Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4495Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining) Open redirect Token leak Account takeover NA Muhammad Asim Shahzad (@protector47) Bug Bounty2018-11-032023-06-13
4379Stealing Side-Channel Attack Tokens in Facebook Account Switcher Token leak Meta / Facebook Max Pasqua Bug Bounty2019-01-042023-06-13
4335Hijacking accounts by retrieving JWT tokens via unvalidated redirects Open redirect Token leak NA Shawar Khan (@ShawarkOFFICIAL) Bug Bounty2019-01-272023-06-13
4144Leaking OpenID tokens with “ — the bug right infront of you OpenID Connect Open redirect Token leak NA Zseano (@zseano) Bug Bounty2019-05-212023-06-13
4052OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect Open redirect Token leak Account takeover Airbnb Evgeniy Yakovchuk (@h1_sp1d3r) Bug Bounty2019-07-102023-06-13
3712Password Reset Token Leak Via Referrer Password reset Information disclosure NA Shrey Shah (@ShreySh43332033) Bug Bounty2020-01-222023-06-13
3537DOM based open redirect to the leak of a JWT token Open redirect DOM-based open redirect Token leak NA Adolphoramirez Bug Bounty2020-04-202023-06-13
3343How i got 200$ with an out of the box open redirect vulnerability Open redirect Token leak NA Tarek Galleze Bug Bounty2020-07-032023-06-13
3029Exploiting API with AuthToken Token leak Information disclosure NA Rafi Ahamed (Leonidas D. Ace) Bug Bounty2020-11-152023-06-13
2767Password Reset Token Leak via X-Forwarded-Host Host header injection Account takeover Password reset NA Saajan Bhujel (@saajanbhujel) Bug Bounty2021-02-262023-06-13
2481Stealing tokens, emails, files and more in Microsoft Teams through malicious tabs postMessage Token leak Microsoft Evan Grant (@stargravy) Bug Bounty2021-06-142023-06-13
2313Account Takeover via Access Token Leakage IDOR Information disclosure Account takeover NA Tuhin Bose (@tuhin1729_) Bug Bounty2021-08-192023-06-13
2237GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink Logic flaw Information disclosure GitHub Justin Steven (@justinsteven) Bug Bounty2021-09-082023-06-13
1958Bypassing Identity-Aware Proxy - Google Cloud Vulnerability Authorization flaw Token leak OAuth Google SebLu Bug Bounty2021-12-302023-06-13
1955Bug Hunting Journey of 2021 Stored XSS Open redirect Token leak CSRF Logic flaw Information disclosure IDOR Account takeover NA Sudhanshu Rajbhar (@sudhanshur705) Bug Bounty2021-12-312023-06-13
1791OAuth and PostMessage - Chaining misconfigurations for your access token. OAuth postMessage Token leak NA Suraj Disoja (@ninetyn1ne_) Bug Bounty2022-02-212023-06-13
1615Full Account Takeover via Open Redirection Open redirect Token leak Account takeover OAuth NA vFlexo (@vflexo) Bug Bounty2022-04-172023-06-13
1588Sensitive Data Exfiltration through XSS ($450) Token leak NA Zulfi Al-Farizi Bug Bounty2022-04-302023-06-13
1359Authorization token leak from verify email endpoint Account takeover Information disclosure NA Vengeance Bug Bounty2022-07-162023-06-13
1198Never underestimate the power of open redirect, a story of a full account takeover Open redirect Account takeover Token leak NA Ibrahim Auwal (@ibrahimatix0x01) Bug Bounty2022-08-202023-06-13
1104Fun With CORS CORS misconfiguration Token leak NA Talis Ozols Bug Bounty2022-09-082023-06-13
1067Android Application Forgot Password Token Leakage Leading to Account Takeover Information disclosure Password reset Account takeover Android NA Cyberali Bug Bounty2022-09-192023-06-13
684Simple CORS misconfig leads to disclose the sensitive token worth of $$$ CORS misconfiguration Token leak Linear Ramalingasamy Bug Bounty2022-12-162023-06-13
398draw.io CVEs SSRF OAuth Open redirect Token leak Security code review draw.io @caioluders Bug Bounty2023-02-242023-06-13
294OAuth 2.0 Authentication Misconfiguration OAuth Account takeover Open redirect Token leak NA Mohamed Lakhdar Metidji (@minometidjii) Bug Bounty2023-03-162023-06-13