Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2620How I was able to inject XSS payload into any user%27s mailbox XSS NA Gaurav Popalghat (@N008x) Bug Bounty2021-04-212023-06-13
2619Remote code execution in Homebrew by compromising the official Cask repository RCE Homebrew RyotaK (@ryotkak) Bug Bounty2021-04-212023-06-13
2618New Clubhouse Security Vulnerabilities Could Happen to Any Growing Unicorn Logic flaw Clubhouse Katie Moussouris (@k8em0) Bug Bounty2021-04-212023-06-13
2617PrivateDrop: Breaking and Fixing Apple AirDrop Privacy issue Information disclosure Apple Alexander Heinrich Bug Bounty2021-04-212023-06-13
2616Got Nice catch by Google OAuth Open redirect CSRF Google Parth Desani (@DesaniParth) Bug Bounty2021-04-222023-06-13
2615Telegram bug bounties: XSS, privacy issues, official bot exploitation and more… XSS Authorization flaw DoS NA Davide Bug Bounty2021-04-222023-06-13
2614Brave — Stealing your cookies remotely Arbitrary file read Brave Software Pedro Oliveira (@kanytu) Bug Bounty2021-04-222023-06-13
2613Page Owners Can’t remove or change page roles of deactivated users (or if Attacker blocks the page owner) in Facebook Lite, Facebook for Android and touch.facebook.com Logic flaw Meta / Facebook Baibhav Anand (@SpongeBhav) Bug Bounty2021-04-222023-06-13
2612AWS internal metadata accessed through SSRF by Chaining an Open Redirect bug SSRF Open redirect NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-04-242023-06-13
2611RCE via Internal Access to Adminer Database Management (Critical) RCE NA Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2021-04-242023-06-13
2610From Wayback Machine To Account Takeover Account takeover Password reset Open redirect NA Demon (@R29k_) Bug Bounty2021-04-252023-06-13
2608Supply Chain Attacks via GitHub.com Releases Logic flaw GitHub Nightwatch Cybersecurity (@nightwatchcyber) Bug Bounty2021-04-252023-06-13
2607From Wayback Machine To Account Takeover Open redirect Account takeover NA Demon (@R29k_) Bug Bounty2021-04-252023-06-13
2606Reflected XSS on Microsoft Reflected XSS Microsoft N45HT Bug Bounty2021-04-252023-06-13
2605CVE-2021-22204 - Recreating a critical bug in ExifTool, no Perl smarts required. RCE Exiftool - Bug Bounty2021-04-262023-06-13
2604Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol Local Privilege Escalation Microsoft Antonio Cocomazzi (@splinter_code) Bug Bounty2021-04-262023-06-13
2603WordPress 5.7 XXE Vulnerability XXE WordPress Sonar (@SonarSource) Bug Bounty2021-04-272023-06-13
2602Exploiting XSS via Markdown on Xiaomi XSS Xiaomi N45HT Bug Bounty2021-04-272023-06-13
2601Reflected DOM-based XSS on DomaiNesia XSS DomaiNesia N45HT Bug Bounty2021-04-272023-06-13
2600How did I earn €€€€ by breaking the back-end logic of the server Logic flaw Information disclosure NA Dewanand Vishal (@dewcode91) Bug Bounty2021-04-282023-06-13
2599The False Oracle — Azure Functions Padding Oracle Issue Padding oracle attack Privilege escalation Microsoft polarply (@polarply) Bug Bounty2021-04-282023-06-13
2598De-anonymising Anonymous Animals in Google Workspace Privacy issue Information disclosure Google David Schütz (@xdavidhu) Bug Bounty2021-04-292023-06-13
2597A tale of Html to Pdf converter ssrf and various bypasses SSRF NA Jatin Aesthetic (@techyfreakk) Bug Bounty2021-04-292023-06-13
2596PHP Supply Chain Attack on Composer Argument injection RCE Supply chain attack Security code review Packagist Thomas Chauchefoin (@swapgs) Bug Bounty2021-04-292023-06-13
2595Exploiting memory corruption vulnerabilities on Android Memory corruption Android Paypal Oversecured (@OversecuredInc) Bug Bounty2021-04-302023-06-13