Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2437Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) RCE Insecure deserialization NA Michael Stepankin (@artsploit) Bug Bounty2021-06-292023-06-13
2436Finding DOM Polyglot XSS in PayPal the Easy Way DOM XSS CSP bypass Paypal Gareth Heyes (@garethheyes) Bug Bounty2021-06-302023-06-13
2435Testing Cookies worth $500 Account takeover IDOR NA Sankalpa Acharya (@sankalpa_02) Bug Bounty2021-06-302023-06-13
2433View Other User Private Livestream Data IDOR Meta / Facebook Geva (@Geva_7) Bug Bounty2021-07-032023-06-13
2432Blind XSS in Apple School- Enrollment Data Disclosure Blind XSS Apple hackrzvijay (@hackrzvijay) Bug Bounty2021-07-052023-06-13
2431Solarwinds Serv-U 15.2.3 Share URL XSS (CVE-2021-32604) XSS SolarWinds Victor Kahan Bug Bounty2021-07-062023-06-13
2430Exploiting Auto-save Functionality To Steal Login Credentials HTML injection NA Saad Ahmed (@XSaadAhmedX) Bug Bounty2021-07-062023-06-13
2429Kaspersky Password Manager: All your passwords are belong to us Weak crypto Kaspersky Jean-Baptiste Bédrune Bug Bounty2021-07-062023-06-13
2428Let’s cancel the subscription (informative) Logic flaw Payment tampering NA Adnan Malik (@adnanmalikinfo) Bug Bounty2021-07-072023-06-13
2427CVE-2021-22555: Turning x00x00 into 10000$ Memory corruption Local Privilege Escalation Google Andy Nguyen (@theflow0) Bug Bounty2021-07-072023-06-13
2426IDOR on clientauthconfig.googleapis.com IDOR Google David Schütz (@xdavidhu) Bug Bounty2021-07-082023-06-13
2425Discovering Zero-Day Vulnerabilities in McAfee Products Local Privilege Escalation McAfee mr.d0x (@mrd0x) Bug Bounty2021-07-092023-06-13
2424Facebook Email/phone disclosure using Binary search Password reset Information disclosure Bruteforce Meta / Facebook Rikesh Baniya / NotRickyy (@rikeshbaniya) Bug Bounty2021-07-092023-06-13
2423Account Takeovers — Believe the Unbelievable Account takeover Session management issue Weak credentials Components with known vulnerabilities Password reset NA Nikhil (niks) (@niksthehacker) Bug Bounty2021-07-092023-06-13
2422Whose app are you downloading? Link hijacking Binance’s shortlinks through AppsFlyer Broken link hijacking Chess.com Sam Curry (@samwcyo) Bug Bounty2021-07-102023-06-13
2421Reflected XSS Through Insecure Dynamic Loading XSS NA Greg Gibson Bug Bounty2021-07-112023-06-13
2420Critical Bug Bounty Reports: Part 1 Account takeover Password reset RCE Information disclosure NA Greg Gibson Bug Bounty2021-07-112023-06-13
2419Pre-Denial Of Service (set-up 2FA on unverified account) Application-level DoS NA Vikash Maurya Bug Bounty2021-07-112023-06-13
2418Trick to bypass rate limit of password reset functionality Rate limiting bypass NA Abdulrahman-Kamel Bug Bounty2021-07-122023-06-13
2417Broken Access control bug : Bypassing 403’s by finding another endpoint that do the same thing. Broken Access Control 403 bypass NA tomorrowisnew (@tomorrowisnew_) Bug Bounty2021-07-122023-06-13
2416Apple Security Bounty: A personal experience Permission bypass iOS Apple Nicolas Brunner Bug Bounty2021-07-132023-06-13
2415Part 2: Dive into Zoom Applications CSRF Account takeover Information disclosure Session expiration issue Authorization flaw Logic flaw Zoom Rakesh Thodupunoori (@rakesh_3895) Bug Bounty2021-07-132023-06-13
2414Unencrypted HTTP Links to Google Scholar in Search MiTM Google David Schütz (@xdavidhu) Bug Bounty2021-07-132023-06-13
2413Forced Browsing to Access Admin Panel Forced browsing NA the_unluck_guy (@7he_unlucky_guy) Bug Bounty2021-07-132023-06-13
2412($380) XSS STORED in Bigo Bug Bounty Program XSS Bigo Aidil Arief Bug Bounty2021-07-142023-06-13