Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
625Bypass firewalls with of-CORs and typo-squatting CORS misconfiguration Tesla Chris Grayson Bug Bounty2023-01-022023-06-13
624Access to page with default credentials that require authenticate $$$. Default credentials NA Adham sayed (doosec101) Bug Bounty2023-01-032023-06-13
623Vue JS Reflected XSS Reflected XSS Blind XSS CORS misconfiguration UI redressing NA sid0krypt (@Siddhar07949650) Bug Bounty2023-01-032023-06-13
622Fetch Diversion DOM XSS NA Nicolas Christin (@acut3hack) Bug Bounty2023-01-032023-06-13
621Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More Account takeover SSO RCE Authorization bypass SQL injection Mass assignment Information disclosure Kia Honda Infiniti Nissan Acura Mercedes-Benz Hyundai Genesis BMW Rolls Royce Ferrari Spireon Ford Reviver Porsche Toyota Jaguar Land Rover SiriusXM Sam Curry (@samwcyo) Bug Bounty2023-01-032023-06-13
619CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise Authentication bypass SSRF Rocket Software Tom Wedgbury Bug Bounty2023-01-042023-06-13
618Prototype Pollution in Python Prototype pollution DoS NA Abdulraheem Khaled (@Abdulrah33mK) Bug Bounty2023-01-042023-06-13
617Blind XSS in Email Field; 1000$ bounty Blind XSS NA Yaseen Zubair Bug Bounty2023-01-052023-06-13
616PandoraFMS - Pre-Auth Remote Code Execution RCE Path traversal Arbitrary file upload LFI Security code review PandoraFMS esj4y (@esj4y) Bug Bounty2023-01-062023-06-13
614Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability CORS misconfiguration Google Borna Nematzadeh (@LogicalHunter) Bug Bounty2023-01-062023-06-13
613Advanced CSRF Exploitation CSRF Stored XSS NA Sandro Einfeldt Bug Bounty2023-01-072023-06-13
612The Bug That Kept On Giving :: PaymentBypass :: QR CODE Payment bypass NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2023-01-072023-06-13
611The SSRF that Brought down a Server SSRF DoS NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2023-01-072023-06-13
610Bug hunting: Open access to S3 bucket AWS misconfiguration NA Raghul Raj Bug Bounty2023-01-092023-06-13
609Uploading the Webshell using filename of Content-Disposition Header Story! Unrestricted file upload Arbitrary file write NA Yashar Mohagheghi Bug Bounty2023-01-092023-06-13
606Hacking Hackers for fun and profit Self-XSS Blind XSS NA Valeriy Shevchenko (@Krevetk0Valeriy) Bug Bounty2023-01-092023-06-13
605Full Team Takeover Broken Access Control Logic flaw NA Tuhin Bose (@tuhin1729_) Bug Bounty2023-01-092023-06-13
604“2022: A Year of Fascinating Discoveries” CSRF SSRF Blind XSS Password reset Hyperlink injection IDOR Weak credentials AWS misconfiguration NA dhakal_bibek (@dhakal__bibek) Bug Bounty2023-01-092023-06-13
603Practical Example Of Client Side Path Manipulation Client-side Path Traversal NA Antoine Roly (@aroly) Bug Bounty2023-01-092023-06-13
602Full Team Takeover Account takeover Broken Access Control NA Tuhin Bose (@tuhin1729_) Bug Bounty2023-01-092023-06-13
601How I Earned $1000 From Business Logic Vulnerability (account takeover) Logic flaw Account takeover NA andika Bug Bounty2023-01-102023-06-13
598Client-Side SSRF to Google Cloud Project Takeover [Google VRP] SSRF CSRF Open redirect Google Dohyun Lee Bug Bounty2023-01-122023-06-13
593Exploiting Application Logic to Phish Internal Mailing Lists Phishing NA Tanner Emek (@itscachemoney) Bug Bounty2023-01-132023-06-13
592How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415) RCE Browser hacking Mozilla (Firefox) Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2023-01-142023-06-13
591YAFPC — Unauthenticated Remote Code Execution Authentication bypass Hardcoded credentials RCE NA Luke Paris Bug Bounty2023-01-142023-06-13