bugbountrylist 节点

当前节点:bugbountrylist

时间	节点
2021-07-21 21:43:37	List of bug bounty writeups	XSS-Through-Fuzzing-Default-IIS XSS-Through-Fuzzing-Default-IIS 漏洞类型:Reflected XSS 作者:0xdln (@0xdln)
2021-07-21 21:43:37	List of bug bounty writeups	Facebook Vulnerability: $1500 for Removing Document Cover 漏洞: 1500美元用于移除文档封面程序:Facebook 漏洞类型:Authorization flaw, IDOR 赏金:$1,500 作者:Muhammad S
2021-07-21 21:43:37	List of bug bounty writeups	Account Takeover + A Bonus Vulnerability 帐户接管 + 奖金漏洞漏洞类型:Account takeover, Session fixation 作者:Vikash Maurya
2021-07-21 21:43:37	List of bug bounty writeups	RCE via WebDav - Power Of PUT 通过 WebDav 的 RCE-PUT 的威力漏洞类型:Default credentials, RCE 作者:Jerry Shah (@Jerry)
2021-07-21 21:43:37	List of bug bounty writeups	IIS-Default-Page-to-Information-Disclosure IIS-Default-Page-to-Information-Disclosure 漏洞类型:Information disclosure 作者:0xdln (@0xdln)
2021-07-21 21:43:37	List of bug bounty writeups	Remote code execution in cdnjs of Cloudflare Cloudflare cdnjs 中的远程代码执行程序:Cloudflare 漏洞类型:RCE 作者:RyotaK (@ryotkak)
2021-07-21 21:43:37	List of bug bounty writeups	Logical Flaw Resulting Path Hijacking 逻辑缺陷导致的路径劫持漏洞类型:Namespace attack 作者:Veshraj Ghimire (@GhimireVeshraj)
2021-07-21 21:43:37	List of bug bounty writeups	How i was able to bypass Cloudflare for XSS! 我如何能够绕过 Cloudflare 的 XSS！漏洞类型:XSS 作者:hosein vita (@HoseinVita)
2021-07-21 21:43:37	List of bug bounty writeups	RFD Vulnerability And Content-Disposition Header Bypass Story! RFD 漏洞和内容处置报头绕过故事！漏洞类型:Reflected File Download 作者:Kabilan S (@kabilan1290)
2021-07-21 21:43:37	List of bug bounty writeups	Stored XSS in Google Doubleclick Studio [Google Research Grant] 存储在 Google Doubleclick Studio [ Google 研究资助]中的 XSS 程序:Google 漏洞类型:Stored XSS 赏金:$0 作者:Jasminder Pal Singh (@Singh_Jasminder)
2021-07-21 21:43:37	List of bug bounty writeups	How I found Blind SQL Injection just by browsing and getting a unique URL 我是如何通过浏览和获取一个唯一的 URL 来找到盲 SQL 注入的漏洞类型:SQL injection 作者:Jawad Mahdi (@hunter0x1)
2021-07-21 21:43:37	List of bug bounty writeups	Forced Browsing to Access Admin Panel 强制浏览访问管理面板漏洞类型:Forced browsing 作者:the_unluck_guy (@7he_unlucky_guy)
2021-07-21 21:43:37	List of bug bounty writeups	Unencrypted HTTP Links to Google Scholar in Search 在搜索中指向 Google 学术搜索的非加密 HTTP 链接程序:Google 漏洞类型:MiTM 作者:David Schütz (@xdavidhu)
2021-07-21 21:43:37	List of bug bounty writeups	Apple Security Bounty: A personal experience 苹果安全奖励: 个人体验程序:Apple 漏洞类型:Permission issue, iOS bug 赏金:$0 作者:Nicolas Brunner
2021-07-21 21:43:37	List of bug bounty writeups	Trick to bypass rate limit of password reset functionality 绕过密码重置功能速率限制的技巧漏洞类型:Rate limiting bypass 作者:Abdulrahman-Kamel
