bug-bounty460
xss231
bragging-post117
rce87
microsoft82
google81
account-takeover81
open-source79
csrf77
authentication-bypass76
facebook75
stored-xss74
web-security64
reflected-xss63
access-control61
apple59
ai-agents59
privilege-escalation58
input-validation51
defi48
sql-injection48
cross-site-scripting47
smart-contract47
ethereum44
api-security42
information-disclosure41
web-application39
privacy39
tool37
ssrf36
burp-suite36
malware34
llm34
automation34
html-injection33
smart-contract-vulnerability33
vulnerability-disclosure33
web333
responsible-disclosure32
phishing32
opinion31
waf-bypass31
denial-of-service30
cve30
idor29
machine-learning29
code-generation28
authentication27
remote-code-execution26
infrastructure25
0
5/10
bug-bounty
A CSRF vulnerability in Instagram's copyright dispute feature allowed attackers to delete users' media via a simple GET request to an unauthenticated endpoint, exploitable through social engineering. The vulnerability was discovered in January 2019 and patched within days, with a $3,000 bounty awarded.
csrf
instagram
media-deletion
get-request-vulnerability
account-takeover
bug-bounty
facebook
web-vulnerability
Instagram
Facebook
Pouya
$3,000
0
2/10
bug-bounty
A bug bounty hunter shares four low-impact CSRF vulnerabilities found across private programs, including cart spam via public wishlist functionality, referer header bypass techniques, unprotected API endpoints, and favorite list deletion—all with minimal technical depth and bounty amounts ($25 or swag).
csrf
cross-site-request-forgery
bug-bounty
web-vulnerability
referer-header-bypass
get-request-vulnerability
api-security
bragging-post
Navneet
HackerOne
IBM