Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4464From Security Misconfiguration to Gaining Access of SMTP server File disclosure NA Daniel V. (@d4niel_v) Bug Bounty2018-11-182023-06-13
3565Hundreds of internal servicedesks exposed due to COVID-19 Security misconfiguration NA Inti De Ceukelaire (@securinti) Bug Bounty2020-04-022023-06-13
3532Misconfigured WordPress takeover to Remote Code Execution Wordpress takeover RCE Security misconfiguration NA Smaran Chand (@smaranchand) Bug Bounty2020-04-222023-06-13
3312How I hacked into a Telecom Network RCE Security misconfiguration JBoss NA Harpreet Singh Bug Bounty2020-07-112023-06-13
1980NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories Security misconfiguration .git folder disclosure Microsoft Wiz (@wiz_io) Bug Bounty2021-12-212023-06-13
1842Google Security Misconfiguration Leads to Account Takeover ! Logic flaw Spoofing Google Harsh Banshpal Bug Bounty2022-02-082023-06-13
1039Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations Security misconfiguration VoIP hacking NA hackthebox Bug Bounty2022-09-242023-06-13
942The Danger of Falling to System Role in AWS SDK Client Cloud Privilege escalation Security misconfiguration NA Fracensco Lacerenza (@lacerenza_fra) Bug Bounty2022-10-182023-06-13
804System misconfiguration is the number one vulnerability, at least for Mastodon Security misconfiguration MinIO misconfiguration infosec.exchange Lenin Alevski (@Alevsk) Bug Bounty2022-11-192023-06-13
798Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs GraphQL Security misconfiguration Meta / Facebook David Schütz (@xdavidhu) Bug Bounty2022-11-212023-06-13
785Dodging OAuth origin restrictions for Firebase spelunking OAuth Security misconfiguration Authentication flaw NA Aditya Saligrama (@saligrama_a) Bug Bounty2022-11-232023-06-13
767Firebase Exploit bug bounty Security misconfiguration Firebase NA Damaidec Bug Bounty2022-11-272023-06-13
570API Misconfiguration - No Swag of SwaggerUI Security misconfiguration Privilege escalation NA Jerry Shah (@Jerry) Bug Bounty2023-01-192023-06-13
501Azure security — Internal recon leveraging lack of access control Azure AD Cloud Security misconfiguration Privilege escalation Microsoft (Azure) Molx32 Bug Bounty2023-02-022023-06-13
494How we made $120k bug bounty in a year with good automation XSS Security misconfiguration Log4shell Debug mode enabled NA Dawid Moczadło (@kannthu1) Bug Bounty2023-02-062023-06-13
458Hacking our way into internal DBs with hardcoded authentication keys JWT SSO Authentication bypass Security misconfiguration NA Ophion Security (@OphionSecurity) Bug Bounty2023-02-132023-06-13
439Hacking Apple: Two Successful Exploits and Positive Thoughts on their Bug Bounty Program RCE Security misconfiguration Apple Joe Gregg (@infiltrateops) Bug Bounty2023-02-162023-06-13
425Multiple vulnerabilities in Nokia BTS Airscale ASIKA Base transceiver station Path traversal Hardcoded private key Local Privilege Escalation Security misconfiguration Nokia Geoffrey Bertoli (@YofBalibump) Bug Bounty2023-02-212023-06-13
308Microsoft Defender for Cloud Management Port Exposure Confusion Cloud Security misconfiguration Microsoft Aaron Sawitsky Bug Bounty2023-03-142023-06-13
199How I got RCE in + 10 websites… RCE Security misconfiguration NA m4cddr (@m4cddr) Bug Bounty2023-04-132023-06-13
166Exploits Explained: Permission misconfiguration within Salesforce JavaScript Remoting tokens used for Apex Controllers Salesforce Security misconfiguration Broken Access Control NA Mahmoud Gamal (@Zombiehelp54) Bug Bounty2023-04-212023-06-13
161No Portals Needed MFA bypass Security misconfiguration NA Chen Levy Ben Aroy Bug Bounty2023-04-242023-06-13
78A $1,000,000 bounty? The KuCoin User Information Leak Information disclosure Zendesk Authorization flaw Security misconfiguration NA Corben Leo (@hacker_) Bug Bounty2023-05-182023-06-13
68AEM Bug in Adobe AEM Missing authentication Security misconfiguration Adobe Muhammad Mater (@micro0x00) Bug Bounty2023-05-202023-06-13
38Ghost Sites: Stealing Data From Deactivated Salesforce Communities Salesforce Security misconfiguration NA Nitay Bachrach Bug Bounty2023-05-312023-06-13