Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5278Hijacking a Facebook Account with SMS Authorization flaw Account takeover Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2013-06-262023-06-13
5269Facebook CSRF leading to full account takeover (fixed) CSRF Account takeover Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2013-10-182023-06-13
5255How I hacked Github again. Open redirect Account takeover Information disclosure GitHub Egor Homakov (@homakov) Bug Bounty2014-02-072023-06-13
5164Medium Full Account Takeover By One Click XSS Medium Abdullah Hussam (@Abdulahhusam) Bug Bounty2016-06-232023-06-13
5162TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking CSRF Account takeover Topcoder.com Mohamed A. Baset Bug Bounty2016-06-282023-06-13
5138Bug Bounty : Account Takeover Vulnerability POC OAuth Account takeover XSS NA Rakesh Mane (@RakeshMane10) Bug Bounty2016-09-162023-06-13
5112How I could have compromised any account on one of the biggest startup based in California Account takeover IDOR Password reset NA Prateek Tiwari (@prateek_0490) Bug Bounty2017-01-282023-06-13
5096One company: 262 bugs, 100% acceptance, 2.57 priority, millions of user details saved. Stored XSS Blind XSS CSRF Account takeover IDOR NA Zseano (@zseano) Bug Bounty2017-02-252023-06-13
5060Let’s steal some tokens! CSRF XSS Account takeover Google Shopify Mahmoud Gamal (@Zombiehelp54) Bug Bounty2017-06-112023-06-13
5036Fabric.io API permission apocalypse – Privilege Escalations Authorization flaw Account takeover Twitter WeSecureApp (@wesecureapp) Bug Bounty2017-07-102023-06-13
5035Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information IDOR Account takeover NA Zseano (@zseano) Bug Bounty2017-07-132023-06-13
5003Password Not Provided - Compromising Any Flurry User%27s Account [Yahoo Bug Bounty] Authentication flaw Account takeover Yahoo! / Verizon Media Jack Cable (@jackhcable) Bug Bounty2017-08-152023-06-13
4932JWT Refresh Token Manipulation JWT Authentication bypass Account takeover NA Mikail Tunç (@emtunc) Bug Bounty2017-11-162023-06-13
4914Don%27t Trust the Host Header for Sending Password Reset Emails Password reset Account takeover Mavenlink Jack Cable (@jackhcable) Bug Bounty2017-12-132023-06-13
4909Account Takeover Due to Misconfigured Login with Facebook/Google Account takeover Authorization flaw Google Meta / Facebook Bhavuk Jain (@bhavukjain1) Bug Bounty2017-12-202023-06-13
4880Full Account Takeover through CORS with connection Sockets CORS misconfiguration Account takeover NA Samuel (@saamux) Bug Bounty2018-01-252023-06-13
4864I figured out a way to hack any of Facebook’s 2 billion accounts, and they paid me a $15,000 bounty for it Bruteforce Account takeover Meta / Facebook Anand Prakash (@anandpraka_sh) Bug Bounty2018-02-092023-06-13
4854How I hacked Tinder accounts using Facebook’s Account Kit and earned $6,250 in bounties Account takeover Authorization flaw Tinder Meta / Facebook Anand Prakash (@anandpraka_sh) Bug Bounty2018-02-202023-06-13
4835#BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality Logic flaw Password reset Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2018-03-142023-06-13
4820My Best Small Report Bounty Report in Private Program ( Django REST framework Admin Login ByPass ) SQL injection Authentication bypass Account takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2018-04-012023-06-13
4808Please email me your password Blind XSS Blind SQL injection SMTP injection Account takeover NA Jasmin Laundry (@JR0ch17) Bug Bounty2018-04-112023-06-13
4792Bypassing the Current Password Protection at PayPal TechSupport Portal Authorization flaw Account takeover Paypal YoKo Kho (@YokoAcc) Bug Bounty2018-04-192023-06-13
4763How i HACKED admin account via password reset IDOR function of one private currency exchanger site IDOR Account takeover Password reset NA Aayush Pokhrel (@aayushpok) Bug Bounty2018-05-192023-06-13
4755#BugBounty — "How I was able to hack any user account via password reset?" IDOR Account takeover Password reset NA Bikash Gupta (@BgxDoc) Bug Bounty2018-05-232023-06-13
4748Account Takeover and Blind XSS! Go Pro, get Bugs! IDOR Stored XSS Account takeover Blind XSS NA Tabahi (@_tabahi) Bug Bounty2018-05-302023-06-13