Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5096One company: 262 bugs, 100% acceptance, 2.57 priority, millions of user details saved. Stored XSS Blind XSS CSRF Account takeover IDOR NA Zseano (@zseano) Bug Bounty2017-02-252023-06-13
5035Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information IDOR Account takeover NA Zseano (@zseano) Bug Bounty2017-07-132023-06-13
4936How signing up for an account with an @company.com email can have unexpected results Logic flaw NA Zseano (@zseano) Bug Bounty2017-11-152023-06-13
4710How re-signing up for an account lead to account takeover Logic flaw Account takeover NA Zseano (@zseano) Bug Bounty2018-06-262023-06-13
4507Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable CSRF Clickjacking NA Zseano (@zseano) Bug Bounty2018-10-292023-06-13
4504CSRF %27protection%27 bypass on xvideos CSRF xvideos Zseano (@zseano) Bug Bounty2018-10-302023-06-13
4503It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive knowledge about the program Information disclosure Authentication bypass Account takeover NA Zseano (@zseano) Bug Bounty2018-10-302023-06-13
4144Leaking OpenID tokens with “ — the bug right infront of you OpenID Connect Open redirect Token leak NA Zseano (@zseano) Bug Bounty2019-05-212023-06-13
3690Easily leaking passenger information on an Airline IDOR NA Zseano (@zseano) Bug Bounty2020-02-042023-06-13
3263New features means new bugs Logic flaw Authorization flaw Payment bypass NA Zseano (@zseano) Bug Bounty2020-07-302023-06-13
3262Using XAMPP and Burp Intruder when scanning for subdomains to look for interesting behaviour & code Information disclosure NA Zseano (@zseano) Bug Bounty2020-07-302023-06-13
3239The feature works as intended, but what’s in the source? Information disclosure NA Zseano (@zseano) Bug Bounty2020-08-082023-06-13
2055Finding XSS on .apple.com and building a proof of concept to leak your PII information XSS Apple Zseano (@zseano) Bug Bounty2021-11-232023-06-13