| Tagged User Could Delete Facebook Story |
|
|
|
| Accessing Apple’s internal UAT Slackbot for fun and non-profit |
|
|
|
| Force Browsing bug at Facebook business plan ($500 Bounty) |
|
|
|
| Bypassing GCP Org Policy with Custom Metadata |
|
|
|
| How did I earned 6000$ from tokens and scopes in one day |
|
|
|
| How we was able to takeover whole organization via Privilege Escalation |
|
|
|
| Missing permission check for Facebook gaming community invites |
|
|
|
| Facebook Vulnerability: $1500 for Removing Document Cover |
|
|
|
| Part 2: Dive into Zoom Applications |
|
|
|
| Accessing Restricted Documents With Extra JSON Body Content |
|
|
|
| [Google VRP] Privilege escalation on https://dialogflow.cloud.google.com |
|
|
|
| How i was able to bypass parental pin of showmax |
|
|
|
| How I could have accessed all your private videos/photos saved inside your device without even unlocking it? |
|
|
|
| Workplace by Facebook | Unauthorized access to companies environment — $27,5k |
|
|
|
| Account takeover of Instagram accounts due to unrestricted permissions of third-party application’s generated tokens |
|
|
|
| Telegram bug bounties: XSS, privacy issues, official bot exploitation and more… |
|
|
|
| (POC) Untrim any live video on Facebook |
|
|
|
| Unauthorized access to admin setpassword page BY bypassing 403 Forbidden |
|
|
|
| My first Bug report at Facebook 2021 |
|
|
|
| Multiple Authorization bypass issues in Google's Richmedia Studio |
|
|
|
| Join Facebook Group With Unpublish Page |
|
|
|
| RocketChat - Unauthenticated access to messages |
|
|
|
| Access private information about SparkAR effect owners who has a publicly viewable portfolio |
|
|
|
| Disclose internal CMS objects content |
|
|
|
| Make recruiting referrals on behalf of employees |
|
|
|
writeups.xyz
/
Broken Authorization