Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2607From Wayback Machine To Account Takeover Open redirect Account takeover NA Demon (@R29k_) Bug Bounty2021-04-252023-06-13
2592Facebook account takeover due to unsafe redirects after the OAuth flow OAuth Open redirect Account takeover Meta / Facebook Youssef Sammouda (@samm0uda) Bug Bounty2021-04-302023-06-13
2591Password reset code brute-force vulnerability in AWS Cognito Password reset Bruteforce Rate limiting bypass Account takeover AWS Pentagrid (@pentagridsec) Bug Bounty2021-04-302023-06-13
2550My Fourth Account takeover through password reset Account takeover Password reset NA Omar Hamdy (@seaman00o) Bug Bounty2021-05-172023-06-13
2528Chaining XSS with authentication issues to turn it into full account takeover XSS Account takeover NA N1GHTMAR3 (@n1ghtmar3_2421) Bug Bounty2021-05-242023-06-13
2523How I hacked a Target again and again… OAuth Account takeover XSS Broken Access Control NA Aditya Verma (@0cirius0) Bug Bounty2021-05-272023-06-13
2518Account Takeover via iFrame Injection Iframe injection Account takeover NA xbforce (@xbforce) Bug Bounty2021-05-292023-06-13
2486Story of Account Takeover : Using Social Login with Mass Assignment Vulnerability to hack accounts ! Mass assignment Account takeover NA Mohammad Kaif Bug Bounty2021-06-132023-06-13
2473Part-1 Dive into Zoom Applications CSRF Payment bypass Logic flaw Account takeover Privilege escalation Zoom Rakesh Thodupunoori (@rakesh_3895) Bug Bounty2021-06-162023-06-13
2466Account takeover via stored XSS with arbitrary file upload Insecure file upload XSS Account takeover NA 0xbadb00da (@0xbadb00da) Bug Bounty2021-06-182023-06-13
2463Zero Click account Takeover Account takeover Password reset NA Zahir Tariq (@ZahirTariq3) Bug Bounty2021-06-192023-06-13
2461How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It Account takeover MFA bypass Rate limiting bypass Race condition Apple Laxman Muthiyah (@laxmanmuthiyah) Bug Bounty2021-06-192023-06-13
2459Stored XSS via Invite leading to Mass Account Takeover at Opera. Stored XSS Opera Samrat Gupta (@Sm4rty_) Bug Bounty2021-06-202023-06-13
2449From Information Disclosure to interesting Privilege Escalation Information disclosure Account takeover Privilege escalation NA David Shaul (@dudy2kk) Bug Bounty2021-06-252023-06-13
2442Taking over Uber accounts through voicemail Account takeover Voicemail hacking Uber Shubham Shah (@infosec_au) Bug Bounty2021-06-272023-06-13
2438How I was able to Takeover Accounts on Foxit.com Password reset Account takeover NA Jefferson Gonzales (@gonzxph) Bug Bounty2021-06-292023-06-13
2435Testing Cookies worth $500 Account takeover IDOR NA Sankalpa Acharya (@sankalpa_02) Bug Bounty2021-06-302023-06-13
2423Account Takeovers — Believe the Unbelievable Account takeover Session management issue Weak credentials Components with known vulnerabilities Password reset NA Nikhil (niks) (@niksthehacker) Bug Bounty2021-07-092023-06-13
2420Critical Bug Bounty Reports: Part 1 Account takeover Password reset RCE Information disclosure NA Greg Gibson Bug Bounty2021-07-112023-06-13
2415Part 2: Dive into Zoom Applications CSRF Account takeover Information disclosure Session expiration issue Authorization flaw Logic flaw Zoom Rakesh Thodupunoori (@rakesh_3895) Bug Bounty2021-07-132023-06-13
2402Account Takeover + A Bonus Vulnerability Account takeover Session fixation NA Vikash Maurya Bug Bounty2021-07-182023-06-13
2392Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm Weak crypto NA Craig Hays (@craighays) Bug Bounty2021-07-222023-06-13
2384Bug Chain leads to Mass Account Takeover! Information disclosure Password reset Account takeover NA Shubhayu Majumdar (@shubhayu64) Bug Bounty2021-07-262023-06-13
2380You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures Password reset Host header injection CSRF Account takeover NA Tommaso Innocenti (@innotommy) Bug Bounty2021-07-262023-06-13
2375Information Disclosure to Account Takeover Information disclosure OAuth Account takeover Authentication bypass NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-07-282023-06-13