BugBounty —” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection.
Search URL Search Domain Scan URL
Title: Zero to Account Takeover: How I ‘Impersonated’ Someone Else Using Auth0
Search URL Search Domain Scan URL
Title: Daniel Svartman
Search URL Search Domain Scan URL
Title: Searching for XSS found LDAP injection
Search URL Search Domain Scan URL
Title: Davide Tampellini
Search URL Search Domain Scan URL
Title: Are you sure this is a trusted email?
Search URL Search Domain Scan URL
Title: Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected)
Search URL Search Domain Scan URL
Title: Read&Write
Search URL Search Domain Scan URL
Title: How I Hacked Fotor & Got “Nothing”
Search URL Search Domain Scan URL
Title: Somdev Sangwan (s0md3v)
Search URL Search Domain Scan URL
Title: Getting PHP Code Execution and leverage access to panels,databases,server
Search URL Search Domain Scan URL
Title: How i converted SSRF to XSS in Jira.
Search URL Search Domain Scan URL
Title: How I Earned $750 Bounty Reward From AT&T bug Bounty -Adesh Kolte
Search URL Search Domain Scan URL
Title: #Bug Bounty — How I booked a rental house for just 1.00 INR — Price Manipulation in Citrus Pay
Search URL Search Domain Scan URL
Title: Raghavendra Reddy
Search URL Search Domain Scan URL
Title: Reflected XSS in Yahoo Subdomain ( hk.movies.yahoo.com )
Search URL Search Domain Scan URL
Title: 5k$ for path traversal on *.paypal-corp.com subdomain
Search URL Search Domain Scan URL
Title: Account Takeover and Blind XSS! Go Pro, get Bugs!
Search URL Search Domain Scan URL
Title: Tabahi
Search URL Search Domain Scan URL
Title: How I found 5 store XSS on a private program. Each worth “1,016.66$”
Search URL Search Domain Scan URL
Title: Shahzad Sadiq
Search URL Search Domain Scan URL
Title: How I got hall of fame in two fortune 500 companies — An RCE story…
Search URL Search Domain Scan URL
Title: Alfie
Search URL Search Domain Scan URL
Title: How i was able to get admin panel on a private program
Search URL Search Domain Scan URL
Title: reCAPTCHA bypass via HTTP Parameter Pollution
Search URL Search Domain Scan URL
Title: Andres Riancho
Search URL Search Domain Scan URL
Title: Persistent XSS to Steal Passwords – Paypal
Search URL Search Domain Scan URL
Title: Akhil Reni
Search URL Search Domain Scan URL
Title: Simple IDOR to reject a to-be users invitation via their notification
Search URL Search Domain Scan URL
Title: How I was able to see any private album passwrod in Picturepush — IDOR
Search URL Search Domain Scan URL
Title: #BugBounty — ”How I was able to hack any user account via password reset?”
Search URL Search Domain Scan URL
Title: Bikash Gupta
Search URL Search Domain Scan URL
Title: RCE by uploading a web.config
Search URL Search Domain Scan URL
Title: 003random
Search URL Search Domain Scan URL
Title: AWS Security Flaw which can grant admin access!
Search URL Search Domain Scan URL
Title: Getting read access on Edmodo Production Server by exploiting SSRF
Search URL Search Domain Scan URL
Title: Self-XSS + CSRF to Stored XSS
Search URL Search Domain Scan URL
Title: $36k Google App Engine RCE
Search URL Search Domain Scan URL
Title: Fastest Fix on Open Bug Bounty Platform
Search URL Search Domain Scan URL
Title: How i got 100$ from one private website
Search URL Search Domain Scan URL
Title: How i HACKED admin account via password reset IDOR function of one private currency exchanger site
Search URL Search Domain Scan URL
Title: Stored XSS in Yahoo and all subdomains!
Search URL Search Domain Scan URL
Title: Hakim Bencella
Search URL Search Domain Scan URL
Title: Xss in Microsoft
Search URL Search Domain Scan URL
Title: How I was able to get subscription of $120/year For Free
Search URL Search Domain Scan URL
Title: Muhammad Khizer Javed / babayaga47 (@khizer_javed47)
Search URL Search Domain Scan URL
Title: Whatsapp- DOS vulnerability on Android/iOS/Web
Search URL Search Domain Scan URL
Title: HSTS Bypass Vulnerability in IE Preview
Search URL Search Domain Scan URL
Title: How I used a simple Google query to mine passwords from dozens of public Trello boards
Search URL Search Domain Scan URL
Title: Kushagra Pathak
Search URL Search Domain Scan URL
Title: Internet Safety for Kids & Families — Trend Micro Bypass DOM XSS
Search URL Search Domain Scan URL
Title: Honc (@honcbb)
Search URL Search Domain Scan URL
Title: Asus Control Center – An Information Disclosure and a database connection Clear-Text password leakage Vulnerability
Search URL Search Domain Scan URL
Title: Mohamed A. Baset
Search URL Search Domain Scan URL
Title: Ubisoft | Blind XSS to customer support panel takeover
Search URL Search Domain Scan URL
Title: A Five Minute SQL-I
Search URL Search Domain Scan URL
Title: How I Got Paid $0 From the India’s largest online gifting portal — Bug Bounty Program
Search URL Search Domain Scan URL
Title: Hariom Vashisth
Search URL Search Domain Scan URL
Title: $4500 bounty - How I got lucky
Search URL Search Domain Scan URL
Title: Disclose Private Video Thumbnail from Facebook WorkPlace
Search URL Search Domain Scan URL
Title: Stealing money from one account to another account
Search URL Search Domain Scan URL
Title: Story Of a Stored XSS Bypass
Search URL Search Domain Scan URL
Title: Multiple security vulnerabilities in domains belonging to Google
Search URL Search Domain Scan URL
Title: Sysdreams
Search URL Search Domain Scan URL
Title: How I found 2.9 RCE at Yahoo! Bug Bounty program
Search URL Search Domain Scan URL
Title: #BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get root user account!
Search URL Search Domain Scan URL
Title: Reflected XSS on Stack Overflow
Search URL Search Domain Scan URL
Title: Stored XSS in Yahoo!
Search URL Search Domain Scan URL
Title: Shahzada AL Shahriar Khan
Search URL Search Domain Scan URL
Title: Bypassing the Confirmation Email for Newsletter (bof.nl)
Search URL Search Domain Scan URL
Title: How I earned 60K+ from private program
Search URL Search Domain Scan URL
Title: The Unknown Hero-App Logic Bugs
Search URL Search Domain Scan URL
Title: XSS “403 forbidden” bypass write up
Search URL Search Domain Scan URL
Title: How we got LFI in apache Drill (Recon like a boss)
Search URL Search Domain Scan URL
Title: DOM XSS in Google VRView library
Search URL Search Domain Scan URL
Title: Federico Fazzi
Search URL Search Domain Scan URL
Title: Three Cases, Three Open Redirect Bypasses
Search URL Search Domain Scan URL
Title: Mohammed Eldeeb (@malcolmx0x)
Search URL Search Domain Scan URL
Title: Turning Self-XSS into non-Self Stored-XSS via Authorization Issue at “PayPal Tech-Support and Brand Central Portal
Search URL Search Domain Scan URL
Title: Mangobaaz hacked | XSS to credentials exposure to pwn
Search URL Search Domain Scan URL
Title: #BugBounty — ”Journey from LFI to RCE!!!”-How I was able to get the same in one of the India’s popular property buy/sell company.
