Writeups List | WriteupDB

Write-ups

Check The Published Writeups

WDB	Title	Tags	Programs	Authors	Type	Publication	Added
5287	My Experience with the PayPal Bug Bounty Programme	CSRF	Paypal	Jack Whitton (@fin1te)	Bug Bounty	2012-10-12	2023-06-13
5281	Stealing Facebook Access Tokens with a Double Submit	CSRF OAuth	Meta / Facebook	Jack Whitton (@fin1te)	Bug Bounty	2013-04-13	2023-06-13
5269	Facebook CSRF leading to full account takeover (fixed)	CSRF Account takeover	Meta / Facebook	Josip Franjkovic (@josipfranjkovic)	Bug Bounty	2013-10-18	2023-06-13
5267	Facebook bug bounty: secondary damage (one report that leads to more bugs), fairness, and why I really like reporting to Facebook	CSRF	Meta / Facebook	Josip Franjkovic (@josipfranjkovic)	Bug Bounty	2013-10-21	2023-06-13
5264	Instagram%27s One-Click Privacy Switch	CSRF	Meta / Facebook	Jack Whitton (@fin1te)	Bug Bounty	2013-10-31	2023-06-13
5242	Popping a shell on the Oculus developer portal	SQL injection CSRF RCE IDOR	Meta / Facebook	Bitquark (@bitquark)	Bug Bounty	2014-08-31	2023-06-13
5224	Flickr API Explorer – Force users to execute any API request.	CSRF	Flickr	Brett Buerhaus (@bbuerhaus)	Bug Bounty	2015-02-03	2023-06-13
5220	How I bypassed Facebook CSRF Protection	CSRF	Meta / Facebook	Pouya Darabi (@Pouyadarabi)	Bug Bounty	2015-09-04	2023-06-13
5193	Ubiquiti Bug Bounty: UniFi v3.2.10 Generic CSRF Protection Bypass	CSRF	Ubiquity Networks	Julien Ahrens (@MrTuxracer)	Bug Bounty	2016-02-23	2023-06-13
5186	Obtaining Login Tokens for an Outlook, Office or Azure Account	CSRF	Microsoft	Jack Whitton (@fin1te)	Bug Bounty	2016-04-03	2023-06-13
5176	Fiverr.com Full Accounts Takeover – A Vulnerability Puts $50 Million Company At Risk	CSRF	Fiverr	Mohamed A. Baset	Bug Bounty	2016-05-13	2023-06-13
5174	How I bypassed Facebook CSRF once again!	CSRF	Meta / Facebook	Pouya Darabi (@Pouyadarabi)	Bug Bounty	2016-05-17	2023-06-13
5169	RunKeeper Stored XSS Vulnerability – Where worms are able to run too!	Stored XSS CSRF	RunKeeper	Mohamed A. Baset	Bug Bounty	2016-06-06	2023-06-13
5166	Two vulnerabilities makes an Exploit!! (XSS and CSRF in Bing)	XSS CSRF	Microsoft	Sai Krishna Kothapalli (@kmskrishna)	Bug Bounty	2016-06-10	2023-06-13
5162	TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking	CSRF Account takeover	Topcoder.com	Mohamed A. Baset	Bug Bounty	2016-06-28	2023-06-13
5159	Stealing Facebook access_tokens using CSRF in device login flow	CSRF OAuth Information disclosure	Meta / Facebook	Josip Franjkovic (@josipfranjkovic)	Bug Bounty	2016-07-19	2023-06-13
5154	BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!	Clickjacking CSRF	BMW	Mohamed A. Baset	Bug Bounty	2016-07-24	2023-06-13
5153	Messenger.com Site-Wide CSRF	CSRF	Meta / Facebook	Jack Whitton (@fin1te)	Bug Bounty	2016-07-26	2023-06-13
5137	CSRF in partners.facebook.com	CSRF	Meta / Facebook	Prashanth Varma (@cymtrick)	Bug Bounty	2016-09-20	2023-06-13
5109	Cross Site Request Forgery in Facebook	CSRF	Meta / Facebook	Zahid Ali	Bug Bounty	2017-02-04	2023-06-13
5096	One company: 262 bugs, 100% acceptance, 2.57 priority, millions of user details saved.	Stored XSS Blind XSS CSRF Account takeover IDOR	NA	Zseano (@zseano)	Bug Bounty	2017-02-25	2023-06-13
5065	Stored XSS, CSRF And Clickjacking Vulnerabilities in Opera	Stored XSS CSRF Clickjacking	Opera	Rafay Baloch (@rafaybaloch)	Bug Bounty	2017-06-01	2023-06-13
5060	Let’s steal some tokens!	CSRF XSS Account takeover	Google Shopify	Mahmoud Gamal (@Zombiehelp54)	Bug Bounty	2017-06-11	2023-06-13
5058	Vulnerability in Metasploit Project aka CVE-2017-5244	CSRF	Rapid7	Mohamed A. Baset	Bug Bounty	2017-06-12	2023-06-13
5055	Authentication bypass on Airbnb via OAuth tokens theft	OAuth Login CSRF Open redirect Authentication bypass	Airbnb	Arne Swinnen (@ArneSwinnen)	Bug Bounty	2017-06-22	2023-06-13

1 2 3 … 9 Next »

Write-ups

Third Party Links

Members Options