Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4963Subdomain Takeover Through Expired Cloudfront Distribution | live.lamborghini.co Subdomain takeover Lamborghini Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2017-10-102023-06-13
4962Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net CORS misconfiguration Artsy Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2017-10-102023-06-13
4961Bugcrowd’s Domain & Subdomain Takeover vulnerability! Subdomain takeover Bugcrowd Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2017-10-102023-06-13
4947Accessing Localhost via Vhost vHost misconfiguration NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2017-11-042023-06-13
4927UBER Wildcard Subdomain Takeover | BugBounty POC Subdomain takeover Uber Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2017-11-202023-06-13
4911Unrestricted File Upload to RCE | Bug Bounty POC RCE Meta / Facebook Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2017-12-192023-06-13
4766How I was able to get subscription of $120/year For Free Payment bypass WeTransfer Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-05-182023-06-13
4604RCE Unsecure Jenkins Instance | Bug Bounty POC RCE Exposed Jenkins instance NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-09-072023-06-13
4602SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC SQL injection Nutanix Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-09-082023-06-13
4598ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC XSS SQL injection ZOL Zimbabwe Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-09-092023-06-13
4594Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC SQL injection AutoTrader Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-09-102023-06-13
4584IDOR User Account Takeover By Connecting My Facebook Account with victims Account IDOR Meta / Facebook Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-09-162023-06-13
4569Subdomain Takeover via Unsecured S3 Bucket Connected to the Website Subdomain takeover NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-09-242023-06-13
4500P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC Information disclosure NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-11-012023-06-13
3705Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC Parameter tampering Meta / Facebook Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2020-01-262023-06-13
3689Exploiting Insecure Firebase Database! Insecure Firebase database Android NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2020-02-042023-06-13
3656Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC Information disclosure Hardcoded credentials NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2020-02-192023-06-13
3571Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC RCE Microsoft Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2020-03-312023-06-13
3355Using Inspect Element to Bypass Security restrictions | Bug Bounty POC Client-side enforcement of server-side security NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2020-06-302023-06-13
1778Hacking Subscription Plans for free service. Payment bypass OTP bypass NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2022-02-272023-06-13
179How I Manipulated My Rank on the Bugcrowd Platform Logic flaw Bugcrowd Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2023-04-192023-06-13