Search URL Search Domain Scan URL
Title: Bypassing the Current Password Protection at PayPal TechSupport Portal
Search URL Search Domain Scan URL
Title: Google Bug: Posting on groups as any user’s behalf
Search URL Search Domain Scan URL
Title: Whatsapp user’s IP disclosure with Link Preview feature
Search URL Search Domain Scan URL
Title: Ribose — IDOR with Simple CSRF Bypass — Unrestricted Changes and Deletion to other Photo Profile
Search URL Search Domain Scan URL
Title: How I Get the Name of the Hotel (and other Data) that you ever Stay - Personal Data Leaks: Private Bug Bounty Program
Search URL Search Domain Scan URL
Title: IDOR (at Private Bug Bounty Program) that could Leads to Personal Data Leaks
Search URL Search Domain Scan URL
Title: How I got stored XSS using file upload
Search URL Search Domain Scan URL
Title: From an error message to DB disclosure
Search URL Search Domain Scan URL
Title: Spoof an user to create a description of a group in Flickr
Search URL Search Domain Scan URL
Title: Bypassing Captcha Like a Boss
Search URL Search Domain Scan URL
Title: #SecurityBreach — ”How I was able to book hotel room for 1.50₹!”
Search URL Search Domain Scan URL
Title: Bypass CSP by Abusing XSS Filter in Edge
Search URL Search Domain Scan URL
Title: How I hacked companies related to the crypto currency and earned $60,000
Search URL Search Domain Scan URL
Title: How I bypassed Ebay process on redirect
Search URL Search Domain Scan URL
Title: Hijacking User’s Private Information access_token from Microsoft Office360 facebook App
Search URL Search Domain Scan URL
Title: Please email me your password
Search URL Search Domain Scan URL
Title: Jasmin Laundry
Search URL Search Domain Scan URL
Title: How I broke into Google Issue Tracker
Search URL Search Domain Scan URL
Title: Source Code Analysis in YSurvey — Luminate bug
Search URL Search Domain Scan URL
Title: Piercing the veil: Server Side Request Forgery to NIPRNet access
Search URL Search Domain Scan URL
Title: Alyssa Herrera (@Alyssa_Herrera_)
Search URL Search Domain Scan URL
Title: Stealing HttpOnly Cookie via XSS
Search URL Search Domain Scan URL
Title: Reflected XSS on www.zomato.com By Mustafa Hasan
Search URL Search Domain Scan URL
Title: “Exploiting a Single Parameter”
Search URL Search Domain Scan URL
Title: Hisham Mir (@Hishammir1)
Search URL Search Domain Scan URL
Title: Link injection on 2 Twitter Subdomain
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: How I caught Multiple vulnerabilities in Udemy.com, But not rewarded for serious XSS vulnerability :(
Search URL Search Domain Scan URL
Title: Satyendra Shrivastava
Search URL Search Domain Scan URL
Title: Directory Listing To Sensitive Files Exposure
Search URL Search Domain Scan URL
Title: Facebook BugBounty: Intercept incoming friend requests of Victim add/accept to your facebook account
Search URL Search Domain Scan URL
Title: My Best Small Report Bounty Report in Private Program ( Django REST framework Admin Login ByPass )
Search URL Search Domain Scan URL
Title: XSS in Yahoo Subdomain
Search URL Search Domain Scan URL
Title: XSS In sports.tw.campaign.yahoo.net
Search URL Search Domain Scan URL
Title: How I hacked one cryptocurrency service
Search URL Search Domain Scan URL
Title: How I Could Have Promoted Any Facebook Page For Free.
Search URL Search Domain Scan URL
Title: View Insights for Any Facebook Marketplace Product
Search URL Search Domain Scan URL
Title: Creating Test Conversion using any App
Search URL Search Domain Scan URL
Title: Google bug bounty for security exploit that influences search results
Search URL Search Domain Scan URL
Title: Reflected XSS Moogaloop SWF ( Version < 6.2.x )
Search URL Search Domain Scan URL
Title: Misconfiguration of Demographics Privacy in a Page
Search URL Search Domain Scan URL
Title: #BugBounty — Rewarded by securing vulnerabilities in Bookmyshow (India’s largest online movie & event booking portal)
Search URL Search Domain Scan URL
Title: Hacking Oracle in 5 Minutes
Search URL Search Domain Scan URL
Title: Google adwords 3133.7$ Stored XSS
Search URL Search Domain Scan URL
Title: Emad Shanab
Search URL Search Domain Scan URL
Title: Leaking WordPress CSRF Tokens for Fun, $1337 bounty, and CVE-2017-5489
Search URL Search Domain Scan URL
Title: #BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality
Search URL Search Domain Scan URL
Title: Dox Facebook Employees Behind “Did You Know” Questions
Search URL Search Domain Scan URL
Title: Union Based Sql injection Write up ->A private Company Site
Search URL Search Domain Scan URL
Title: How I hacked 74k users of a website.
Search URL Search Domain Scan URL
Title: Getting any Facebook user’s friend list and partial payment card details
Search URL Search Domain Scan URL
Title: Josip Franjkovic
Search URL Search Domain Scan URL
Title: Stored XSS, and SSRF in Google using the Dataset Publishing Language
Search URL Search Domain Scan URL
Title: Craig Arendt (@signalchaos)
Search URL Search Domain Scan URL
Title: Clickjackings in Google worth 12644.7$
Search URL Search Domain Scan URL
Title: Facebook Bug Bounty Reports
Search URL Search Domain Scan URL
Title: #BugBounty — How I could book cab using your wallet money in India’s largest auto transportation company!
Search URL Search Domain Scan URL
Title: How I found A Surprising XSS Vulnerability on Oracle NetSuite ?
Search URL Search Domain Scan URL
Title: The 2.5mins or 2.5k$ hawk-eye bug – A Facebook Pages Admins Disclosure Vulnerability!
Search URL Search Domain Scan URL
Title: Re-dressing Instagram – Leaking Application Tokens via Instagram ClickJacking Vulnerability!
Search URL Search Domain Scan URL
Title: How i Hacked into a bugcrowd. public program
Search URL Search Domain Scan URL
Title: #BugBounty — API keys leakage, Source code disclosure in India’s largest e-commerce health care company.
Search URL Search Domain Scan URL
Title: How I was able to delete any image in Facebook community question forum
Search URL Search Domain Scan URL
Title: Bypassing Google’s authentication to access their Internal Admin panels
Search URL Search Domain Scan URL
Title: Vishnu Prasad P G
Search URL Search Domain Scan URL
Title: The Fuzz…The Bug..The Action – A Race Condition bug in Facebook Chat Groups leads to spy on conversations!
Search URL Search Domain Scan URL
Title: Modifying any Ad Space and Placement
Search URL Search Domain Scan URL
Title: POODLE SSLv3 bug on multiple twitter smtp servers
Search URL Search Domain Scan URL
Title: Google bugs stories and the shiny pixelbook.
Search URL Search Domain Scan URL
Title: Missoum Said (@missoum1307)
Search URL Search Domain Scan URL
Title: How I hacked Tinder accounts using Facebook’s Account Kit and earned $6,250 in bounties
Search URL Search Domain Scan URL
Title: Exploiting CORS Miss configuration using XSS
Search URL Search Domain Scan URL
Title: Noman Shaikh
Search URL Search Domain Scan URL
Title: #BugBounty — Exploiting CRLF Injection can lands into a nice bounty
Search URL Search Domain Scan URL
Title: How I was able to remotely crash any android user’s instagram app and was paid a mere 500$ for it.
