Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2544DOS & Stored HTML Injection Bug Bounty Writeup DoS HTML injection NA RiotSecurityTeam (@RiotSecTeam) Bug Bounty2021-05-192023-06-13
1941thisclosed_#1 - Full Account Takeover of ANY user via Insecure Direct Object Reference (IDOR) on reset password functionality IDOR Password reset Account takeover NA Samuele Gugliotta (@indevi0us) Bug Bounty2022-01-042023-06-13
1691Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All RCE Memory corruption SQL injection Microsoft Kasif Dekel (@kasifdekel) Bug Bounty2022-03-282023-06-13
1631Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities DoS Memory corruption Microsoft Kasif Dekel (@kasifdekel) Bug Bounty2022-04-132023-06-13
1338Riding The Inforail To Exploit Ivanti Avalanche RCE Insecure deserialization Race condition Authentication bypass Ivanti Piotr Bazydło (@chudyPB) Bug Bounty2022-07-192023-06-13
1151HTMLI/XSS - Crafting a better PoC XSS HTML injection NA RiotSecurityTeam (@RiotSecTeam) Bug Bounty2022-08-302023-06-13
1100Riding The Inforail To Exploit Ivanti Avalanche Part 2 RCE Insecure deserialization Path traversal Authentication bypass Unrestricted file upload Arbitrary file write Arbitrary file read Ivanti Piotr Bazydło (@chudyPB) Bug Bounty2021-09-082023-06-13
1014Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned) Web cache poisoning Akamai Paypal Airbnb Tesla Valve Zomato Whitejar Starbucks PlayStation Marriott Hyatt Hotels Goldman Sachs Microsoft Apple LastPass Brussels Airlines Mastercard eToro BBP BMW Group Rockstar Games Francesco Mariani (@_medusa_1_) Bug Bounty2022-09-292023-06-13
884Vulnerabilities In Apache Batik Default Security Controls – SSRF And RCE Through Remote Class Loading SSRF RCE Apache Batik Piotr Bazydło (@chudypb) Bug Bounty2022-10-312023-06-13
823Control Your Types Or Get Pwned: Remote Code Execution In Exchange Powershell Backend RCE Windows Checkmk Piotr Bazydło (@chudyPB) Bug Bounty2022-11-162023-06-13
801Hacking Smartwatches for Spear Phishing IoT Phishing Android NA Cybervelia (@cybervelia) Bug Bounty2022-11-202023-06-13
781Legally hacking a Government Satellite? Missing authentication OS command injection RCE NA RiotSecTeam (@RiotSecTeam) Bug Bounty2022-11-242023-06-13
769Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames IDOR Broken Access Control Android IoT Ourphoto Nick M (@1oopho1e) Bug Bounty2022-11-262023-06-13
760discord.exe – Improper Input Validation Security code review Local Privilege Escalation Phishing Discord RiotSecTeam (@RiotSecTeam) Bug Bounty2022-11-282023-06-13
751XSS on account.leagueoflegends.com via easyXDM [2016] XSS postMessage Riot Games Luke Young (@TheBoredEng) Bug Bounty2022-12-012023-06-13
647Turning Google smart speakers into wiretaps for $100k IoT Wifi hacking Google Matt Bug Bounty2022-12-262023-06-13
588thisclosed_#2 - PostgreSQL Database Exfiltration through the abuse of PostgREST requests SQL injection NA Samuele Gugliotta (@indevi0us) Bug Bounty2023-01-162023-06-13
559Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP” Kernel hacking Windows RCE Memory corruption Buffer Overflow Microsoft (Windows) Valentina Palmiotti (@chompie1337) Bug Bounty2023-01-202023-06-13
479Pwn2Owning Two Hosts At The Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization Insecure deserialization RCE Security code review Inductive Automation Ignition Piotr Bazydło (@chudyPB) Bug Bounty2023-02-082023-06-13
378CVE-2022-38108: RCE In Solarwinds Network Performance Monitor Insecure deserialization RCE Security code review SolarWinds Piotr Bazydło (@chudyPB) Bug Bounty2023-02-282023-06-13
371Gitpod remote code execution 0-day vulnerability via WebSockets RCE Websockets Cross-Site WebSocket Hijacking (CSWH) Cloud Samesite cookie bypass Account takeover Gitpod Elliot Ward Bug Bounty2023-03-012023-06-13
328The Silent Spy Among Us: Modern Attacks Against Smart Intercoms IoT OS command injection Missing authentication MiTM SIP Akuvox Claroty%27s Team82 (@Claroty) Bug Bounty2023-03-092023-06-13
326Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation) Local Privilege Escalation IoT NA Sean Pesce (@SeanPesce) Bug Bounty2023-03-092023-06-13
165Compromising Garmin’s Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine IoT Memory corruption Buffer Overflow Integer overflow Out-of-bounds Read Out-of-bounds Write Type confusion Permission bypass Reverse engineering Garmin Tao Sauvage Bug Bounty2023-04-212023-06-13
109PwnAssistant - Controlling /home%27s Via A Home Assistant RCE Authentication bypass RCE Security code review IoT Home Assistant elttam (@elttam) Bug Bounty2023-05-092023-06-13