This is a collection of bug bounty reports that were submitted by security researchers in the infosec community. These write-ups are a great way to learn from fellow hackers.
Web Hacking
-
Bypassing Google Authentication on Periscope’s Administration Panel - F1nite
-
How I got access to millions of [redacted] accounts - @Bitquark
-
Multiple vulnerabilities in D-Link and TRENDnet ‘ncc2’ service - @darkarnium
-
Bypassing SOP and shouting hello before you cross the pond - @avlidienbrunn
-
Slack bot token leakage exposing business critical information - @fransrosen
-
Using a Braun Shaver to Bypass XSS Audit & WAF - @fransrosen
-
Poisoning the Well - Compromising GoDaddy Customer Support with Blind XSS - IAmMandatory
-
Paypal XXE on Ektron CMS - seanmeals
-
Show friends sharing precise locations as a third party application (Facebook) - philippeharewood
-
How I could compromise 4% (locked) Instagram Accounts - Arne Swinnen
-
Two security flaws in Microsoft online web services (CSRF & XSS) - yassineaboukir
-
How I discovered a $1000 open redirect in Facebook - yassineaboukir
-
Advisory: Seagate NAS Remote Code Execution (RCE) Vulnerability - @TheColonial
-
Sleeping stored Google XSS Awakens a $5000 Bounty - @PatrikF
-
Taking over Heroku Accounts - @esevece