Search URL Search Domain Scan URL
Title: #BugBounty — “How I was able to shop for free!”- Payment Price Manipulation
Search URL Search Domain Scan URL
Title: Oracle Cross Site Scripting Vulnerability -Adesh Kolte
Search URL Search Domain Scan URL
Title: Stored XSS on Snapchat
Search URL Search Domain Scan URL
Title: Mrityunjoy
Search URL Search Domain Scan URL
Title: I figured out a way to hack any of Facebook’s 2 billion accounts, and they paid me a $15,000 bounty for it
Search URL Search Domain Scan URL
Title: Taking over Facebook accounts using Free Basics partner portal
Search URL Search Domain Scan URL
Title: Bug bounty left over (and rant) Part III (Google and Twitter)
Search URL Search Domain Scan URL
Title: How I gained access to Sony’s database
Search URL Search Domain Scan URL
Title: SQL injection with load file and into outfile
Search URL Search Domain Scan URL
Title: How I found IDOR on Twitter’s Acquisition – Mopub.com
Search URL Search Domain Scan URL
Title: Facebook mailto injection leads to social engineering & spam attack
Search URL Search Domain Scan URL
Title: #BugBounty — ”I don’t need your current password to login into your account” - How could I completely takeover any user’s account in an online classified ads company.
Search URL Search Domain Scan URL
Title: Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART 2)
Search URL Search Domain Scan URL
Title: Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)
Search URL Search Domain Scan URL
Title: Internal IPs disclosure
Search URL Search Domain Scan URL
Title: How I was able to Bypass XSS Protection on HackerOne’s Private Program
Search URL Search Domain Scan URL
Title: Getting access to prompt debug dialog and serialized tool on main website facebook.com
Search URL Search Domain Scan URL
Title: How I was able to Download Any file from Web server!
Search URL Search Domain Scan URL
Title: How I got 22000$ worth ethereum
Search URL Search Domain Scan URL
Title: Shubham Gupta
Search URL Search Domain Scan URL
Title: JSON CSRF attack on a Social Networking Site[Hackerone Platform]
Search URL Search Domain Scan URL
Title: Here’s how I could’ve ridden for free with Uber
Search URL Search Domain Scan URL
Title: Full Account Takeover through CORS with connection Sockets
Search URL Search Domain Scan URL
Title: [Yahoo Bug Bounty] Unauthorized Access to Unisphere Management Server Debugging Facility on https://bf1-uaddbcx-002.data.bf1.yahoo.com/Debug/
Search URL Search Domain Scan URL
Title: No RCE? Then SSH to the box!
Search URL Search Domain Scan URL
Title: Reflected XSS + Possible Server Side Template Injection in HubSpot CMS ( All Websites Uses HubSpot was affected )
Search URL Search Domain Scan URL
Title: #BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection
Search URL Search Domain Scan URL
Title: Asus Cross Site Scrpting And Directory Listing Vulnerability
Search URL Search Domain Scan URL
Title: File Disclosure via .DS_Store file (macOS)
Search URL Search Domain Scan URL
Title: Internshala Bug in Internshala Student Partner
Search URL Search Domain Scan URL
Title: Reflected File Download ( RFD ) in www.Google.com
Search URL Search Domain Scan URL
Title: $1800 in less than an hour.
Search URL Search Domain Scan URL
Title: @yappare
Search URL Search Domain Scan URL
Title: Reflected XSS via AngularJS Template Injection
Search URL Search Domain Scan URL
Title: #BugBounty — AWS S3 added to my “Bucket” list!
Search URL Search Domain Scan URL
Title: View the bug subscriptions for any Oculus User
Search URL Search Domain Scan URL
Title: Hacking Facebook accounts using CSRF in Oculus-Facebook integration
Search URL Search Domain Scan URL
Title: #BugBounty — How I was able to delete anyone’s account in an Online Car Rental Company
Search URL Search Domain Scan URL
Title: Google Tez XSS
Search URL Search Domain Scan URL
Title: #BugBounty — How I was able to read chat of users in an Online travel portal
Search URL Search Domain Scan URL
Title: RCE Vulnerabilite in Yahoo Subdomain! ( Yahoo! RCE via Spring Engine SSTI ) By tghawkins
Search URL Search Domain Scan URL
Title: Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)
Search URL Search Domain Scan URL
Title: F**k you Thomas” - ToyTalk bug bounty writeup
Search URL Search Domain Scan URL
Title: Content Injection in DuoLingo’s TinyCards App for Android [CVE-2017-16905]
Search URL Search Domain Scan URL
Title: Abusing internal API to achieve IDOR in New Relic
Search URL Search Domain Scan URL
Title: Stealing $10,000 Yahoo Cookies!
Search URL Search Domain Scan URL
Title: Jumping to the hell with 10 attempts to bypass devil’s WAF
Search URL Search Domain Scan URL
Title: Microsoft SharePoint’s ‘Follow’ Feature XSS (CVE-2017–8514) -Adesh Kolte
Search URL Search Domain Scan URL
Title: Account Takeover Due to Misconfigured Login with Facebook/Google
Search URL Search Domain Scan URL
Title: Bhavuk Jain (@bhavukjain1)
Search URL Search Domain Scan URL
Title: P4 to P2 - The story of one blind SSRF
Search URL Search Domain Scan URL
Title: Unrestricted File Upload to RCE | Bug Bounty POC
Search URL Search Domain Scan URL
Title: Don’t Trust the Host Header for Sending Password Reset Emails
Search URL Search Domain Scan URL
Title: Jack Cable
Search URL Search Domain Scan URL
Title: How I was able to takeover Facebook account
Search URL Search Domain Scan URL
Title: Using App Ads Helper as an Analytic User
Search URL Search Domain Scan URL
Title: Bug Bounty: Fastmail
Search URL Search Domain Scan URL
Title: How I Was Able To See The Bounty Balance Of Any Bug Bounty Program In HackerOne
Search URL Search Domain Scan URL
Title: Cj Legacion
Search URL Search Domain Scan URL
Title: Getting a RCE — CTF Way
Search URL Search Domain Scan URL
Title: DEV XSS Protection bypass made my quickest bounty ever!!
Search URL Search Domain Scan URL
Title: LFI to Command Execution: Deutche Telekom Bug Bounty
Search URL Search Domain Scan URL
Title: Image removal vulnerability in Facebook polling feature
Search URL Search Domain Scan URL
Title: Story of bypassing Referer Header to make open redirect
Search URL Search Domain Scan URL
Title: Taking note: XSS to RCE in the Simplenote Electron client
Search URL Search Domain Scan URL
Title: Yasin Soliman (@SecurityYasin)
Search URL Search Domain Scan URL
Title: Amazon Bypass Open Redirect
Search URL Search Domain Scan URL
Title: VMware Official VCDX Reflected XSS
Search URL Search Domain Scan URL
Title: UBER Wildcard Subdomain Takeover | BugBounty POC
Search URL Search Domain Scan URL
Title: Account Take Over Vulnerability in Google acquisition [Famebit]
Search URL Search Domain Scan URL
Title: Hassan Khan Yusufzai
Search URL Search Domain Scan URL
Title: Transforming a Domain into the Matrix (an open redirect story)
Search URL Search Domain Scan URL
Title: SQL in everywhere.
