Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4899RCE Vulnerabilite in Yahoo Subdomain! ( Yahoo! RCE via Spring Engine SSTI ) By tghawkins RCE Yahoo! / Verizon Media Mohamed Haron (@m7mdharon) Bug Bounty2018-01-052023-06-13
4889Reflected File Download ( RFD ) in www.Google.com Reflected File Download Google Mohamed Haron (@m7mdharon) Bug Bounty2018-01-182023-06-13
4883Reflected XSS + Possible Server Side Template Injection in HubSpot CMS ( All Websites Uses HubSpot was affected ) Reflected XSS HubSpot Mohamed Haron (@m7mdharon) Bug Bounty2018-01-242023-06-13
4827Reflected XSS Moogaloop SWF ( Version < 6.2.x ) Flash XSS Reflected XSS Vimeo Mohamed Haron (@m7mdharon) Bug Bounty2018-03-262023-06-13
4822XSS In sports.tw.campaign.yahoo.net Reflected XSS Yahoo! / Verizon Media Mohamed Haron (@m7mdharon) Bug Bounty2018-03-312023-06-13
4821XSS in Yahoo Subdomain Flash XSS Yahoo! / Verizon Media Mohamed Haron (@m7mdharon) Bug Bounty2018-03-312023-06-13
4820My Best Small Report Bounty Report in Private Program ( Django REST framework Admin Login ByPass ) SQL injection Authentication bypass Account takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2018-04-012023-06-13
4815Link injection on 2 Twitter Subdomain Hyperlink injection Twitter Mohamed Haron (@m7mdharon) Bug Bounty2018-04-052023-06-13
4813Reflected XSS on www.zomato.com By Mustafa Hasan Reflected XSS Zomato Mohamed Haron (@m7mdharon) Bug Bounty2018-04-072023-06-13
4746Reflected XSS in Yahoo Subdomain ( hk.movies.yahoo.com ) Reflected XSS Yahoo! / Verizon Media Mohamed Haron (@m7mdharon) Bug Bounty2018-05-302023-06-13
4665Shipt Subdomain TakeOver via HeroKu ( test.shipt.com ) Subdomain takeover Shipt Mohamed Haron (@m7mdharon) Bug Bounty2018-08-012023-06-13
4647My Disclosed Report about Basic auth Api details at Reverb.com Information disclosure Reverb Mohamed Haron (@m7mdharon) Bug Bounty2018-08-092023-06-13
4620Reflected Swf XSS at ( https://plugins.svn.wordpress.org ) Flash XSS Reflected XSS WordPress Mohamed Haron (@m7mdharon) Bug Bounty2018-09-072023-06-13
4616Reflected XSS in Django REST Framework Api at MapBox Subdomain Reflected XSS Mapbox Mohamed Haron (@m7mdharon) Bug Bounty2018-08-292023-06-13
4558Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com ) with Steps Subdomain takeover Shopify Mohamed Haron (@m7mdharon) Bug Bounty2018-10-012023-06-13
4306[SSRF] Server Side Request Forgery in a private Program developers.example.com SSRF NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-142023-06-13
4303Souq.com Subdomain Takeover via jazzhr.com service Subdomain takeover Souq.com Mohamed Haron (@m7mdharon) Bug Bounty2019-02-152023-06-13
4302Subdomain Takeover via HubSpot Subdomain takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-152023-06-13
4299Subdomain Takeover via Wufoo Service in a Private Program Subdomain takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-162023-06-13
42942 Subdomains Takeover via Unbounce in a Private Program Subdomain takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-182023-06-13
4283Subdomain Misconfiguration lead to AWS S3 Buckets Reader Subdomain takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-222023-06-13
4276[Still work] Redirect Yahoo Subdomain XSS Reflected from americangreetings.com Reflected XSS Yahoo! / Verizon Media Mohamed Haron (@m7mdharon) Bug Bounty2019-02-262023-06-13
4205[RCE] Remote code execution at api.PrivateProgram.com (CVE-2017-5638) RCE NA Mohamed Haron (@m7mdharon) Bug Bounty2019-04-122023-06-13
4009Old GitHub Profile Takeover! Github account takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2019-07-282023-06-13
4006SQL Injection in private-site.com/login.php SQL injection NA Mohamed Haron (@m7mdharon) Bug Bounty2019-07-302023-06-13