How I hacked Vending Machine. Google Groups Authorization Bypass. The Outlook Winner is Dash. How I gained access to revenue and traffic data of thousands of Shopify stores. Account Takeover by chaining two vulnerabilities.
- Life Interrupted: When the Doctor Becomes the Patient;
- Sixtine roman de la vie cérébrale (French Edition);
- A researcher found a bug that let him access Google’s database of bugs.
- Bug # “undercloud cannot tune specific data via the overr” : Bugs : tripleo.
- Flaws in most computer chips the last twenty years.
- List of bug bounty writeups.
Spokeo Bug bounty Experience. How I got a trip to amsterdam through bug bounty. Email content spoofing at IKEA. Handlebars template injection and RCE in a Shopify app. How I am able to hijack you. How I was able to get your facebook private friend list [Responsible Disclosure]. Comma is forbidden! How I was able to turn self xss into reflected xss.
ALEX & THE DATA BUGS
My very first bug: a dreaded dupe and then an IDOR jackpot! Google VRP Writeup. Stored XSS on [google. Self XSS on [komunitas. Reflected XSS on [alibabacloud.
Facebook Marketing Confidential Call Transcript. Google Books X-Hacking. How to hunt for Malvertising ads on Android.
Slack announcement-only channel post restriction bypass. DoS Across Facebook Endpoints. Should you be concerned about LastPass uploading your passwords to its server? Disclosure of Pending Roles for any Facebook Page. Privilege escalation on private program. WordPress 5.
Vimeo SSRF with code execution potential. Facebook Messenger server random memory exposure through corrupted GIF image. Fixed : Register any email address on Facebook Account. Facebook exploit — Confirm website visitor identities. A simple Account takeover misusing JWT late expiration. Bypassing a restrictive JS sandbox. Yet Another unexpected Hack for Bounty. Horizontal Privilege Escalation on Quora which can compromise all users on Quora. Web Cache Deception Attack leads to user info disclosure. Chain of hacks leading to Database Compromise!
Exploiting Google Calendars. Abusing autoresponders and email bounces.
Twitter says bugs in ad system led to data leaks | IT World Canada News
Leakage of Client Secret, Server tokens of all Uber developer applications. Bypassing rate limit abusing misconfiguration rules. Subdomain Takeover via HubSpot. Never Stop at Banner Grabbing. Hacking YouTube for fun and profit. Setting Up Gitrob and using it to find Leaking Repository of an Employee in a hackerone private program. Design Flaws - Scenario One and Fix. Internal paths disclosure due to improper exception handling.
How i was able to dump SqlDB Simple bug.
Cache Deception: How I discovered a vulnerability in Medium and helped them fix it. Jumping Over The Fence. How I hacked 40, user accounts of Microsoft using 2FA bypass outlook. Detecting and exploiting mass-assignments in order to manipulate user columns and read private messages.
How I found a simple bug in Facebook without any Test. Publish tweets by any other user. Unsecured access to personal data of a million Leo Express users. Hijacking accounts by retrieving JWT tokens via unvalidated redirects. A short tale of Account verification bypass. Misconfiguration-Whatsapp Messenger. Privilege Escalation to Highest Admin Privileges. Enroll in Facebook Ad-break program without Facebook approval. Disclose page violations and its eligibility to use Ad-breaks. Disclose Instagram business account linked to a Facebook page. Expose business email and payment account balance of any Facebook commerce page.
Reveal if a Facebook merchant page has pending or completed orders. Reflected XSS in Zomato. Oauth Misconfiguration lead to complete account takeover.
see Command Injection PoC. Facebook Vulnerability: Unremovable facebook group admin.
- What is the Kernel?.
- How toilets and bugs bind us together.
- Grinspoon w/- The Hard Aches, The Gooch Palms & Bugs.