2021-07-21 21:43:37	List of bug bounty writeups	Pre-Denial Of Service (set-up 2FA on unverified account) 预拒绝服务(在未经验证的帐户上设置2FA) 漏洞类型:Application-Level DoS 作者:Vikash Maurya
2021-07-16 14:16:19	List of bug bounty writeups	Credential stuffing in Bug bounty hunting 小虫赏金猎人的证书漏洞类型:Credential stuffing 赏金:$8,300 作者:Valeriy Shevchenko (@Krevetk0Valeriy)
2021-07-16 14:16:19	List of bug bounty writeups	Part 2: Dive into Zoom Applications 第二部分: 深入研究缩放应用程序程序:Zoom 漏洞类型:CSRF, Account takeover, Information disclosure, Session expiration issue, Authorization bug, Logic flaw 作者:Rakesh Thodupunoori (@rakesh_3895)
2021-07-16 14:16:19	List of bug bounty writeups	Pre-Denial Of Service (set-up 2FA on unverified account) 预拒绝服务(在未经验证的帐户上设置2FA) 漏洞类型:Application-Level DoS 作者:Vikash Maurya
2021-07-16 14:16:19	List of bug bounty writeups	Critical Bug Bounty Reports: Part 1 关键 Bug 赏金报告: 第1部分漏洞类型:Account takeover, Password reset flaw, RCE, Information disclosure 作者:Greg Gibson
2021-07-16 14:16:19	List of bug bounty writeups	Reflected XSS Through Insecure Dynamic Loading 通过不安全的动态加载反映 XSS 漏洞类型:XSS 作者:Greg Gibson
2021-07-16 14:16:19	List of bug bounty writeups	Whose app are you downloading? Link hijacking Binance’s shortlinks through AppsFlyer 你正在下载谁的应用程序? 链接劫持比南斯的短链接通过 AppsFlyer 程序:Chess.com 漏洞类型:Link hijacking 作者:Sam Curry (@samwcyo)
2021-07-16 14:16:19	List of bug bounty writeups	Account Takeovers — Believe the Unbelievable 会计收购ーー相信难以置信的事实漏洞类型:Account takeover, Session management flaw, Weak credentials, Components with known vulnerabilities, Password reset flaw 赏金:$5,751 作者:Nikhil (niks) (@niksthehacker)
2021-07-16 14:16:19	List of bug bounty writeups	IDOR on clientauthconfig.googleapis.com Clientauthconfig.googleapis.com 上的 IDOR 程序:Google 漏洞类型:IDOR 赏金:$0 (Won’t fix) 作者:David Schütz (@xdavidhu)
2021-07-16 14:16:19	List of bug bounty writeups	Mass Assignment exploitation in the wild – Escalating privileges in style 野外大规模分配剥削——升级特权风格漏洞类型:Mass assignment, Privilege escalation 作者:Gal Nagli (@naglinagli)
2021-07-16 14:16:19	List of bug bounty writeups	Exploiting Auto-save Functionality To Steal Login Credentials 利用自动保存功能窃取登录凭证漏洞类型:HTML injection 作者:Saad Ahmed (@XSaadAhmedX)
2021-07-08 13:13:44	List of bug bounty writeups	Kaspersky Password Manager: All your passwords are belong to us 卡巴斯基密码管理器: 您的所有密码都属于我们程序:Kaspersky 漏洞类型:Weak crypto 作者:Jean-Baptiste Bédrune
2021-07-08 13:13:44	List of bug bounty writeups	Blind XSS in Apple School- Enrollment Data Disclosure 苹果学校中的盲 XSS ——入学数据的披露程序:Apple 漏洞类型:Blind XSS 赏金:$5,000 作者:hackrzvijay (@hackrzvijay)
2021-07-08 13:13:44	List of bug bounty writeups	View Other User Private Livestream Data 查看其他用户私有直播数据程序:Facebook 漏洞类型:IDOR 作者:Geva (@Geva_7)
