Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5286Google.com cross site scripting and privilege escalation in Consumer Surveys Stored XSS Authorization flaw Google Josip Franjkovic (@josipfranjkovic) Bug Bounty2013-01-032023-06-13
5275How I found my way into Instagram%27s Ganglia, and a bug with Facebook likes. Reflected XSS IDOR Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2013-07-232023-06-13
5274SQL injections in Nokia sites. SQL injection Nokia Josip Franjkovic (@josipfranjkovic) Bug Bounty2013-07-302023-06-13
5269Facebook CSRF leading to full account takeover (fixed) CSRF Account takeover Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2013-10-182023-06-13
5267Facebook bug bounty: secondary damage (one report that leads to more bugs), fairness, and why I really like reporting to Facebook CSRF Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2013-10-212023-06-13
5241Step-by-step: exploiting SQL injection(s) in Oculus%27 website. SQL injection Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2014-09-052023-06-13
5233Reading local files from Facebook%27s server (fixed) LFI Unrestricted file upload Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2014-12-062023-06-13
5219Race conditions on Facebook, DigitalOcean and others (fixed) Race condition Meta / Facebook DigitalOcean LastPass Josip Franjkovic (@josipfranjkovic) Bug Bounty2015-04-272023-06-13
5216The easiest bug bounties I have ever won IDOR Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2015-07-132023-06-13
5161Race conditions on the web Race condition Cobalt.io Meta / Facebook MEGA Keybase Josip Franjkovic (@josipfranjkovic) Bug Bounty2016-07-122023-06-13
5159Stealing Facebook access_tokens using CSRF in device login flow CSRF OAuth Information disclosure Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2016-07-192023-06-13
4895Hacking Facebook accounts using CSRF in Oculus-Facebook integration CSRF Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2018-01-152023-06-13
4865Taking over Facebook accounts using Free Basics partner portal Information disclosure IDOR Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2018-02-072023-06-13
4838Getting any Facebook user%27s friend list and partial payment card details Information disclosure IDOR Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2018-03-092023-06-13
3256CVE-2020–9854: "Unauthd" MacOS Local Privilege Escalation SIP bypass Apple (macOS) Ilias Morad (@A2nkF_) Bug Bounty2020-08-012023-06-13
2113Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection SIP bypass Local Privilege Escalation Apple Microsoft Security Vulnerability Research (MSVR) Bug Bounty2021-10-282023-06-13
1887Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP) MacOS SIP bypass Apple Perception Point Bug Bounty2022-01-272023-06-13
1313CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable MacOS SIP bypass Apple Mickey Jin (@patch1t) Bug Bounty2022-07-262023-06-13
837CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS MacOS Local Privilege Escalation SIP bypass Apple Mickey Jin (@patch1t) Bug Bounty2022-11-112023-06-13
672Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities MacOS Local Privilege Escalation SIP bypass Apple (macOS) Mickey Jin (@patch1t) Bug Bounty2022-12-202023-06-13
670A Technical Analysis of CVE-2022-22583 and CVE-2022-32800 MacOS Local Privilege Escalation SIP bypass Apple (macOS) Mickey Jin (@patch1t) Bug Bounty2022-12-212023-06-13
595Bad things come in large packages: .pkg signature verification bypass on macOS Local Privilege Escalation GateKeeper bypass SIP bypass MacOS Apple Sector 7 (@sector7_nl) Bug Bounty2023-01-132023-06-13
542Kamailio’s exec module considered harmful OS command injection SIP Kamailio Ali Norouzi Bug Bounty2023-01-262023-06-13
328The Silent Spy Among Us: Modern Attacks Against Smart Intercoms IoT OS command injection Missing authentication MiTM SIP Akuvox Claroty%27s Team82 (@Claroty) Bug Bounty2023-03-092023-06-13
43New macOS vulnerability, Migraine, could bypass System Integrity Protection SIP bypass Apple (macOS) Jonathan Bar Or (@yo_yo_yo_jbo) Bug Bounty2023-05-302023-06-13