Search URL Search Domain Scan URL
Title: Why I walked away from $30,000 of DJI bounty money
Search URL Search Domain Scan URL
Title: Kevin Finisterre
Search URL Search Domain Scan URL
Title: Bypassing Crossdomain Policy and Hit Hundreds of Top Alexa Sites
Search URL Search Domain Scan URL
Title: How signing up for an account with an @company.com email can have unexpected results
Search URL Search Domain Scan URL
Title: How I Pwned a company using IDOR & Blind XSS
Search URL Search Domain Scan URL
Title: Osama Ansari
Search URL Search Domain Scan URL
Title: From Recon to DOM-Based XSS
Search URL Search Domain Scan URL
Title: Stealing bitcoin wallet backups from blockchain.info
Search URL Search Domain Scan URL
Title: Shashank
Search URL Search Domain Scan URL
Title: How to delete all company progress by one “rm” command in AWS s3 Buckets
Search URL Search Domain Scan URL
Title: Local File Read via XSS in Dynamically Generated PDF
Search URL Search Domain Scan URL
Title: From SSRF to Local File Disclosure
Search URL Search Domain Scan URL
Title: Get your Microsoft account hijacked by simply clicking connect button -Adesh Kolte
Search URL Search Domain Scan URL
Title: Open redirect in informatica (BugBounty)
Search URL Search Domain Scan URL
Title: Multiple Intel Vulnerabilities-Adesh Kolte
Search URL Search Domain Scan URL
Title: Non-persistent XSS at Microsoft -Adesh Kolte
Search URL Search Domain Scan URL
Title: CRLF injection in blockchain.info
Search URL Search Domain Scan URL
Title: Accessing Localhost via Vhost
Search URL Search Domain Scan URL
Title: Senstive Information Leak Lead To join any Organisation
Search URL Search Domain Scan URL
Title: [Facebook Bug Bounty] How I was able to enumerate Instagram Accounts who had enabled 2FA (Two Step Verification) for additional protection
Search URL Search Domain Scan URL
Title: App Maker and Colaboratory: a stored Google XSS double-bill
Search URL Search Domain Scan URL
Title: How I hacked Google’s bug tracking system itself for $15,600 in bounties
Search URL Search Domain Scan URL
Title: Abusing new Claps feature in Medium
Search URL Search Domain Scan URL
Title: Sai Krishna Kothapalli
Search URL Search Domain Scan URL
Title: Slack SAML authentication bypass
Search URL Search Domain Scan URL
Title: How i found an SSRF in Yahoo! Guesthouse (Recon Wins)
Search URL Search Domain Scan URL
Title: Th3G3nt3lman
Search URL Search Domain Scan URL
Title: Taking over every Ad on OLX (automated), an IDOR story
Search URL Search Domain Scan URL
Title: Roderick Schaefer
Search URL Search Domain Scan URL
Title: Sensitive data exposure by requesting a resource with a different content type
Search URL Search Domain Scan URL
Title: Yogendra Jaiswal (Vulnholic)
Search URL Search Domain Scan URL
Title: How I hacked all the [REDACT] Agents accounts
Search URL Search Domain Scan URL
Title: Neeraj Sonaniya
Search URL Search Domain Scan URL
Title: Reading Internal Files using SSRF vulnerability
Search URL Search Domain Scan URL
Title: DOM XSS – auth.uber.com
Search URL Search Domain Scan URL
Title: How I was Able to see someone’s all private files with a single file share link through Atom feed & Never Give Up #togetherwehitharder HackerOne
Search URL Search Domain Scan URL
Title: Leaking Amazon.com CSRF Tokens Using Service Worker API
Search URL Search Domain Scan URL
Title: Bugcrowd’s Domain & Subdomain Takeover vulnerability!
Search URL Search Domain Scan URL
Title: Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net
Search URL Search Domain Scan URL
Title: Artsy
Search URL Search Domain Scan URL
Title: Subdomain Takeover Through Expired Cloudfront Distribution
Search URL Search Domain Scan URL
Title: Lamborghini
Search URL Search Domain Scan URL
Title: Facebook GraphQL CSRF
Search URL Search Domain Scan URL
Title: How I Was Able To View Private Tweets Of Any Private Twitter Account
Search URL Search Domain Scan URL
Title: How I could have mass uploaded from every Flickr account!
Search URL Search Domain Scan URL
Title: Jazzy (@ret2got)
Search URL Search Domain Scan URL
Title: Device Authorization Bypass!
Search URL Search Domain Scan URL
Title: Filter Bypass to Reflected XSS on https://finance.yahoo.com (mobile version)
Search URL Search Domain Scan URL
Title: 900$ XSS in yahoo ( Recon Wins )
Search URL Search Domain Scan URL
Title: How i bypassed Practo’s firewall and triggered a XSS.
Search URL Search Domain Scan URL
Title: Vipin Chaudhary
Search URL Search Domain Scan URL
Title: IDOR – Execute JavaScript into anyone account
Search URL Search Domain Scan URL
Title: Stored XSS to Full Information disclosure
Search URL Search Domain Scan URL
Title: Luminate Internal Privilege Escalation — Admin to Owner
Search URL Search Domain Scan URL
Title: All About Hackerone Private Program Terapeak
Search URL Search Domain Scan URL
Title: This domain is my domain — G Suite A record vulnerability
Search URL Search Domain Scan URL
Title: Multiple vulnerabilities in Oracle EBS
Search URL Search Domain Scan URL
Title: First bounty, time to step up my game
Search URL Search Domain Scan URL
Title: Exploiting a Single Request for Multiple Vulnerabilities
Search URL Search Domain Scan URL
Title: Story of a Parameter Specific XSS!
Search URL Search Domain Scan URL
Title: Chaining Self XSS with UI Redressing is Leading to Session Hijacking (PWN users like a boss)
Search URL Search Domain Scan URL
Title: Stored XSS] with arbitrary cookie installation
Search URL Search Domain Scan URL
Title: Arbaz Hussain
Search URL Search Domain Scan URL
Title: URL Whitelist Bypass - Accounts Google (accounts.google.com) - VRP
Search URL Search Domain Scan URL
Title: Manuel Sousa (@manuelvsousa)
Search URL Search Domain Scan URL
Title: How I hacked hundreds of companies through their helpdesk
Search URL Search Domain Scan URL
Title: Bypassing Facebook Profile Picture Guard Security.
Search URL Search Domain Scan URL
Title: Phishing with history.back() open redirect
Search URL Search Domain Scan URL
Title: Reflective XSS and Open Redirect on Indeed.com subdomain
Search URL Search Domain Scan URL
Title: Syntax Error
Search URL Search Domain Scan URL
Title: How I found Reflective XSS in Yahoo Subdomain
Search URL Search Domain Scan URL
Title: IDOR on HackerOne Hacker Review “What Program Say”
Search URL Search Domain Scan URL
Title: Japz Divino
Search URL Search Domain Scan URL
Title: Don’t just alert(1) , Because XSS is for fun…!!
Search URL Search Domain Scan URL
Title: My write up about UBER Cross-site scripting by help of KNOXSS
Search URL Search Domain Scan URL
Title: Stealing 0Auth Token (MITM)
Search URL Search Domain Scan URL
Title: Reflected XSS in Yahoo!
