Taking Over Employee Accounts by Managers with Zero Employee Interaction
Reported to Private – Published on: 13 Aug 2021
Taking Over Employee Accounts by Managers with Zero Employee Interaction
Reported to Private – Published on: 13 Aug 2021
RCE via Internal Access to Adminer Database Management (Critical)
Reported to Private – Published on: 24 Apr 2021
Finding Hidden Login Endpoint Exposing Secret `Client ID`
Reported to Private – Published on: 7 Mar 2021
Secret Key Exposure in API Config Directory
Reported to Private – Published on: 28 Feb 2021
Denial Of Service (Out Of Memory) on Updating Bounty Table
Reported to HackerOne – Published on: 3 Feb 2021
Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities
Reported to Private – Published on: 29 Nov 2020
Information Disclosure of Garbage Collection Cycle
Reported to Basecamp – Published On: 4 Nov 2020
Manipulate Uneditable Messages in Support
Reported to CSMoney – Published On: 27 Oct 2020
Reflected XSS in Microsoft Social Forums
Reported to Microsoft – Published On: 11 Apr 2020
Broken Authentication in Two Step Verification
Reported to Avira – Published On: 08 Nov 2019
Viewing Facebook Contacts On Locked Device
Reported to Facebook – Published On: 31 Oct 2019
Abusing Post Service (Create Unlimited Posts)
Reported to LinkedIn – Published On: 15 Oct 2019
IDOR & SQL Query Manipulation to Fetch User Details
Reported to Private – Published On: 23 Oct 2020
Bypass CSRF Protection Lead to Account Takeover
Reported to Private – Published On: 30 May 2020
CSRF – Close Account
Reported to U.S. Dept Of Defense – Published On: June 11, 2020
Flaw in Change Email https://youtu.be/MMvlcHIGs2A
Reported to Staging.Every.org – Published On: March 24, 2020
CSRF – Modify Company Info
Reported to U.S. Dept Of Defense – Published On: June 11, 2020
CSRF – Modify Project Settings
Reported to Stripo Inc – Published On: February 3, 2020
Internal IP Address Disclosed
Reported to U.S. Dept Of Defense – Published On: May 14, 2020