Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
430Exposing 185M+ Indians’ Personal Information and much more Broken Access Control IDOR Information disclosure Aadhaar CERT-In Robin Justin (@_robinjustin_) Bug Bounty2023-02-202023-06-13
429Bypassing SSO Authentication from the Login Without Password Feature Lead to Account Takeover Account takeover SSO OTP Authentication bypass NA Aidil Arief Bug Bounty2023-02-202023-06-13
428Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header WAF bypass CRLF injection XSS Akamai Adam Crosser Bug Bounty2023-02-212023-06-13
423What the Vuln: Zimbra Zip Slip attack Path traversal NA Carlos Yanez Bug Bounty2023-02-212023-06-13
421Multiple vulnerabilities in Dell Unisphere for PowerMax vApp, VASA Provider vApp and Solutions Enabler vApp CVE-2022-45103 / CVE-2022-45104 Parameter injection Arbitrary file read RCE Dell Antoine Carrincazeaux Bug Bounty2023-02-212023-06-13
420Exploiting an HTML injection with dangling markup HTML injection Dangling Markup Injection NA Yoan Montoya Bug Bounty2023-02-212023-06-13
419Taking over “Google Cloud Shell” by utilizing capabilities and Kubelet Container escape RCE Kubernetes NA Chen Shiri (@ChenShiri73) Bug Bounty2023-02-212023-06-13
416With a single request, you can kill any Gitea server Application-level DoS Gitea Khaled Nassar (@knassar702) Bug Bounty2023-02-222023-06-13
414Vulnerability write-up - "Dangerous assumptions" Prototype pollution SQL injection Security code review DIVD Thomas Rinsma (@thomasrinsma) Bug Bounty2023-02-222023-06-13
412Insufficient GraphQL API vulnerability due to lack of validation of Authorization Bearer token GraphQL IDOR NA Int (@intlulz) Bug Bounty2023-02-222023-06-13
410Decoding BlazorPack Websockets NA Rogan Dawes (@RoganDawes) Bug Bounty2023-02-222023-06-13
408Exploit Airlines that use T-Mobile for Free WiFi Wifi Payment bypass MAC address spoofing Missing authentication T-Mobile cylect.io (@cylect_io) Bug Bounty2023-02-232023-06-13
406How do I take over another user subdomain name worth $$$$ Subdomain takeover NA Parkerzanta (@parkerzanta) Bug Bounty2023-02-232023-06-13
405How I found DOM-Based XSS on Microsoft MSRC and How they fixed it DOM XSS Microsoft Supakiad S. (@Supakiad_Mee) Bug Bounty2023-02-232023-06-13
404How I Used JS files inspection and Fuzzing to do admins/supports stuff Broken Access Control NA Fares Walid (@SirBagoza) Bug Bounty2023-02-232023-06-13
403Escaping well-configured VSCode extensions (for profit) Electron Webview Path traversal Microsoft Vasco Franco Bug Bounty2023-02-232023-06-13
402Blind XSS fired on Admin panel worth $2000 Blind XSS NA Feri Susanto (@feribytex) Bug Bounty2023-02-242023-06-13
401Little bug, Big impact. 25k bounty Hardcoded API keys NA Nightbane (@Nightbanes) Bug Bounty2023-02-242023-06-13
400Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer Account takeover DOM XSS Microsoft (Azure) Ngo Wei Lin (@Creastery) Bug Bounty2023-02-242023-06-13
399Exploits Explained: Using APIs to Execute a Server-Side Request Forgery SSRF NA @cor3min3r Bug Bounty2023-02-242023-06-13
397Authenticated XXE vulnerability in IBM Tivoli Workload Scheduler CVE-2022-38389 XXE IBM Geoffrey Bertoli (@YofBalibump) Bug Bounty2023-02-242023-06-13
396From CVE-2022-33679 to Unauthenticated Kerberoasting Kerberos MiTM Local Privilege Escalation Downgrade attack Microsoft (Windows) Trampas Howe (@trampashowe) Bug Bounty2023-02-252023-06-13
395My P1 — Account Takeover Account takeover IDOR Password reset NA Kullai (@Kullai12) Bug Bounty2023-02-252023-06-13
394Give me a browser, I’ll give you a Shell Local Privilege Escalation Kiosk hacking NA Rend Bug Bounty2023-02-252023-06-13
393Unauthenticated GraphQL Introspection and API calls GraphQL Missing authentication NA Osama Avvan (@osamaavvan) Bug Bounty2023-02-262023-06-13