Search URL Search Domain Scan URL
Title: Uber XSS via Cookie
Search URL Search Domain Scan URL
Title: Luminate Store Basics defacement and potential takeover
Search URL Search Domain Scan URL
Title: Developer Luminate IDOR
Search URL Search Domain Scan URL
Title: Developer Luminate IDOR
Search URL Search Domain Scan URL
Title: Luminate Store Basics defacement and potential takeover
Search URL Search Domain Scan URL
Title: Improper Storage of Private Project’s Files
Search URL Search Domain Scan URL
Title: Bypassing Rate Limit Protection by spoofing originating IP
Search URL Search Domain Scan URL
Title: Upgrade from LFI to RCE via PHP Sessions
Search URL Search Domain Scan URL
Title: Pre-domain wildcard CORS Exploitation
Search URL Search Domain Scan URL
Title: Facebook stories disclose Facebook friend list
Search URL Search Domain Scan URL
Title: Password Not Provided - Compromising Any Flurry User’s Account [Yahoo Bug Bounty]
Search URL Search Domain Scan URL
Title: Accidentally typo to bypass administration access
Search URL Search Domain Scan URL
Title: Reflected XSS on www.yahoo.com
Search URL Search Domain Scan URL
Title: Chain the vulnerabilities and take your report impact on the moon (CSRF to HTML INJECTION which results OPEN REDIRECT and could steal USER CREDENTIALS)
Search URL Search Domain Scan URL
Title: Armaan Patha
Search URL Search Domain Scan URL
Title: Getting access to 25k employees details
Search URL Search Domain Scan URL
Title: Sahil Ahamad
Search URL Search Domain Scan URL
Title: How to confirm a Google user’s specific email address (Bug Bounty Submission)
Search URL Search Domain Scan URL
Title: XSS Because of wrong Content-type Header
Search URL Search Domain Scan URL
Title: Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!
Search URL Search Domain Scan URL
Title: Ali Kabeel
Search URL Search Domain Scan URL
Title: How i found massive information disclosure of 1500 famous people
Search URL Search Domain Scan URL
Title: Referer Based XSS
Search URL Search Domain Scan URL
Title: How we invented the Tesla DOM DOOM XSS
Search URL Search Domain Scan URL
Title: Detectify Labs
Search URL Search Domain Scan URL
Title: Disabling New Emails From Facebook Without Email Owner Interaction
Search URL Search Domain Scan URL
Title: Rolling around and Bypassing Facebook’s Linkshim protection on iOS
Search URL Search Domain Scan URL
Title: Stored XSS on Rockstar Game
Search URL Search Domain Scan URL
Title: Open Redirect In Flock | My First Swag pack
Search URL Search Domain Scan URL
Title: May the Shells be with You - A Star Wars RCE Adventure!
Search URL Search Domain Scan URL
Title: Andy Gill
Search URL Search Domain Scan URL
Title: How i was able to bypass strong xss protection in well known website. (imgur.com)
Search URL Search Domain Scan URL
Title: Missing Authorization check in Facebook Pages Manager
Search URL Search Domain Scan URL
Title: Race Condition bypassing team limit
Search URL Search Domain Scan URL
Title: Self XSS to Good XSS Clickjacking
Search URL Search Domain Scan URL
Title: Business Logic Vulnerabilities Series: A brief on Abusing Invitation Systems
Search URL Search Domain Scan URL
Title: That Escalated Quickly : From partial CSRF to reflected XSS to complete CSRF to Stored XSS
Search URL Search Domain Scan URL
Title: Xss using dynamically generated js file
Search URL Search Domain Scan URL
Title: Exploiting Misconfigured CORS on popular BTC Site
Search URL Search Domain Scan URL
Title: Stealing Access Token of One-drive Integration By Chaining CSRF Vulnerability
Search URL Search Domain Scan URL
Title: IDOR While Connecting Social Account in Hackster.io
Search URL Search Domain Scan URL
Title: Bypassing XSS Filtering at Anchor Tag
Search URL Search Domain Scan URL
Title: ctrl+c & ctrl+v to Steal SESSIONID
Search URL Search Domain Scan URL
Title: How to find internal subdomains? YQL, Yahoo! and bug bounty.
Search URL Search Domain Scan URL
Title: Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information
Search URL Search Domain Scan URL
Title: Fabric.io API permission apocalypse – Privilege Escalations
Search URL Search Domain Scan URL
Title: wesecureapp
Search URL Search Domain Scan URL
Title: How we tookover shopify accounts with one single click
Search URL Search Domain Scan URL
Title: XSS by tossing cookies
Search URL Search Domain Scan URL
Title: How a simple IDOR become a $4K User Impersonation vulnerability
Search URL Search Domain Scan URL
Title: Shahmeer Amir (@Shahmeer_Amir)
Search URL Search Domain Scan URL
Title: Coinbase AngularJS DOM XSS via Kiteworks
Search URL Search Domain Scan URL
Title: Pauloas yibelo
Search URL Search Domain Scan URL
Title: Medium Content Spoofing Leads to XSS
Search URL Search Domain Scan URL
Title: Managed Apps and Music: a tale of two XSSes in Google Play
Search URL Search Domain Scan URL
Title: Making an XSS triggered by CSP bypass on Twitter.
Search URL Search Domain Scan URL
Title: OpenProject Session Management Security Vulnerability aka CVE-2017-11667
Search URL Search Domain Scan URL
Title: Posting on groups as people whenever their email was known by an attacker
Search URL Search Domain Scan URL
Title: Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read
Search URL Search Domain Scan URL
Title: Brett Buerhaus
Search URL Search Domain Scan URL
Title: CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System
Search URL Search Domain Scan URL
Title: Road to (unauthenticated) recovery: downloading GitHub SSO bypass codes
Search URL Search Domain Scan URL
Title: Authentication bypass on Uber’s Single Sign-On via subdomain takeover
Search URL Search Domain Scan URL
Title: Arne Swinnen
Search URL Search Domain Scan URL
Title: Stored XSS in the heart of the Russian email provider giant (Mail.ru)
Search URL Search Domain Scan URL
Title: Yahoo Small Business (Luminate) and the Not-So-Secret Keys
Search URL Search Domain Scan URL
Title: Tommy DeVoss / dawgyg (@thedawgyg)
Search URL Search Domain Scan URL
Title: How I Built An XSS Worm On Atmail
Search URL Search Domain Scan URL
Title: Authentication bypass on Airbnb via OAuth tokens theft
Search URL Search Domain Scan URL
Title: How I hacked 23.900.000 tumblr domains at once :)
Search URL Search Domain Scan URL
Title: XSS on Bugcrowd and so many other website’s main Domain
Search URL Search Domain Scan URL
Title: Bull
Search URL Search Domain Scan URL
Title: Vulnerability in Metasploit Project aka CVE-2017-5244
Search URL Search Domain Scan URL
Title: Godaddy XSS affects parked domains redirector/processor!
Search URL Search Domain Scan URL
Title: Let’s steal some tokens!
Search URL Search Domain Scan URL
Title: WHATSAPP — DOS VULNERABILITY IN IOS & ANDROID
Search URL Search Domain Scan URL
Title: From JS to another JS files lead to authentication bypass
Search URL Search Domain Scan URL
Title: How I got 5500$ from Yahoo for RCE
Search URL Search Domain Scan URL
Title: Django Privilege Escalation – Zero To Superuser
Search URL Search Domain Scan URL
Title: Sean Melia
Search URL Search Domain Scan URL
Title: XSS on Google{5.000$}-Google Vulnerability Reward Program (VRP)
Search URL Search Domain Scan URL
Title: Pivoting from blind SSRF to RCE with HashiCorp Consul
Search URL Search Domain Scan URL
Title: Peter Adkins
Search URL Search Domain Scan URL
Title: A pair of Plotly bugs: Stored XSS and AWS Metadata SSRF
Search URL Search Domain Scan URL
Title: Hacking the NHS for Fun and No Profit
Search URL Search Domain Scan URL
Title: One Cloud-based Local File Inclusion = Many Companies affected
Search URL Search Domain Scan URL
Title: Francisco Correa (@panchocosil)
Search URL Search Domain Scan URL
Title: Find Mingle Suggestions for any Facebook User (Revisited)
Search URL Search Domain Scan URL
Title: I got emails — G Suite Vulnerability
Search URL Search Domain Scan URL
Title: AWS S3 bucket misconfiguration - Paytm
Search URL Search Domain Scan URL
Title: Inspect Element leads to Stripe Account Lockout Authentication Bypass
Search URL Search Domain Scan URL
Title: Airbnb – Web to App Phone Notification IDOR to view Everyone’s Airbnb Messages
Search URL Search Domain Scan URL
Title: Hundreds of hundreds sub-secdomains hack3d! (including Hacker0ne)
Search URL Search Domain Scan URL
Title: Critical information disclosure on Wappalyzer.com
Search URL Search Domain Scan URL
Title: Near universal XSS in McAfee Web Gateway
Search URL Search Domain Scan URL
Title: Penetrating PornHub – XSS vulns galore (plus a cool shirt!)
