Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2541Writeups: Facebook Whitehat program(2021): Instagram Live setting bug Logic flaw Meta / Facebook Takashi Suzuki Bug Bounty2021-05-202023-06-13
2540Third-Party Apps were still getting your private Facebook data even after their access expiry. Logic flaw Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2021-05-202023-06-13
2539XSS via postMessage in chat.mozilla.org XSS postMessage Mozilla Guilherme Keerok (@k33r0k) Bug Bounty2021-05-202023-06-13
253713 Nagios Vulnerabilities, #7 will SHOCK you! RCE Local Privilege Escalation XSS Security code review Nagios Samir Ghanem (@sam0x21r) Bug Bounty2021-05-202023-06-13
2536403 Forbidden Bypass 403 bypass Forced browsing NA th3.d1p4k (@DipakPanchal05) Bug Bounty2021-05-212023-06-13
2535How I turned 0000 into $600: Phone Verification Bypass OTP bypass NA Shrirang Diwakar Bug Bounty2021-05-212023-06-13
2534CSRF from which we can create a support ticket in Victim’s Account (500$) CSRF Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2021-05-212023-06-13
2533Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device (500$) Information disclosure Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2021-05-212023-06-13
2532Finding and Exploiting Unintended Functionality in Main Web App APIs IDOR Information disclosure Privilege escalation NA Bend Theory (@bendtheory) Bug Bounty2021-05-212023-06-13
2531CORS misconfig that worths USD200 CORS misconfiguration NA MikeChan Bug Bounty2021-05-232023-06-13
2530Disclose leads form details of any Facebook Business Account or Facebook Page (Bug Bounty) IDOR GraphQL Meta / Facebook Amine Aboud (@amineaboud) Bug Bounty2021-05-232023-06-13
2529Content Spoofing Vulnerability in Shibboleth Service Provider Content spoofing NA Toni Huttunen Bug Bounty2021-05-242023-06-13
2528Chaining XSS with authentication issues to turn it into full account takeover XSS Account takeover NA N1GHTMAR3 (@n1ghtmar3_2421) Bug Bounty2021-05-242023-06-13
2527Patch Gapping a Safari Type Confusion Memory corruption Apple Theori (@theori_io) Bug Bounty2021-05-252023-06-13
2526Stored XSS with two different parameters Reflected XSS NA Joel Cantu (@InfosecRintox) Bug Bounty2021-05-252023-06-13
2525GitLab Arbitrary File Read & Write through Kroki - CVE-2021-22203 Arbitrary file read NA Anh Duc Nguyen (@ledz1996) Bug Bounty2021-05-252023-06-13
2524Bypassing restricted port protection in WebKit Browser hacking Apple David Schütz (@xdavidhu) Bug Bounty2021-05-262023-06-13
2523How I hacked a Target again and again… OAuth Account takeover XSS Broken Access Control NA Aditya Verma (@0cirius0) Bug Bounty2021-05-272023-06-13
2522Hey WAF! Better Luck Next Time! 👽 SQL injection NA Akash Rox Starz Bug Bounty2021-05-282023-06-13
2521Github, The Goldmine for P1s and P2s - Sensitive Information Exposure via Github by a Company Employee Information disclosure NA Savir Suda (@savxiety) Bug Bounty2021-05-282023-06-13
2520CafeBazaar and Subdomain Takeover Subdomain takeover CafeBazaar Sina Kheirkhah (@SinSinology) Bug Bounty2021-05-292023-06-13
2519The beauty of chaining client-side bugs CRLF injection XSS CSP bypass DoS CSTI NA Master SEC (@MasterSEC_AR) Bug Bounty2021-05-292023-06-13
2518Account Takeover via iFrame Injection Iframe injection Account takeover NA xbforce (@xbforce) Bug Bounty2021-05-292023-06-13
2517Metadata service MITM allows root privilege escalation (EKS / GKE) Kubernetes Privilege escalation MiTM Google Etienne Champetier / champtar Bug Bounty2021-05-302023-06-13
2516runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465) Kubernetes Container escape Google Etienne Champetier / champtar Bug Bounty2021-05-302023-06-13