Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
469Disabling js for the win Unrestricted file upload RCE NA Vuk Ivanovic Bug Bounty2023-02-102023-06-13
467We Hacked GitHub for a Month: Here’s What We Found Pre-account takeover Broken Access Control Email verification bypass Logic flaw GitHub Shivam Kumar Singh (@MrRajputHacker) Bug Bounty2023-02-112023-06-13
466A tale of a full Business Takeover — Red Team Diaries MITM Credential stuffing Password spraying NA Dhanesh Dodia - HeyDanny (@Dhanesh_Dodia) Bug Bounty2023-02-112023-06-13
464IDOR Leads to MASS Account Takeover IDOR Account takeover NA Yaseen Zubair Bug Bounty2023-02-122023-06-13
463XXE with Auto-Update in install4j XXE Security code review Prosys OPC Florian Hauser (@frycos) Bug Bounty2023-02-122023-06-13
462SSRF That Allowed Us to Access Whole Infra Web Services and Many More SSRF NA Basavaraj Banakar (@basu_banakar) Bug Bounty2023-02-122023-06-13
461Zip bomb attack Zip bomb DoS Unrestricted file upload NA Ramkumar Nadar Bug Bounty2023-02-122023-06-13
460CVE-2022-22655 - TCC - Location Services Bypass MacoS TCC bypass Apple (macOS) Csaba Fitzl (@theevilbit) Bug Bounty2023-02-132023-06-13
459Exploiting A Remote Heap Overflow With A Custom TCP Stack Memory corruption RCE Western Digital Etienne Helluy-Lafont Bug Bounty2023-02-132023-06-13
458Hacking our way into internal DBs with hardcoded authentication keys JWT SSO Authentication bypass Security misconfiguration NA Ophion Security (@OphionSecurity) Bug Bounty2023-02-132023-06-13
457Bypassing SameSite=lax cookie restrictions to preform CSRF resulting to a horizontal privilege escalation via poor email verification mechanism CSRF NA Imad Husanovic (@deadoverflow_) Bug Bounty2023-02-132023-06-13
456Blind Time-based SQL injection vulnerability in an Indian government website SQL injection NCIIPC Kartikhunt3r Bug Bounty2023-02-132023-06-13
455Bypassing CORS configurations to produce an Account Takeover for Fun and Profit CORS misconfiguration Account takeover NA Josh Fam (@Pullerze) Bug Bounty2023-02-132023-06-13
454SQL Injection: Utilizing XML Functions in Oracle and PostgreSQL to bypass WAFs SQL injection WAF bypass NA Mahmoud Gamal (@Zombiehelp54) Bug Bounty2023-02-132023-06-13
451Securing Open-Source Solutions: A Study of osTicket Vulnerabilities Stored XSS Reflected XSS SQL injection Session fixation osTicket Miguel Correia Bug Bounty2023-02-142023-06-13
449Assumed Breach Assessment Case Study: Uncovering WeSecureApp’s Approach Internal pentest Missing authentication Hardcoded credentials Cloud NA WeSecureApp (@wesecureapp) Bug Bounty2023-02-142023-06-13
447XSS on The MOST Popular Movie Ticket website. XSS NA Tarang Parmar Bug Bounty2023-02-152023-06-13
446Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day). RCE Microsoft (Windows) j00sean (@j00sean) Bug Bounty2023-02-152023-06-13
443Detecting Server-Side Prototype Pollution Server-side prototype pollution NA Daniel Thatcher (@_danielthatcher) Bug Bounty2023-02-152023-06-13
442Server side prototype pollution, how to detect and exploit Server-side prototype pollution RCE NA BitK (@BitK_) Bug Bounty2023-02-152023-06-13
441Server-side prototype pollution: Black-box detection without the DoS Server-side prototype pollution RCE NA Gareth Heyes (@garethheyes) Bug Bounty2023-02-152023-06-13
440EoP via Arbitrary File Write/Overwite in Group Policy Client “gpsvc” – CVE-2022-37955 Local Privilege Escalation Microsoft (Windows) ap (@decoder_it) Bug Bounty2023-02-162023-06-13
438The Inside Story of Finding a Reverse Transaction Vulnerability in a Financial Application Logic flaw Payment tampering NA Raja Uzair Abdullah (@UzaiRaja) Bug Bounty2023-02-162023-06-13
436Readline crime: exploiting a SUID logic bug Local Privilege Escalation Arch Linux util-linux roddux Bug Bounty2023-02-162023-06-13
434Found an URL in the android application source code which lead to an IDOR Android Information disclosure IDOR NA Vengeance Bug Bounty2023-02-182023-06-13