Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
711Scoring $$$ for a very simple bug : You don’t always need proxy tools IDOR NA MRD7 (@_mrd7_) Bug Bounty2022-12-102023-06-13
705How “I hacked the Dutch government and got the lousy t-shirt” XSS Dutch Government IamDEAD Bug Bounty2022-12-112023-06-13
704How I became a millionaire in 3h | Fintech Bug Bounty — Part 1 IDOR Lack of rate limiting Logic flaw NA 0x4KD (@0x4kd) Bug Bounty2022-12-122023-06-13
703PII data exfiltration within minutes Information disclosure NA Mayank Garg Bug Bounty2022-12-122023-06-13
702Not usual CSP bypass case Unrestricted file upload XSS CSP bypass NA Karol Mazurek Bug Bounty2022-12-122023-06-13
701CVE-2022-20942: It%27s not old functionality, it%27s vintage Information disclosure Cisco Silver Security (@SugarFiendSec) Bug Bounty2022-12-132023-06-13
700CVE-2019–6238: Apple XAR directory traversal vulnerability Local Privilege Escalation Apple Yiğit Can Yılmaz Bug Bounty2022-12-132023-06-13
698Exploiting an SQL injection with WAF bypass SQL injection WAF bypass NA Benoit Philippe Bug Bounty2022-12-132023-06-13
697Doing it the researcher’s way: How I Managed to Get SSTI (Server Side Template Injection) which lead to arbitrary file reading on One of the Leading Payment Systems in Asia SSTI WAF bypass NA JzeeRx Bug Bounty2022-12-132023-06-13
696How I Hacked A Company (My First Red Team Engagement 🚩)Permalink SQL injection NA Monish Kumar (@aidenpearce369) Bug Bounty2022-12-132023-06-13
695Privilege escalation leads to deleting other user’s account and company Workspace [Access Control] Privilege escalation Broken Access Control NA Pratik Gaikwad Bug Bounty2022-12-142023-06-13
694You’ve Crossed the Line — Disturbing a Host’s Rest Windows MS-RPC DoS Microsoft Ben Barnea (@nachoskrnl) Bug Bounty2022-12-142023-06-13
693CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution Websockets RCE Arbitrary file write Path traversal OnlyOffice Iain Wallace (@strawp) Bug Bounty2022-12-142023-06-13
691CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution Websockets XSS RCE Arbitrary file write Path traversal OnlyOffice Iain Wallace (@strawp) Bug Bounty2022-12-142023-06-13
687Foxit PDF Reader - Use after Free - Remote Code Execution Exploit - CVE-2022-28672 Memory corruption Use-After-Free Foxit Ashfaq Ansari (@HackSysTeam) Bug Bounty2022-12-162023-06-13
686Param Hunting to Injections HTML injection XSS NA 302 Found Bug Bounty2022-12-162023-06-13
685CVE-2022-42710: A journey through XXE to Stored-XSS Stored XSS XXE Security code review Linear Omar Hashem (@OmarHashem666) Bug Bounty2022-12-162023-06-13
683The Bug That Kept On Giving :: PaymentBypass :: Response Manipulation Payment bypass Logic flaw NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2022-12-162023-06-13
682I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS Stored XSS Self-XSS Zoom Eugene Lim (@spaceraccoonsec) Bug Bounty2022-12-172023-06-13
679How I was able to steal users credentials via Swagger UI DOM-XSS DOM XSS Old components with known vulnerabilities NA Mohamed Reda (@M0x0101) Bug Bounty2022-12-182023-06-13
675[GraphQL IDOR]Leaking credit card information of 1000s of users IDOR GraphQL NA Vipul Sahu Bug Bounty2022-12-202023-06-13
674How I got a 4 digits(₹) bounty from an Indian company Broken link hijacking NA RV Sharma Bug Bounty2022-12-202023-06-13
673From PostAuth RCE to PreAuth RCE on Liferay Portal RCE Insecure deserialization NA RV Sharma Bug Bounty2022-12-202023-06-13
672Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities MacOS Local Privilege Escalation SIP bypass Apple (macOS) Mickey Jin (@patch1t) Bug Bounty2022-12-202023-06-13
671Owning half of a government assets through AWS Information disclosure Hardcoded API keys NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2022-12-202023-06-13