Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
546Unleashing the power of CSS injection: The access key to an internal API CSS injection NA Sander Wind (@SanderWind) Bug Bounty2023-01-242023-06-13
545Easy 2000$ Race Condition Race condition NA Deshine Bug Bounty2023-01-252023-06-13
541OpenEMR - Remote Code Execution in your Healthcare System RCE XSS LFI Arbitrary file read Security code review OpenEMR Dennis Brinkrolf (@DBrinkrolf) Bug Bounty2023-01-262023-06-13
539How I Found My First Bug in Android App Android Authentication bypass Insecure intent NA Barath Stalin Bug Bounty2023-01-262023-06-13
536PHP Development Server <= 7.4.21 - Remote Source Disclosure Source code disclosure Information disclosure Security code review PHP Rahul Maini (@iamnoooob) Bug Bounty2023-01-282023-06-13
535CVE-2022-44789 Memory corruption Use-After-Free RCE Security code review Artifex MuJS Alvin Ng (@alngpwn) Bug Bounty2023-01-282023-06-13
534Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608 Memory corruption Use-After-Free RCE Adobe Ashfaq Ansari (@HackSysTeam) Bug Bounty2023-01-282023-06-13
533Bypassing account lockout through password reset functionality Rate limiting bypass NA Akash c Bug Bounty2023-01-282023-06-13
532Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315) RCE Arbitrary file write SSTI Security code review Froxlor Askar (@mohammadaskar2) Bug Bounty2023-01-292023-06-13
528Blind XSS To SSRF Blind XSS SSRF NA Akash c Bug Bounty2023-01-292023-06-13
527How I was able to find 4 Cross-site scripting (XSS) on vulnerability disclosure program ? XSS NA DrakenKun Bug Bounty2023-01-292023-06-13
526The 100+ Million Person Data Disclosure IDOR NA Jason Haddix (@Jhaddix) Bug Bounty2023-01-292023-06-13
525Discovered a Critical IDOR and Earned $900 for My First P1 Vulnerability! IDOR NA Abhisek R (@abh1sek_r) Bug Bounty2023-01-292023-06-13
523How i hacked all Zendesk sites 265,000 site by one line Web cache poisoning Zendesk Ahmed Salah Abdalhfaz (@Elsfa7-110) Bug Bounty2023-01-302023-06-13
522How I bypassed the registration validation and logged-in with the company email Email verification bypass NA Khaledyassen Bug Bounty2023-01-302023-06-13
520Can%27t Wait to Shut You Down — Remote DoS Using Wininit.exe DoS MS-RPC Windows Microsoft Stiv Kupchik (@kupsul) Bug Bounty2023-01-312023-06-13
518Reversing UK mobile rail tickets Reverse engineering Android NA Zeeshan Mustafa (@by6153) Bug Bounty2023-01-312023-06-13
517Mass Account takeover by bypassing 2 FA MFA bypass IDOR Account takeover NA Zeeshan Mustafa (@by6153) Bug Bounty2023-01-312023-06-13
516Broken Function Level Authorization leads to disclosing PII Information of all company users Broken Function Level Authorization Information disclosure NA Mirza Muhammad Fauzan Bug Bounty2023-01-312023-06-13
515CVE-2023-22374: F5 BIG-IP Format String Vulnerability Format string vulnerability Memory corruption F5 Ron Bowes (@iagox86) Bug Bounty2023-02-012023-06-13
513An IDOR vulnerability often hides many others IDOR GraphQL NA Allam Rachid (@blank_cold) Bug Bounty2023-02-012023-06-13
512ImageMagick: The hidden vulnerability behind your online images Application-level DoS Arbitrary file read Security code review ImageMagick Bryan Gonzalez Bug Bounty2023-02-012023-06-13
510Vulnerability Causing Deletion of All Users in CrushFTP Admin Area Application-level DoS CrushFTP Jean Calvin Mugabo Bug Bounty2023-02-022023-06-13
509Exploits Explained: Java JMX’s Exploitation Problems and Resolutions RCE NA Nicolas Krassas (@Dinosn) Bug Bounty2023-02-022023-06-13
508Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails RCE Security code review Missing authentication Insecure deserialization IBM Maxwell Garrett (@TheGrandPew) Bug Bounty2023-02-022023-06-13