Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
589Critical Vulnerability through OSINT only Information disclosure NA Viktor Mares Bug Bounty2023-01-152023-06-13
588thisclosed_#2 - PostgreSQL Database Exfiltration through the abuse of PostgREST requests SQL injection NA Samuele Gugliotta (@indevi0us) Bug Bounty2023-01-162023-06-13
587Account Take Over Due To AWS Cognito Misconfiguration Amazon cognito misconfiguration Account takeover NA Deshine Bug Bounty2023-01-162023-06-13
586Full Account Take Over by very simple trick. Account takeover Broken Access Control NA XeRox01 (@xerox0x1) Bug Bounty2023-01-162023-06-13
585CVE-2022-21587 (Oracle E-Business Suite Unauthenticated RCE) RCE Unrestricted file upload Zip Slip attack Oracle @vudq16 Bug Bounty2023-01-162023-06-13
581DOM-Based XSS for fun and profit $$$! | Bug Bounty POC DOM XSS NA Haroon Hameed (@HaroonHameed40) Bug Bounty2023-01-172023-06-13
580How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services SSRF Cloud Microsoft (Azure) Lidor Ben Shitrit Bug Bounty2023-01-172023-06-13
578XML Security in Java XXE Billion laugh attack DoS NA Pieter De Cremer (@0xDC0DE) Bug Bounty2023-01-172023-06-13
577Security Audit of Git Memory corruption Out-of-bounds Write Out-of-bounds Read Git Markus Vervier (@marver) Bug Bounty2023-01-172023-06-13
576From Error_Log File(P4) To Company Account Takeover(P1) and Unauthorized Actions On API Information disclosure NA Muhanad Israiwi (@IsrewyMohand) Bug Bounty2023-01-172023-06-13
575Sudoedit bypass in Sudo <= 1.9.12p1 (CVE-2023-22809) Local Privilege Escalation Sudo Matthieu Barjole (@aevy__) Bug Bounty2023-01-182023-06-13
570API Misconfiguration - No Swag of SwaggerUI Security misconfiguration Privilege escalation NA Jerry Shah (@Jerry) Bug Bounty2023-01-192023-06-13
568The easiest way I used to bypass an admin panel HTTP request smuggling Account takeover NA Sirat Sami (@siratsami71) Bug Bounty2023-01-192023-06-13
567CVE-2022-47966 SAML ShowStopper SAML XSLT injection Zoho (ManageEngine) Khoa Dinh (@_l0gg) Bug Bounty2023-01-192023-06-13
566CVE-2022-35690: Unauthenticated RCE In Adobe ColdFusion RCE Adobe rgod Bug Bounty2023-01-192023-06-13
565AWS Cognito pitfalls: Default settings attackers love (and you should know about) Amazon cognito misconfiguration NA Lorenzo Vogelsang (@ptrac3) Bug Bounty2023-01-192023-06-13
563Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434) Android Insecure intent Insecure deeplink URL validation bypass Samsung Ken Gannon (@Yogehi) Bug Bounty2023-01-202023-06-13
562Bypassing E2E encryption leads to multiple high vulnerabilities. IDOR SSRF NA Asem Eleraky (@melotover) Bug Bounty2023-01-202023-06-13
561CSRF + Stored XSS Leading to Full Account Takeover Stored XSS CSRF Account takeover NA Fares Walid (@SirBagoza) Bug Bounty2023-01-202023-06-13
558Bypassing Cloudflare WAF: XSS via SQL Injection Reflected XSS SQL injection WAF bypass NA Uku Sõrmus Bug Bounty2023-01-212023-06-13
557How I found XSS on Admin Page without login! Reflected XSS NA Abdelrhman Allam (@sl4x0) Bug Bounty2023-01-222023-06-13
554CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage Thick client Insecure data storage Local Privilege Escalation Signal John Jackson (@johnjhacking) Bug Bounty2023-01-222023-06-13
553How i Hacked Scopely with “Sign in with Google” Account takeover CORS misconfiguration Client-side enforcement of server-side security OAuth Scopely Ph.Hitachi Bug Bounty2023-01-232023-06-13
551CVE from 2018 Strikes Again RCE Insecure deserialization Thick client NA Colin McQueen Bug Bounty2023-01-232023-06-13
547Jumping into SOCKS Lateral movement NA Jacques Coertze (@JCoertze) Bug Bounty2023-01-242023-06-13