Search URL Search Domain Scan URL
Title: Airbnb – Ruby on Rails String Interpolation led to Remote Code Execution
Search URL Search Domain Scan URL
Title: How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)
Search URL Search Domain Scan URL
Title: Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat
Search URL Search Domain Scan URL
Title: Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities
Search URL Search Domain Scan URL
Title: Ok Google, Give Me All Your Internal DNS Information!
Search URL Search Domain Scan URL
Title: Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token
Search URL Search Domain Scan URL
Title: Frans Rosén
Search URL Search Domain Scan URL
Title: How I got your phone number through Facebook
Search URL Search Domain Scan URL
Title: How I bypassed State Bank of India OTP.
Search URL Search Domain Scan URL
Title: How I was able to remove your Instagram Phone number
Search URL Search Domain Scan URL
Title: From RSS to XXE: feed parsing on Hootsuite
Search URL Search Domain Scan URL
Title: SQL injection in an UPDATE query - a bug bounty story!
Search URL Search Domain Scan URL
Title: Lightweight markup: a trio of persistent XSS in GitLab
Search URL Search Domain Scan URL
Title: Vulnerabilities in Facebook Login Approval Form
Search URL Search Domain Scan URL
Title: Facebook Account Recovery Form (CONFLICTING)
Search URL Search Domain Scan URL
Title: Bypassed Facebook Phone Number Security
Search URL Search Domain Scan URL
Title: This domain is my domain - G Suite A record vulnerability
Search URL Search Domain Scan URL
Title: White Hats - Nepal
Search URL Search Domain Scan URL
Title: Facebook Groups Hack
Search URL Search Domain Scan URL
Title: Cross Site Request Forgery in Facebook
Search URL Search Domain Scan URL
Title: I got emails - G Suite Vulnerability
Search URL Search Domain Scan URL
Title: 12k$ for simple path traversal on http://web.whatsapp.com
Search URL Search Domain Scan URL
Title: lalka
Search URL Search Domain Scan URL
Title: How I could have compromised any account on one of the biggest startup based in California
Search URL Search Domain Scan URL
Title: 0day writeup: XXE in uber.com
Search URL Search Domain Scan URL
Title: How I could have Hacked IIT Guwahati’s website
Search URL Search Domain Scan URL
Title: My first bug on @facebook bug bounty program.
Search URL Search Domain Scan URL
Title: IDOR in Facebook’s Acquisition (Parse)
Search URL Search Domain Scan URL
Title: Venkatesh Sivakumar
Search URL Search Domain Scan URL
Title: The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean
Search URL Search Domain Scan URL
Title: Authentication bypass on Ubiquity’s Single Sign-On via subdomain takeover
Search URL Search Domain Scan URL
Title: Bypassing Ebay XSS Protection to launch XSS by Nirmal Dahal
Search URL Search Domain Scan URL
Title: Svg XSS in Unifi v5.0.2
Search URL Search Domain Scan URL
Title: Stored XSS in UniFi v4.8.12 Controller
Search URL Search Domain Scan URL
Title: Rewriting a photo not owned by the session user in Moments App (Revisited)
Search URL Search Domain Scan URL
Title: Leak Private Videos [Vimeo Bug Bounty]
Search URL Search Domain Scan URL
Title: Open Redirect Scanner with Uber.com
Search URL Search Domain Scan URL
Title: Command Injection Without Spaces
Search URL Search Domain Scan URL
Title: gif it time it’ll come to you - Finding More Holes in The Hub
Search URL Search Domain Scan URL
Title: Persisting on Pornhub
Search URL Search Domain Scan URL
Title: Link Injection Manipulation at admin.google.com
Search URL Search Domain Scan URL
Title: Vine Re-auth Bypass [Twitter Bug Bounty]
Search URL Search Domain Scan URL
Title: Bug Bounty : Account Takeover Vulnerability POC
Search URL Search Domain Scan URL
Title: Rakesh Mane
Search URL Search Domain Scan URL
Title: How I snooped into your private Slack messages [Slack Bug bounty worth $2,500]
Search URL Search Domain Scan URL
Title: Decoding a $😱,000.00 htpasswd bounty
Search URL Search Domain Scan URL
Title: Patrik Fehrenbach (@ITSecurityguard)
Search URL Search Domain Scan URL
Title: Internet Explorer has a URL problem
Search URL Search Domain Scan URL
Title: File Descriptor
Search URL Search Domain Scan URL
Title: Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000]
Search URL Search Domain Scan URL
Title: RCE In AddThis
Search URL Search Domain Scan URL
Title: PornHub: Email Confirmation Bypass
Search URL Search Domain Scan URL
Title: Vaxo Dai (@___0x00)
Search URL Search Domain Scan URL
Title: Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded
Search URL Search Domain Scan URL
Title: [demo.paypal.com] Node.js code injection (RCE)
Search URL Search Domain Scan URL
Title: Michael Stepankin (@artsploit)
Search URL Search Domain Scan URL
Title: Swf XSS (Dom Based Xss)
Search URL Search Domain Scan URL
Title: Xss filter bypass in Yahoo dev.flurry.com
Search URL Search Domain Scan URL
Title: XSS on Flickr
Search URL Search Domain Scan URL
Title: CSV Injection -> Meterpreter on Pornhub
Search URL Search Domain Scan URL
Title: Messenger.com Site-Wide CSRF
Search URL Search Domain Scan URL
Title: Jack Whitton
Search URL Search Domain Scan URL
Title: BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!
Search URL Search Domain Scan URL
Title: Remote Code Execution (RCE) on Microsoft’s ‘signout.live.com’
Search URL Search Domain Scan URL
Title: How we broke PHP, hacked Pornhub and earned $20,000
Search URL Search Domain Scan URL
Title: Ruslan Habalov
Search URL Search Domain Scan URL
Title: cutz
Search URL Search Domain Scan URL
Title: Dario Weißer
Search URL Search Domain Scan URL
Title: Twitter’s Vine Source code dump - $10080
Search URL Search Domain Scan URL
Title: @avicoder
Search URL Search Domain Scan URL
Title: Stealing Facebook access_tokens using CSRF in device login flow
Search URL Search Domain Scan URL
Title: How I Could Steal Money from Instagram, Google and Microsoft
Search URL Search Domain Scan URL
Title: Race conditions on the web
Search URL Search Domain Scan URL
Title: TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking
Search URL Search Domain Scan URL
Title: Uber Hacking: How we found out who you are, where you are and where you went
Search URL Search Domain Scan URL
Title: Vitor “r0t” Oliveira (@r0t1v)
Search URL Search Domain Scan URL
Title: Medium Full Account Takeover By One Click
Search URL Search Domain Scan URL
Title: Two vulnerabilities makes an Exploit!! (XSS and CSRF in Bing)
Search URL Search Domain Scan URL
Title: Why you shouldn’t share links on Facebook
Search URL Search Domain Scan URL
Title: Popping the Pornhub Cherry
Search URL Search Domain Scan URL
Title: RunKeeper Stored XSS Vulnerability – Where worms are able to run too!
