Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5131Command Injection Without Spaces OS command injection NA Fyoorer (@ƒyoorer) Bug Bounty2016-10-022023-06-13
5118The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean Domain takeover Google Amazon Rackspace DigitalOcean Matthew Bryant (@IAmMandatory) Bug Bounty2016-12-052023-06-13
4870Facebook mailto injection leads to social engineering & spam attack Mailto injection Meta / Facebook Rahul Kankrale (@RahulKankrale) Bug Bounty2018-02-032023-06-13
4851Modifying any Ad Space and Placement IDOR Meta / Facebook Joshua Regio Bug Bounty2018-02-222023-06-13
4515DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE. DoS Meta / Facebook Rahul Kankrale (@RahulKankrale) Bug Bounty2018-10-252023-06-13
4288How I Registered Multiple Accounts in PrivateInternetAccess VPN Service for FREE Logic flaw PrivateInternetAccess VPN Spade Bug Bounty2019-02-202023-06-13
4281Bug Bounty 101 — Always Check The Source Code Lack of rate limiting Information disclosure NA Spazzy Bug Bounty2019-02-232023-06-13
4211SSRF Tips: SSRF/XSPA in Microsoft’s Bing Webmaster Central SSRF XSPA Microsoft Elber Andre (@Elber333) Bug Bounty2019-04-092023-06-13
3793Telegram (v4.9.155353) was rendering file:// links + opening them via NSWorkspace.open -> code execution. RCE Telegram Vladimir Metnew (@vladimir_metnew) Bug Bounty2019-12-082023-06-13
3657A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell XXE RCE Directory Traversal NA Eugene Lim (@spaceraccoonsec) Bug Bounty2020-02-182023-06-13
3608API secret key Leakage leads to disclosure of Employee’s Information Information disclosure NA Ace Candelario (@phspades) Bug Bounty2020-03-132023-06-13
3493$20000 Facebook DOM XSS DOM XSS Meta / Facebook Vinoth Kumar (@vinodsparrow) Bug Bounty2020-05-072023-06-13
3347How I made $1500 dollars using base64 decoder :) Information disclosure NA Dilip (@dilip_spartn) Bug Bounty2020-07-022023-06-13
3277CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data MacOS Local Privilege Escalation Authorization flaw Apple Matt Shockley (@mattshockl) Bug Bounty2020-07-272023-06-13
3217Open Sesame: Escalating Open Redirect to RCE with Electron Code Review Open redirect RCE Security code review NA Eugene Lim (@spaceraccoonsec) Bug Bounty2020-08-142023-06-13
2950Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge Prototype pollution Node.js third-party modules Eugene Lim (@spaceraccoonsec) Bug Bounty2020-12-232023-06-13
2843Applying Offensive Reverse Engineering to Facebook Gameroom Insecure deserialization Meta / Facebook Eugene Lim (@spaceraccoonsec) Bug Bounty2021-02-022023-06-13
2700Cross Site Port Attack - A Stranger’s Call XSPA NA Jerry Shah (@Jerry) Bug Bounty2021-03-212023-06-13
2624Auth Bypass in Google Workspace Real Time Collaboration Authentication bypass Information disclosure Google David Schütz (@xdavidhu) Bug Bounty2021-04-202023-06-13
2598De-anonymising Anonymous Animals in Google Workspace Privacy issue Information disclosure Google David Schütz (@xdavidhu) Bug Bounty2021-04-292023-06-13
2406Logical Flaw Resulting Path Hijacking Namespace attack NA Veshraj Ghimire (@GhimireVeshraj) Bug Bounty2021-07-162023-06-13
2214All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035) RCE Memory corruption Apache Eugene Lim (@spaceraccoonsec) Bug Bounty2021-09-172023-06-13
2149Abusing Slack’s file-sharing functionality to de-anonymise fellow workspace members XSLeaks Slack Julien Cretel (@jub0bs) Bug Bounty2021-10-122023-06-13
2134All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646) RCE Memory corruption Microsoft Eugene Lim (@spaceraccoonsec) Bug Bounty2021-10-222023-06-13
1854Solving DOM XSS Puzzles DOM XSS NA Eugene Lim (@spaceraccoonsec) Bug Bounty2022-02-032023-06-13