2021-07-08 13:13:44	List of bug bounty writeups	How We Are Able To Hack Any Company By Sending Message – $20,000 Bounty [CVE-2021–34506] 我们如何能够通过发送信息-$20,000赏金[ CVE-2021-34506]来入侵任何公司程序:Microsoft 漏洞类型:UXSS 赏金:$20,000 作者:Vansh Devgan (@Th3Pr0xyB0y) & Shivam Kumar Singh (@MrRajputHacker)
2021-07-08 13:13:44	List of bug bounty writeups	Testing Cookies worth $500 测试值500美元的 Cookies 漏洞类型:Account takeover, IDOR 赏金:$500 作者:Sankalpa Acharya (@sankalpa_02)
2021-07-08 13:13:44	List of bug bounty writeups	Finding DOM Polyglot XSS in PayPal the Easy Way 在 PayPal 中简单地找到 DOM 多语言 XSS 程序:Paypal 漏洞类型:DOM XSS, CSP bypass 作者:Gareth Heyes (@garethheyes)
2021-07-08 13:13:44	List of bug bounty writeups	Taking over Uber accounts through voicemail 通过语音邮件接管 Uber 账户程序:Uber 漏洞类型:Account takeover 赏金:$0 (Informative) 作者:Shubham Shah (@infosec_au)
2021-07-01 11:21:59	List of bug bounty writeups	Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) 在 ForgeRock OpenAM (CVE-2021-35464)中预先授权 RCE 漏洞类型:RCE, Insecure deserialization 作者:Michael Stepankin (@artsploit)
2021-07-01 11:21:59	List of bug bounty writeups	gcp-dhcp-takeover-code-exec Gcp-dhcp-takeover-code-exec 程序:Google 漏洞类型:DHCP flood, VM takeover 作者:irsl
2021-07-01 11:21:59	List of bug bounty writeups	How I found my first Chrome bug (CVE-2021–21210) 我如何发现我的第一个 Chrome bug (CVE-2021-21210) 程序:Google (Chrome) 漏洞类型:NAT Slipstreaming 作者:Daniel Santos
2021-07-01 11:21:59	List of bug bounty writeups	Misconfigured $3 Bucket - A Semi Opened Environment 错误配置 $3 Bucket-a Semi Opened Environment 程序:Redbull 漏洞类型:AWS misconfiguration 赏金:$0 (VDP) 作者:Yukesh Kumar (@3th1c_yuk1)
2021-07-01 11:21:59	List of bug bounty writeups	Escalating XSS to Arbitrary File Read 将 XSS 升级为任意文件读取漏洞类型:XSS, LFI 作者:Pethuraj (@Pethuraj)
2021-07-01 11:21:59	List of bug bounty writeups	Oversightboard.com site-wide CSRF due to missing checking 由于缺少检查，全 oversightboard.com 的 CSRF 程序:Facebook 漏洞类型:CSRF 赏金:$500 作者:Samm0uda (@samm0uda)
2021-07-01 11:21:59	List of bug bounty writeups	Disclose unconfirmed email/phone of a Facebook user 披露未经证实的 Facebook 用户电邮/电话程序:Facebook 漏洞类型:Information disclosure 赏金:$500 作者:Samm0uda (@samm0uda)
2021-07-01 11:21:59	List of bug bounty writeups	A supply-chain breach: Taking over an Atlassian account 供应链缺口: 接管 Atlassian 的一个账户程序:Atlassian 漏洞类型:XSS, CSRF 作者:Dikla Barda, Yaara Shriki, Roman Zaikin (@R0m4nZ41k1n) & Oded Vanunu (@Od3dV)
2021-07-01 11:21:59	List of bug bounty writeups	MSRC is confused! 😕 是困惑的！程序:Microsoft 漏洞类型:Dependency confusion 赏金:$0 作者:Ricardo Iramar dos Santos (@ricardo_iramar)
2021-07-01 11:21:59	List of bug bounty writeups	Microsoft Store free purschase vulnerabilites 微软商店免费提供脆弱的葡萄糖程序:Microsoft 漏洞类型:Payment tampering, Logic flaw 作者:Marlon Fabiano (@astrounder)
