Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5189Uber Bug Bounty: Turning Self-XSS into Good-XSS XSS Uber Jack Whitton (@fin1te) Bug Bounty2016-03-222023-06-13
5145Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded XSS Uber - Bug Bounty2016-08-292023-06-13
5092Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities XSS CSP bypass Airbnb Brett Buerhaus (@bbuerhaus) Bug Bounty2017-03-082023-06-13
4789Turning Self-XSS into non-Self Stored-XSS via Authorization Issue at “PayPal Tech-Support and Brand Central Portal Stored XSS Paypal YoKo Kho (@YokoAcc) Bug Bounty2018-04-212023-06-13
4367Turning Self XSS to good XSS via access control Stored XSS Self-XSS NA Yusuf Yazir (@Hacklad) Bug Bounty2019-01-132023-06-13
4230How I was able to turn self xss into reflected xss Reflected XSS NA Hein Thant Zin (@H3Lowr) Bug Bounty2019-03-312023-06-13
3892How a double-free bug in WhatsApp turns to RCE Memory corruption RCE Android Meta / Facebook Awakened Bug Bounty2019-10-022023-06-13
3803How I turned Self XSS to Stored via CSRF Self-XSS CSRF NA Abhishek Yadav (@abhishake100) Bug Bounty2019-11-292023-06-13
3559How a Simple CSRF Attack Turned into a P1 Level Bug CSRF Account takeover NA Lady Secspeare (@bejuveria_) Bug Bounty2020-04-052023-06-13
3558How we abused Slack%27s TURN servers to gain access to internal services SSRF Slack Sandro Gauci (@sandrogauci) Bug Bounty2020-04-062023-06-13
3432How I leveraged an interesting CSRF vulnerability to turn self XSS into a persistent attack? Self-XSS CSRF NA Akash Methani (@0xAkash) Bug Bounty2020-06-012023-06-13
3012Turning Blind Error Based SQL Injection into Exploitable Boolean One SQL injection NA Ozgur Alp (@ozgur_bbh) Bug Bounty2020-11-212023-06-13
2840How I was able to Turn a XSS into a Account Takeover Web cache poisoning Stored XSS Account takeover OAuth Logic flaw NA Josh Fam (@Pullerze) Bug Bounty2021-02-032023-06-13
2713An unknown Linux secret that turned SSRF to OS Command injection SSRF Command injection NA secureITmania (@secureitmania) Bug Bounty2021-03-172023-06-13
2567Simple logical Bug turned into a bounty Logic flaw Meta / Facebook Sndp Giri Bug Bounty2021-05-102023-06-13
2535How I turned 0000 into $600: Phone Verification Bypass OTP bypass NA Shrirang Diwakar Bug Bounty2021-05-212023-06-13
2528Chaining XSS with authentication issues to turn it into full account takeover XSS Account takeover NA N1GHTMAR3 (@n1ghtmar3_2421) Bug Bounty2021-05-242023-06-13
2427CVE-2021-22555: Turning x00x00 into 10000$ Memory corruption Local Privilege Escalation Google Andy Nguyen (@theflow0) Bug Bounty2021-07-072023-06-13
1971Turning bad SSRF to good SSRF: Websphere Portal SSRF HCL Technologies Shubham Shah (@infosec_au) Bug Bounty2021-12-262023-06-13
1670How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables Memory corruption Local Privilege Escalation Linux Kernel Organization David Bouman (@pqlqpql) Bug Bounty2022-04-022023-06-13
1654The Bug That Kept On Giving :: PaymentBypass :: Eposed Return Url Payment bypass Logic flaw NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2022-04-052023-06-13
1623Multiple Vulnerabilities in Cisco Expressway Memory leak Exposed administrative interface STUN TURN Cisco Christian Mehlmauer (@firefart) Bug Bounty2022-04-142023-06-13
1124Turning cookie based XSS into account takeover XSS Account takeover Terrahost Bartłomiej Bergier (@_bergee_) Bug Bounty2022-09-062023-06-13
1121How to turn security research into profit: a CL.0 case study HTTP request smuggling Desync attack NA James Kettle (@albinowax) Bug Bounty2022-09-082023-06-13
1068Turning Your Computer Into a GPS Tracker With Apple Maps Privacy issue Information disclosure Apple Ron Masas (@RonMasas) Bug Bounty2022-09-182023-06-13