Write-ups

Check The Published Writeups

WDBTitleTagsProgramsAuthorsTypePublicationAdded
2646Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion LFI Information disclosure NA Arben Shala (@arbennsh) Bug Bounty2021-04-132023-06-13
2645Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution Authentication bypass OS command injection RCE Cisco T. Shiomitsu Bug Bounty2021-04-132023-06-13
2643Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Microsoft Azure Sphere RCE Microsoft Cisco Talos Bug Bounty2021-04-142023-06-13
2642Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027) Man-in-the-Disk attack Meta / Facebook CENSUS Bug Bounty2021-04-142023-06-13
2641How I got 9000 USD by hacking into iCloud XSS Apple Alexandre Fernandes (@fernale) Bug Bounty2021-04-152023-06-13
2640Allow arbitrary URLs, expect arbitrary code execution RCE Nextcloud Telegram VLC Fabian Bräunlein Bug Bounty2021-04-152023-06-13
2639Fun sql injection — mod_security bypass SQL injection NA _Y000_ (@_Y000_) Bug Bounty2021-04-162023-06-13
2638How I earned $$$$ through Stored XSS Stored XSS CSTI NA Harish Bug Bounty2021-04-162023-06-13
2637(POC) Update business fyi message as Facebook page analyst IDOR GraphQL Meta / Facebook Ahmad Talahmeh Bug Bounty2021-04-172023-06-13
2636Lets Learn English - Hacking 10M+ Users AWS misconfiguration Insecure Firebase database OTP bypass Account takeover Logic flaw NA Aseem Shrey (@AseemShrey) Bug Bounty2021-04-172023-06-13
2635(POC) Remove any Facebook’s live video ($14,000 bounty) Logic flaw Meta / Facebook Ahmad Talahmeh Bug Bounty2021-04-172023-06-13
2634Discoure themes OS Command Injection RCE OS command injection Discourse joernchen (@joernchen) Bug Bounty2021-04-182023-06-13
2633XSS via Exif Data - The P2 Elevator Stored XSS NA Jerry Shah (@Jerry) Bug Bounty2021-04-182023-06-13
2632Misconfiguration in Change-password Functionality Leads to Account Takeover IDOR Logic flaw Password reset Account takeover NA Mahmoud Radwan (@0x___2m) Bug Bounty2021-04-182023-06-13
2631Pwning your assignments: Stored XSS via GraphQL endpoint Stored XSS GraphQL NA Kartik Sharma (@dominat0r98) Bug Bounty2021-04-182023-06-13
2630Exploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty program Unrestricted file upload RCE NA Jadek Mark (@mase289) Bug Bounty2021-04-182023-06-13
2629(POC) Untrim any live video on Facebook Authorization flaw Meta / Facebook Ahmad Talahmeh Bug Bounty2021-04-182023-06-13
2628Unauthorized access to admin setpassword page BY bypassing 403 Forbidden Authorization flaw NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-04-182023-06-13
2627Blind SSRF to Port Scanning through response time SSRF NA Harish Bug Bounty2021-04-192023-06-13
2626Harvesting Active Directory credentials via HTTP Request Smuggling HTTP request smuggling NA Tijme Gommers (@tijme) Bug Bounty2021-04-192023-06-13
2625IDOR leads to leaked the likes count even though is hidden by victim | YouTube ($XXXX) IDOR Logic flaw Google R ando (@Rando02355205) Bug Bounty2021-04-202023-06-13
2624Auth Bypass in Google Workspace Real Time Collaboration Authentication bypass Information disclosure Google David Schütz (@xdavidhu) Bug Bounty2021-04-202023-06-13
2623Playing With iframes: Bypassing Content-Security-Policy CSP bypass Open redirect HTML injection NA JM Sanchez / 0xEchidonut (@jmrcsnchz) Bug Bounty2021-04-202023-06-13
2622CVE-2021-30481: Source engine remote code execution via game invites RCE Integer underflow Valve floesen (@floesen_) Bug Bounty2021-04-202023-06-13
2621DMCA.COM Hack, Full Disclosure (With Proof-of-Concept) Privilege escalation Client-side enforcement of server-side security Stored XSS Broken Access Control DMCA Joël Aviad Ossi Bug Bounty2021-04-212023-06-13