Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5128Exploiting CORS misconfigurations for Bitcoins and bounties CORS misconfiguration NA James Kettle (@albinowax) Bug Bounty2016-10-122023-06-13
5030Exploiting Misconfigured CORS on popular BTC Site CORS misconfiguration NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-07-192023-06-13
5000Pre-domain wildcard CORS Exploitation CORS misconfiguration NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-08-262023-06-13
4962Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net CORS misconfiguration Artsy Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2017-10-102023-06-13
4923Tricky CORS Bypass in Yahoo! View CORS misconfiguration Yahoo! / Verizon Media Corben Leo (@hacker_) Bug Bounty2017-11-272023-06-13
4905Stealing $10,000 Yahoo Cookies! CORS misconfiguration Yahoo! / Verizon Media Tabahi (@_tabahi) Bug Bounty2017-12-302023-06-13
4897Chaining Bugs to Steal Yahoo Contacts! CORS misconfiguration XSS Yahoo! / Verizon Media Corben Leo (@hacker_) Bug Bounty2018-01-112023-06-13
4880Full Account Takeover through CORS with connection Sockets CORS misconfiguration Account takeover NA Samuel (@saamux) Bug Bounty2018-01-252023-06-13
4856Exploiting CORS Miss configuration using XSS CORS misconfiguration NA Noman Shaikh (@nomanali181) Bug Bounty2018-02-182023-06-13
4803#SecurityBreach — "How I was able to book hotel room for 1.50₹!" CORS misconfiguration NA Hariom Vashisth Bug Bounty2018-04-152023-06-13
4358A Simple CORS Misconfig Leaked Private Post Of Twitter, Facebook & Instagram CORS misconfiguration NA Rohan aggarwal (@nahoragg) Bug Bounty2019-01-202023-06-13
4155Think Outside the Scope: Advanced CORS Exploitation Techniques CORS misconfiguration NA Ayoub (@sandh0t) Bug Bounty2019-05-142023-06-13
4132An unexploited CORS misconfiguration reflecting further issues. CORS misconfiguration NA Smaran Chand (@smaranchand) Bug Bounty2019-05-272023-06-13
4128Edmodo Account Deactivation Vulnerability CORS misconfiguration Edmodo Shankar R Bug Bounty2019-06-012023-06-13
4074CORS To CSRF Attack CORS misconfiguration CSRF NA Osama Avvan (@osamaavvan) Bug Bounty2019-06-272023-06-13
4039The Bugs Are Out There, Hiding in Plain Sight IDOR SSRF Information disclosure CORS misconfiguration NA A Bug’z Life (@abugzlife1) Bug Bounty2019-07-152023-06-13
4001Bypassing CORS CORS misconfiguration NA Saad Ahmed (@XSaadAhmedX) Bug Bounty2019-08-012023-06-13
3811CORS Misconfiguration to Account TakeOver [Out of scope to grab items In-Scope] CORS misconfiguration Open redirect Reflected XSS Session management issue NA Mashoud1122 (@mashoud1122) Bug Bounty2019-11-242023-06-13
3710CORS Misconfiguration leading to Private Information Disclosure CORS misconfiguration NA Virus0X01 (@Virus0X01) Bug Bounty2020-01-232023-06-13
3620Broke limited scope with a chain of bugs (tips for every rider CORS) CORS misconfiguration RCE NA Valeriy Shevchenko (@Krevetk0Valeriy) Bug Bounty2020-03-092023-06-13
3536CORS bug on GOOGLE’s 404 page REWARDED!!! CORS misconfiguration Google Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2020-04-212023-06-13
3534The Secret sauce of bug bounty CSTI Stored XSS CORS misconfiguration NA Mohamed Slamat (@oxxy37) Bug Bounty2020-04-222023-06-13
3525Fun With CORS Misconfiguration — II CORS misconfiguration XSS NA Aman Gupta (@gupt4j1) Bug Bounty2020-04-252023-06-13
3474Cors Blimey: The power of chaining CORS CORS misconfiguration Stored XSS CSRF NA Hazana (@hazanasec) Bug Bounty2020-05-172023-06-13
3338EN | Account Takeover and Sensitive Data Leakage via CORS Misconfiguration CORS misconfiguration CSRF Account takeover NA Lütfü Mert Ceylan (@lutfumertceylan) Bug Bounty2020-07-042023-06-13