Client-Side Enforcement of Server-Side Security

Title	Vulnerabilities	Programs	Authors
The UI Slip I Hit 750$: UI Manipulation Leading to Unauthorized Permission Changes	Privilege Escalation Client-Side Enforcement of Server-Side Security	Undisclosed	Sumit Kumar
$9240 Bounty in 30 days Hunt Challenge	Information Disclosure Reflected XSS Account Takeover CORS Misconfiguration Web Cache Deception Logic Flaw CSV Injection HTML Injection Client-Side Enforcement of Server-Side Security 2FA / MFA Bypass Broken Access Control Privilege Escalation Pre-Account Takeover	Undisclosed	0xrz (@Omidxrz)
Insecure Authentication Tokens leading to Account Takeover	Account Takeover Android Hardcoded Credentials Weak Crypto Authentication Bypass Client-Side Enforcement of Server-Side Security	Undisclosed	Thomas Delfino
How I get 1000$ bounty for Discovering Account Takeover in Android Application	Account Takeover Android Client-Side Enforcement of Server-Side Security OTP Bypass	Undisclosed	Amol Bhavar
How i Hacked Scopely with “Sign in with Google”	Account Takeover CORS Misconfiguration Client-Side Enforcement of Server-Side Security OAuth	Scopely	Ph.Hitachi
Security vs Compliance-Cloudflare Password Policy Restriction Bypass	Client-Side Enforcement of Server-Side Security	Cloudflare	Lohith Gowda M (@Lohigowda_in)
Break the Logic: 5 Different Perspectives in Single Page (€1500)	Client-Side Enforcement of Server-Side Security IDOR Broken Authorization	Undisclosed	Can1337 (@Canmustdie)
Account Takeover by OTP bypass	Information Disclosure Client-Side Enforcement of Server-Side Security OTP Bypass Account Takeover	Undisclosed	Vaibhav Kumar Srivastava
Hacking into Admin Panel of U.S Federal government system C.A.R.S — without credentials.	Client-Side Enforcement of Server-Side Security Privilege Escalation	U.S. General Services Administration	Hazem Brini (@ImJungsuu)
Broken Access Control Leads To Change Of Admin Details	Privilege Escalation Client-Side Enforcement of Server-Side Security	Undisclosed	V3D (@V3d_bug)
How the use of hidden form fields lead to Email verification bypass	Email Verification Bypass Client-Side Enforcement of Server-Side Security	Undisclosed	Yash Swarup (@Wazirsec)
DMCA.COM Hack, Full Disclosure (With Proof-of-Concept)	Privilege Escalation Client-Side Enforcement of Server-Side Security Stored XSS Broken Access Control	DMCA	Joël Aviad Ossi
Unhiding the hidden	Client-Side Enforcement of Server-Side Security Broken Authorization CSRF	Undisclosed	I Am Broot
Hunting Android Application Bugs Using Android Studio.	Broken Authorization Client-Side Enforcement of Server-Side Security Information Disclosure	Undisclosed	Tarek Mohammed (@Conan0x3)
Using Inspect Element to Bypass Security restrictions \| Bug Bounty POC	Client-Side Enforcement of Server-Side Security	Undisclosed	Muhammad Khizer Javed (@Khizer_javed47)
How Inspect Element Got me a Bounty	Client-Side Enforcement of Server-Side Security	Undisclosed	Aditya Soni (@Hetroublemakr)
Using Burp Suite match and replace settings to escalate your user privileges and find hidden features	Client-Side Enforcement of Server-Side Security	New Relic	Jon Bottarini (@Jon_bottarini)
Client side validation strikes again: PIN code bypass !	Client-Side Enforcement of Server-Side Security Authentication Bypass Broken Authorization	Netflix Linxo	Davy (@RandoriSec)

Page 1 of 1