Search URL Search Domain Scan URL
Title: InstaBrute: Two Ways to Brute-force Instagram Account Credentials
Search URL Search Domain Scan URL
Title: Microsoft Yammer Clickjacking – Exploiting HTML5 Security Features
Search URL Search Domain Scan URL
Title: When your privacy disclosure is a “feature” not a “bug” – Badoo & HotorNot failure!
Search URL Search Domain Scan URL
Title: Sleeping stored Google XSS Awakens a $5000 Bounty
Search URL Search Domain Scan URL
Title: How I bypassed Facebook CSRF once again!
Search URL Search Domain Scan URL
Title: Facebook Vulnerability – a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings
Search URL Search Domain Scan URL
Title: Mohamed Aty
Search URL Search Domain Scan URL
Title: Fiverr.com Full Accounts Takeover – A Vulnerability Puts $50 Million Company At Risk
Search URL Search Domain Scan URL
Title: FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!
Search URL Search Domain Scan URL
Title: Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS
Search URL Search Domain Scan URL
Title: Facebook movies recommendation vulnerability – A bug capable of erasing all your important notifications!
Search URL Search Domain Scan URL
Title: WhatsApp Clickjacking Vulnerability – Yet another web client failure!
Search URL Search Domain Scan URL
Title: Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak
Search URL Search Domain Scan URL
Title: Facebook ClickJacking – How we put a new dress on Facebook UI
Search URL Search Domain Scan URL
Title: ESEA Server-Side Request Forgery and Querying AWS Meta Data
Search URL Search Domain Scan URL
Title: Yahoo Login Protection Seal – Stored CSS Injection
Search URL Search Domain Scan URL
Title: Facebook Invitees Email Address Disclosure
Search URL Search Domain Scan URL
Title: Obtaining Login Tokens for an Outlook, Office or Azure Account
Search URL Search Domain Scan URL
Title: How I Could Compromise 4% (Locked) Instagram Accounts
Search URL Search Domain Scan URL
Title: Uber Bug Bounty: Turning Self-XSS into Good-XSS
Search URL Search Domain Scan URL
Title: Command injection which got me “6000$” from #Google
Search URL Search Domain Scan URL
Title: Hacking Magento eCommerce For Fun And 17.000 USD
Search URL Search Domain Scan URL
Title: Ubiquiti Bug Bounty: UniFi v3.2.10 Generic CSRF Protection Bypass
Search URL Search Domain Scan URL
Title: How I Hacked [Oculus] OAuth +Ebay +IBM
Search URL Search Domain Scan URL
Title: A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)
Search URL Search Domain Scan URL
Title: How I got access to millions of [redacted] accounts
Search URL Search Domain Scan URL
Title: Bitquark
Search URL Search Domain Scan URL
Title: An XSS on Facebook via PNGs & Wonky Content Types
Search URL Search Domain Scan URL
Title: [manager.paypal.com] Remote Code Execution Vulnerability
Search URL Search Domain Scan URL
Title: Broken Access Control in bingmapsportal !!!
Search URL Search Domain Scan URL
Title: Click Jacking in bingmapsportal
Search URL Search Domain Scan URL
Title: Leaking API keys in Bing Maps Portal
Search URL Search Domain Scan URL
Title: Instagram’s Million Dollar Bug
Search URL Search Domain Scan URL
Title: Wesley Wineberg
Search URL Search Domain Scan URL
Title: Cloudflare WAF XSS
Search URL Search Domain Scan URL
Title: Open Redirect in Linkedin and Yahoo
Search URL Search Domain Scan URL
Title: XSS vulnerability in Google image search
Search URL Search Domain Scan URL
Title: XSS to RCE in …
Search URL Search Domain Scan URL
Title: Neil Hakuna Matatall
Search URL Search Domain Scan URL
Title: CVE-2014-7216: A Journey Through Yahoo’s Bug Bounty Program
Search URL Search Domain Scan URL
Title: Blind SQL Inejction [Hootsuite]
Search URL Search Domain Scan URL
Title: One Payload to XSS Them All!
Search URL Search Domain Scan URL
Title: Bypassing Google Authentication on Periscope’s Administration Panel
Search URL Search Domain Scan URL
Title: The easiest bug bounties I have ever won
Search URL Search Domain Scan URL
Title: Bypass ad account roles vulnerability 2015
Search URL Search Domain Scan URL
Title: Race conditions on Facebook, DigitalOcean and others (fixed)
Search URL Search Domain Scan URL
Title: How I bypassed Facebook CSRF Protection
Search URL Search Domain Scan URL
Title: Neglected DNS records exploited to takeover subdomains
Search URL Search Domain Scan URL
Title: Yassine Aboukir (@Yassineaboukir)
Search URL Search Domain Scan URL
Title: Google.com – Mobile Feedback URL Redirect Regex/Validation Flaw
Search URL Search Domain Scan URL
Title: Flickr API Explorer – Force users to execute any API request.
Search URL Search Domain Scan URL
Title: admin.google.com Reflected Cross-Site Scripting (XSS)
Search URL Search Domain Scan URL
Title: Yahoo – Root Access SQL Injection – tw.yahoo.com
Search URL Search Domain Scan URL
Title: Papyal XML Upload Cross Site Scripting Vulnerability
Search URL Search Domain Scan URL
Title: How I discovered a 1000$ open redirect in Facebook
Search URL Search Domain Scan URL
Title: Reflected Cross Site Scripting at Paypal.com
Search URL Search Domain Scan URL
Title: Malicious redirect on mailroom.prezi.com
Search URL Search Domain Scan URL
Title: Reading local files from Facebook’s server (fixed)
Search URL Search Domain Scan URL
Title: Google Bug Bounty: Nice Catch on Google Cloud Platform Live
Search URL Search Domain Scan URL
Title: Reflected Cross Site Scripting BillMeLater
Search URL Search Domain Scan URL
Title: Paypal stored XSS + Security bypass
Search URL Search Domain Scan URL
Title: Paypal DOM XSS main domain
Search URL Search Domain Scan URL
Title: The 5000$ Google XSS
Search URL Search Domain Scan URL
Title: Facebook Bug Bounty: secondary damage (revisited) why I really like reporting to Facebook too :)
Search URL Search Domain Scan URL
Title: Yahoo phpinfo.php disclosure
Search URL Search Domain Scan URL
Title: Step-by-step: exploiting SQL injection(s) in Oculus’ website.
Search URL Search Domain Scan URL
Title: Popping a shell on the Oculus developer portal
Search URL Search Domain Scan URL
Title: Flickr XSRF to Change Photo Details
Search URL Search Domain Scan URL
Title: Facebook – Stored Cross-Site Scripting (XSS) – Badges
Search URL Search Domain Scan URL
Title: ebay bug bounty
Search URL Search Domain Scan URL
Title: Prezi (map.prezi.com) Path Traversal
Search URL Search Domain Scan URL
Title: Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)
Search URL Search Domain Scan URL
Title: A Tale of 7 Vulnerabilities
Search URL Search Domain Scan URL
Title: Facebook – Send Notifications to any User Exploit
Search URL Search Domain Scan URL
Title: Google Exploit – Steal Account Login Email Addresses
Search URL Search Domain Scan URL
Title: Tesla Motors blind SQL injection
Search URL Search Domain Scan URL
Title: How I hacked Github again.
