Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5195A Hilarious ESET Broken Authentication Vulnerability (one click free purchase) Authentication flaw SQL injection ESET Mohamed A. Baset Bug Bounty2016-02-122023-06-13
5136Vine Re-auth Bypass [Twitter Bug Bounty] Authentication flaw Twitter Abdullah Hussam (@Abdulahhusam) Bug Bounty2016-09-212023-06-13
5003Password Not Provided - Compromising Any Flurry User%27s Account [Yahoo Bug Bounty] Authentication flaw Account takeover Yahoo! / Verizon Media Jack Cable (@jackhcable) Bug Bounty2017-08-152023-06-13
4866Bug bounty left over (and rant) Part III (Google and Twitter) OAuth Authentication flaw Information disclosure Google Twitter Antonio Sanso (@asanso) Bug Bounty2018-02-062023-06-13
4502Bypass HackerOne 2FA requirement and reporter blacklist Logic flaw MFA bypass Authentication flaw HackerOne Japz Divino (@japzdivino) Bug Bounty2018-10-312023-06-13
4341How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc) Logic flaw Authentication flaw Google Microsoft Meta / Facebook Luke Berner Bug Bounty2019-01-252023-06-13
4285Swiss_E-Voting_Publications XSS XXE RCE Missing authentication Authentication flaw Hardcoded credentials Swiss E-Voting setuid0 (@_setuid0_) Bug Bounty2019-02-212023-06-13
4133How did I bypass a Custom Brute Force protection and why that solution is not a good idea? Bruteforce Authentication flaw NA dortz Bug Bounty2019-05-252023-06-13
3871[ BUG BOUNTY ] Flaw in Authentication ( Hall of Fame Google ) Authentication flaw Google Danang Tri Atmaja (@danangtriatmj) Bug Bounty2019-10-212023-06-13
3473How Netgear meshed(*) up WiFi for Business Weak crypto Authentication flaw Netgear Thorsten Schröder Bug Bounty2020-05-182023-06-13
3193Account Takeover For The Win 🏆 Account takeover Authentication flaw Password reset NA Ricardo Iramar dos Santos (@ricardo_iramar) Bug Bounty2020-08-242023-06-13
3144How I earned $500 from Google - Flaw in Authentication Authentication flaw Google Hemant Patidar (@HemantSolo) Bug Bounty2020-09-202023-06-13
3059CVE-2020-13294 Authentication flaw OpenID Connect OAuth GitLab Lauritz Holtmann (@_lauritz_) Bug Bounty2020-11-012023-06-13
2861Weird functionality leads to Account Takeover (Millions of Users affected) Account takeover Authentication flaw NA Sahil Mehra (@nullr3x) Bug Bounty2021-01-272023-06-13
2839Microsoft Remote Desktop Web Access Authentication Timing Attack Timing attack Authentication flaw Microsoft Matt Dunn Bug Bounty2021-02-042023-06-13
2828Duplicate Registration - The Twinning Twins Account takeover Authentication flaw NA Jerry Shah (@Jerry) Bug Bounty2021-02-082023-06-13
2766Account Takeover - Smoking with null’ Account takeover Authentication flaw NA Jerry Shah (@Jerry) Bug Bounty2021-02-262023-06-13
2653Auth Issues Authentication flaw Logic flaw Google Rojan Rijal (@uraniumhacker) Bug Bounty2021-04-092023-06-13
2499Shopify Multipass Misconfiguration Authentication flaw Logic flaw NA Ahmed A. Sherif Bug Bounty2021-06-052023-06-13
2489Bypassing 2FA using OpenID Misconfiguration MFA bypass Authentication flaw NA Youstin (@iustinBB) Bug Bounty2021-06-112023-06-13
2119Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD Broken authentication Authentication flaw GoCD Sonar (@SonarSource) Bug Bounty2021-10-272023-06-13
2075Full account takeover through referral code. Authentication flaw Account takeover Shipt Mostafa Mamdoh Bug Bounty2021-11-162023-06-13
2064How I accidentally hacked many companies using N/A vulnerability in Atlassian Cloud Information disclosure Authentication flaw Atlassian Valeriy Shevchenko (@Krevetk0Valeriy) Bug Bounty2021-11-192023-06-13
1990Flickr Account Takeover Account takeover Authentication flaw Flickr Lauritz Holtmann (@_lauritz_) Bug Bounty2021-12-182023-06-13
1696Bug Bounty Adventures: A NodeBB 0-day CSRF Account takeover SSO Authentication flaw Opera Marouane Mouhtadi (@Mar0_0uane) Bug Bounty2022-03-252023-06-13