Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3059CVE-2020-13294 Authentication flaw OpenID Connect OAuth GitLab Lauritz Holtmann (@_lauritz_) Bug Bounty2020-11-012023-06-13
2965TikTok Careers Portal Account Takeover CSRF Open redirect Account takeover TikTok Lauritz Holtmann (@_lauritz_) Bug Bounty2020-12-152023-06-13
2672XSS in Large Messenger and Payment App - a Shout Out to Parameter Guessing XSS HTML injection NA Lauritz Holtmann (@_lauritz_) Bug Bounty2021-04-022023-06-13
2098Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri OAuth Prototype pollution GitHub Microsoft StackExchange Lauritz Holtmann (@_lauritz_) Bug Bounty2021-11-062023-06-13
1990Flickr Account Takeover Account takeover Authentication flaw Flickr Lauritz Holtmann (@_lauritz_) Bug Bounty2021-12-182023-06-13
1449Personal Access Token Disclosure in Asana Desktop Application Information disclosure Hardcoded credentials Asana Lauritz Holtmann (@_lauritz_) Bug Bounty2022-06-182023-06-13
497SSO Gadgets: Escalate (Self-)XSS to ATO SSO OAuth Account takeover Self-XSS Login CSRF NA Lauritz Holtmann (@_lauritz_) Bug Bounty2023-02-042023-06-13