This is a collection of bug bounty reports that were submitted by security researchers in the infosec community. These write-ups are a great way to learn from fellow hackers.
Web Hacking
- Uber Bug Bounty Turning Self-XSS into Good-XSS 7.7k - F1nite
- An XSS on Facebook via PNG & Wonky Content Types 2.7k - F1nite
- Bypassing Google Authentication on Periscope’s Administration Panel 1.4k - F1nite
- How I got access to millions of [redacted] accounts 1.9k - @Bitquark
- Popping a shell on the Oculus developer portal 1.1k - @Bitquark
- Multiple vulnerabilities in D-Link and TRENDnet ‘ncc2’ service 438 - @darkarnium
- NetGear SOAPWNDR Authentication Bypass 374 - @darkarnium
- Bypassing SOP and shouting hello before you cross the pond 400 - @avlidienbrunn
- Slack bot token leakage exposing business critical information 366 - @fransrosen
- Using a Braun Shaver to Bypass XSS Audit & WAF 646 - @fransrosen
- Paypal XML Upload XSS Vulnerability 1.3k - @PatrikF
- Poisoning the Well - Compromising GoDaddy Customer Support with Blind XSS 410 - IAmMandatory
- Drag & Drop XSS in Google 1.1k - @yappare
- Rare MSSQL SQL Injection bug 781 - @yappare
- Paypal XXE on Ektron CMS 636 - seanmeals
- Facebook Messenger CSRF vulnerabilities 918 - @mazen160
- Show friends sharing precise locations as a third party application (Facebook) 238 - philippeharewood
- How I could compromise 4% (locked) Instagram Accounts 688 - Arne Swinnen
- Two security flaws in Microsoft online web services (CSRF & XSS) 444 - yassineaboukir
- How I discovered a $1000 open redirect in Facebook 1.4k - yassineaboukir
- Advisory: TeamCity Account Creation 163 - @TheColonial
- Advisory: Seagate NAS Remote Code Execution (RCE) Vulnerability 367 - @TheColonial
- Sleeping stored Google XSS Awakens a $5000 Bounty 960 - @PatrikF
- Finding XSS vulnerabilities in Flash Files 607 - @smiegles
- Taking over Heroku Accounts 625 - @esevece
No comments:
Post a Comment