Search URL Search Domain Scan URL
Title: Google Sites: A Tale of Five Vulnerabilities
Search URL Search Domain Scan URL
Title: Waze arbitrary file upload
Search URL Search Domain Scan URL
Title: Imgur xss
Search URL Search Domain Scan URL
Title: Abusing CORS for an XSS on Flickr
Search URL Search Domain Scan URL
Title: Heroku Directory Transversal
Search URL Search Domain Scan URL
Title: XSS - Google Groups (groups.google.com) - Vulnerability Reward Program
Search URL Search Domain Scan URL
Title: Oracle xss
Search URL Search Domain Scan URL
Title: Instagram’s One-Click Privacy Switch
Search URL Search Domain Scan URL
Title: Nokia email app pwnage
Search URL Search Domain Scan URL
Title: LFI in Nokia maps
Search URL Search Domain Scan URL
Title: Facebook bug bounty: secondary damage (one report that leads to more bugs), fairness, and why I really like reporting to Facebook
Search URL Search Domain Scan URL
Title: Content Types and XSS: Facebook Studio
Search URL Search Domain Scan URL
Title: Facebook CSRF leading to full account takeover (fixed)
Search URL Search Domain Scan URL
Title: PayPal Bug Bounty: PayPaltech.com E-Mail Injection
Search URL Search Domain Scan URL
Title: Removing Covers Images on Friendship Pages, on Facebook
Search URL Search Domain Scan URL
Title: SQL injections in Nokia sites.
Search URL Search Domain Scan URL
Title: How I found my way into Instagram’s Ganglia, and a bug with Facebook likes.
Search URL Search Domain Scan URL
Title: Admob creative image cross-site scripting vulnerability
Search URL Search Domain Scan URL
Title: Amazon packaging feedback cross-site scripting vulnerability
Search URL Search Domain Scan URL
Title: Hijacking a Facebook Account with SMS
Search URL Search Domain Scan URL
Title: Overwriting Banner Images on Etsy
Search URL Search Domain Scan URL
Title: PayPal Bug Bounty: PayPaltech.com XSS
Search URL Search Domain Scan URL
Title: Stealing Facebook Access Tokens with a Double Submit
Search URL Search Domain Scan URL
Title: How I Rewarded with USD?K Just With a Simple Search Form
Search URL Search Domain Scan URL
Title: Framing, Part 1: Click-Jacking Etsy
Search URL Search Domain Scan URL
Title: Persistent XSS on myworld.ebay.com
Search URL Search Domain Scan URL
Title: Google.com cross site scripting and privilege escalation in Consumer Surveys
Search URL Search Domain Scan URL
Title: My Experience with the PayPal Bug Bounty Programme
Search URL Search Domain Scan URL
Title: Parameter pollution bug at twitter
Search URL Search Domain Scan URL
Title: Mert (@merttasci_)
Search URL Search Domain Scan URL
Title: G Suite - Device Management XSS
Search URL Search Domain Scan URL
Title: Auth Issues
Search URL Search Domain Scan URL
Title: Multiple XSS
Search URL Search Domain Scan URL
Title: Blind XSS against a Googler
Search URL Search Domain Scan URL
Title: Stored XSS on biz.waze.com
Search URL Search Domain Scan URL
Title: CSRF ‘protection’ bypass on xvideos
Search URL Search Domain Scan URL
Title: Open URL redirects to grab FB OAuth Tokens
Search URL Search Domain Scan URL
Title: XML XSS via POST
Search URL Search Domain Scan URL
Title: $10k host header
Search URL Search Domain Scan URL
Title: $7.5k Google services mix-up
Search URL Search Domain Scan URL
Title: $5k Service dependencies
Search URL Search Domain Scan URL
Title: $500 getClass
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
list-of-bug-bounty-writeups.html
pentester.land/ |
568 KB 115 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
embed.js
downloads.mailchimp.com/js/signup-forms/popup/ |
126 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.css
pentester.land/assets/css/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
843 B 840 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
pentester.land/assets/img/ |
29 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
email-decode.min.js
pentester.land/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 833 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
form-settings
mc.us17.list-manage.com/subscribe/ |
1 KB 2 KB |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
analytics.js
www.google-analytics.com/ |
44 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
zOL64pLDlL1D99S8g8PtiKchq-dmjcDidBc.woff2
fonts.gstatic.com/s/abrilfatface/v11/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
collect
www.google-analytics.com/r/ |
35 B 112 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
popup.js
downloads.mailchimp.com/js/signup-forms/popup/1.0/ |
96 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
common.css
downloads.mailchimp.com/css/signup-forms/popup/1.0/ Frame 282A |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
banner.css
downloads.mailchimp.com/css/signup-forms/popup/1.0/ Frame 282A |
708 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
common.css
downloads.mailchimp.com/css/signup-forms/popup/1.0/ Frame 3EBF |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
layout-1.css
downloads.mailchimp.com/css/signup-forms/popup/1.0/ Frame 3EBF |
597 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
modal-slidein.css
downloads.mailchimp.com/css/signup-forms/popup/1.0/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| define function| require object| dojo object| dijit object| dojox object| dojo_request_script_callbacks string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| SignupForm function| PopupSignupForm object| parts4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .pentester.land/ | Name: _gat Value: 1 |
|
| .pentester.land/ | Name: _gid Value: GA1.2.1382425612.1582494940 |
|
| .pentester.land/ | Name: _ga Value: GA1.2.636673957.1582494940 |
|
| .pentester.land/ | Name: __cfduid Value: d8500057c0592fbfb17779d9f7fd6ad881582494939 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
downloads.mailchimp.com
fonts.googleapis.com
fonts.gstatic.com
mc.us17.list-manage.com
pentester.land
www.google-analytics.com
143.204.202.34
23.45.237.132
2606:4700:3031::681c:17ae
2a00:1450:4001:800::200e
2a00:1450:4001:81b::2003
2a00:1450:4001:821::200a
040b7a66d0cc5ae40aa826e3a235d80c52968ee1cf1271faede03c53898a020f
07442f2bc9e417e7e700d142493b5564d926d3b28a365632e87f9e0a1c992b70
0fee87f6bb8cdae5eefca249bf377db39eea1678e818c938ba248b51405a8fda
135bbc21db8d6d09243eeacaf8a59f0e31ef9dc61a76fb41e8849d42f39733a8
14c9a7dc9bccb4c05355faa624889b917c27c8676d0c34a59f7d2d785add5667
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
4a93d3441e3e49fbd3d35c948e980e1e315eece84ef1be03b8cd47487beb2989
57e824b7c5aa9de70da2c2e2d7a9864204ab094d8556909518a46e53e68299fb
6e1c2a610d019d17bcebd21ba285668e83901f9a5e4e90bab23a6540d18a19d4
7c21826d1cb5d2a8d57fd6ac5a83f222e3c04c579cbc155618cc481cb3ce6ae6
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
bc16a569b4e42d18b8d4221182b071c2961debbd2cd86e13084362862d1c04db
d846be9502c36e791fb7ad212e76ce3fe7de64226de5898d8c13c6ca9b25b437
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ec5dbbb3720ae2661bec47c911907e47e50733a3c0e4dd4a605816031382362a