Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4886File Disclosure via .DS_Store file (macOS) Directory listing Meta / Facebook Omar Espino (@omespino) Bug Bounty2018-01-232023-06-13
4875Getting access to prompt debug dialog and serialized tool on main website facebook.com Information disclosure Debug mode enabled Meta / Facebook Omar Espino (@omespino) Bug Bounty2018-01-312023-06-13
4873Internal IPs disclosure Information disclosure Nokia Omar Espino (@omespino) Bug Bounty2018-02-022023-06-13
4852POODLE SSLv3 bug on multiple twitter smtp servers Cryptographic issues Twitter Omar Espino (@omespino) Bug Bounty2018-02-212023-06-13
4692WRITE UP – TELEGRAM BUG BOUNTY – WHATSAPP N/A [“Blind” XSS Stored iOS in messengers twins, who really care about your security?] Blind XSS Meta / Facebook Omar Espino (@omespino) Bug Bounty2018-07-162023-06-13
4605Write-up - Love story, from closed as informative to $3,500 USD, XSS stored in Yahoo! iOS MaiL app Stored XSS Yahoo! / Verizon Media Omar Espino (@omespino) Bug Bounty2018-09-072023-06-13
4251Write up – $1,000 usd in 5 minutes, xss stored in outlook.com (ios browsers) Stored XSS Microsoft Omar Espino (@omespino) Bug Bounty2019-03-142023-06-13
4145WRITE UP – GOOGLE BUG BOUNTY: LFI ON PRODUCTION SERVERS in “springboard.google.com” – $13,337 USD LFI Google Omar Espino (@omespino) Bug Bounty2019-05-212023-06-13
3952Private bug bounty $$,$$$ USD: “RCE as root on Marathon-Mesos instance” RCE NA Omar Espino (@omespino) Bug Bounty2019-08-272023-06-13
3124Write Up – Google Bug Bounty: XSS To Cloud Shell Instance Takeover (Rce As Root) – $5,000 USD XSS RCE Google Omar Espino (@omespino) Bug Bounty2020-10-012023-06-13
2957Write Up: Google VRP N/A – Sandboxed Rce As Root On Apigee API Proxies RCE Google Omar Espino (@omespino) Bug Bounty2020-12-192023-06-13
2730Write Up – Google VRP N/A: SSRF Bypass With Quadzero In Google Cloud Monitoring SSRF Google Omar Espino (@omespino) Bug Bounty2021-03-082023-06-13
2147Write Up – Google VRP N/A: Arbitrary Local File Read (Macos) Via <a> Tag And Null Byte (%00) In Google Earth Pro Desktop App Local File Read Google Omar Espino (@omespino) Bug Bounty2021-10-142023-06-13
2114Write Up – XSS Stored In api.media.atlassian.com Via Doc File (iOS) Stored XSS Atlassian Omar Espino (@omespino) Bug Bounty2021-10-282023-06-13
2088Write Up – Google VRP Bug Bounty: /etc/environment Local Variables Exfiltrated On Linux Google Earth Pro Desktop App – $1,337 USD XSS Google Omar Espino (@omespino) Bug Bounty2021-11-112023-06-13
2069Write Up – Apple N/A: PII Information, Full Contact List, Main Phone No. And Main Icloud Email Extracted; Bug Patched: Arbitrary Local File Read Via Zip File And Symlinks On Ios Files App. Arbitrary file read Apple Omar Espino (@omespino) Bug Bounty2021-11-172023-06-13
2027Write Up – XSS Stored In files.slack.com Via XML/SVG File (iOS) – $1,000 USD XSS Slack Omar Espino (@omespino) Bug Bounty2021-12-032023-06-13
1912Write Up – Private Bug Bounty: Firebase Database Exposed By Misconfiguration – $2,000 USD Android Insecure Firebase database NA Omar Espino (@omespino) Bug Bounty2022-01-172023-06-13
1853Write Up – Private Bug Bounty: RCE In EC2 Instance Via SSH With Private Key Exposed On Public Github Repository – $xx,000 USD Information disclosure NA Omar Espino (@omespino) Bug Bounty2022-02-032023-06-13
1789Write Up – Android Application Screen Lock Bypass Via ADB Brute Forcing Android Bruteforce Authentication bypass NA Omar Espino (@omespino) Bug Bounty2022-02-222023-06-13
1674Write Up – Finapi (Open Banking API) Oauth Credentials Exposed In Plain Text In Android App Hardcoded credentials Android NA Omar Espino (@omespino) Bug Bounty2022-04-012023-06-13