Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2690How I was able to see likes and dislikes count even though is hidden by victim | YouTube #2 Broken Access Control IDOR Google R ando (@Rando02355205) Bug Bounty2021-03-262023-06-13
2687How I was able to see likes and dislikes count even though is hidden by victim | YouTube #1 Broken Access Control IDOR Google R ando (@Rando02355205) Bug Bounty2021-03-282023-06-13
2625IDOR leads to leaked the likes count even though is hidden by victim | YouTube ($XXXX) IDOR Logic flaw Google R ando (@Rando02355205) Bug Bounty2021-04-202023-06-13
2503How I was able to see likes and dislikes count even though is hidden by victim | YouTube #3 Broken Access Control Google R ando (@Rando02355205) Bug Bounty2021-06-042023-06-13
1844How can I access the members-only video comment? | YouTube ($5,000) Broken Access Control Google R ando (@Rando02355205) Bug Bounty2022-02-072023-06-13
1805Stored XSS in message.alibaba.com ($2,000) Stored XSS Alibaba R ando (@Rando02355205) Bug Bounty2022-02-182023-06-13
1744I can see the dislikes count even though is hidden by YouTube | YouTube ($500) Broken Access Control IDOR NA R ando (@Rando02355205) Bug Bounty2022-03-122023-06-13
1618How I was able to see likes and dislikes count even though is hidden by victim | YouTube #4 Broken Access Control Google R ando (@Rando02355205) Bug Bounty2022-04-152023-06-13
1387Flash XSS in ajax.googleapis.com XSS Google R ando (@Rando02355205) Bug Bounty2022-07-082023-06-13
1213CSRF leads to Account Takeover | Samsung CSRF Account takeover Samsung R ando (@Rando02355205) Bug Bounty2022-08-162023-06-13
1103How I was able to see likes count even though is hidden by victim | YouTube Information disclosure Logic flaw Google R ando (@Rando02355205) Bug Bounty2022-09-082023-06-13
496I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35 Logic flaw Google (Youtube) R ando (@Rando02355205) Bug Bounty2023-02-052023-06-13