2021-07-01 11:21:58	List of bug bounty writeups	Three Microsoft Store vulnerabilites 三个微软软件商店漏洞程序:Microsoft 漏洞类型:Payment tampering, Logic flaw 作者:Marlon Fabiano (@astrounder)
2021-07-01 11:21:58	List of bug bounty writeups	Cracking Encrypted Credit Card Numbers Exposed By API 破解 API 公开的加密信用卡号码漏洞类型:Information disclosure, Weak crypto 作者:Craig Hays (@craighays)
2021-06-29 17:51:00	List of bug bounty writeups	Some ways to find more IDOR 找到更多 IDOR 的一些方法漏洞类型:IDOR 作者:Thái Vũ (@thaivd98)
2021-06-29 17:51:00	List of bug bounty writeups	Gaining access to protected components 获得对受保护组件的访问权漏洞类型:Vulnerable Android content provider 作者:DavMehtab Zafar (@0xmzfr)
2021-06-29 17:51:00	List of bug bounty writeups	From Information Disclosure to interesting Privilege Escalation 从信息披露到有趣的权限提升漏洞类型:Information disclosure, Account takeover, Privilege escalation 作者:David Shaul (@dudy2kk)
2021-06-29 17:51:00	List of bug bounty writeups	PII Leakage - Revealing Secrets PII 泄露-揭露秘密漏洞类型:Information disclosure 作者:Jerry Shah (@Jerry)
2021-06-29 17:51:00	List of bug bounty writeups	Flywheel Subdomain Takeover 飞轮子域名接管漏洞类型:Subdomain takeover 作者:Smaran Chand (@smaranchand)
2021-06-29 17:51:00	List of bug bounty writeups	How i was able to get Appreciation from the organization of a website just by changing a sign..!!! 我是如何通过改变一个标志就能从一个网站的组织中获得赞赏的！漏洞类型:Information disclosure, Source code disclosure 作者:Fardeen Ahmed (@fardeenahmed411)
2021-06-29 17:51:00	List of bug bounty writeups	How We Are Able To Hack Any Company By Sending Message - $20,000 Bounty [CVE-2021–34506] 我们如何能够通过发送信息-$20,000赏金[ CVE-2021-34506]来入侵任何公司程序:Microsoft 漏洞类型:Universal XSS 赏金:$20,000 作者:Th3Pr0xyB0y (@Th3Pr0xyB0y) & Shivam Kumar Singh (@MrRajputHacker)
2021-06-24 07:07:56	List of bug bounty writeups	Stored XSS via Invite leading to Mass Account Takeover at Opera. 通过邀请存储 XSS 导致 Opera 的大规模帐户接管。程序:Opera 漏洞类型:Stored XSS 作者:Samrat Gupta (@Sm4rty_)
2021-06-24 07:07:56	List of bug bounty writeups	Unprivileged User with Read/Write permission to User Access can escalate their role to ADMIN — Privilege Escalation 对用户访问具有读/写权限的非特权用户可以将其角色升级到 ADMIN ー权限提升漏洞类型:Privilege escalation 作者:Ertugrul Ozdemir (@ertugrulphp)
2021-06-24 07:07:56	List of bug bounty writeups	How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It 我是如何发现入侵 iCloud 账户的漏洞以及苹果是如何应对的程序:Apple 漏洞类型:Account takeover, 2FA bypass, Rate-limiting bypass 赏金:$18,000 作者:Laxman Muthiyah (@laxmanmuthiyah)
2021-06-24 07:07:56	List of bug bounty writeups	Full Local File Read via Error Based XXE using XLIFF File 使用 XLIFF 文件通过基于错误的 XXE 读取完整的本地文件漏洞类型:XXE 作者:pwn.vg / Tomi (@mastomii)