Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
392How I got a $2000 bounty with RXSS Reflected XSS NA Hashir Sami Khan (@P4n7h3Rx) Bug Bounty2023-02-262023-06-13
391Account Takeover worth of $5 OAuth Account takeover NA Jefferson Gonzales (@gonzxph) Bug Bounty2023-02-262023-06-13
390The Tale of a Command Injection by Changing the Logo RCE OS command injection Unrestricted file upload Directory listing HTTP response manipulation NA 0xrz (@omidxrz) Bug Bounty2023-02-262023-06-13
389Using efficient tooling to hunt GraphQL security issues GraphQL NA Nishant Jain (@realArcherL) Bug Bounty2023-02-262023-06-13
387Interesting Stored XSS in sandboxed environment to Full Account Takeover Stored XSS Account takeover NA Anurag__Verma Bug Bounty2023-02-272023-06-13
386Grand Theft Auto - A peek of BLE relay attack Bluetooth BLE Car hacking NA @Kevin2600 Bug Bounty2023-02-272023-06-13
385$10.000 bounty for exposed .git to RCE .git folder disclosure RCE OS command injection NA Lev Shmelev Bug Bounty2023-02-272023-06-13
381My First Un-Expected $$$$ Digit Bounty for an Un-Expected Vulnerability Lack of rate limiting Bruteforce NA Shobhit Mehta Bug Bounty2023-02-282023-06-13
380[Tips & Tricks] Exfiltrating User%27s Data Through CSV Injection CSV injection NA RE:HACK (@rehackxyz) Bug Bounty2023-02-282023-06-13
378CVE-2022-38108: RCE In Solarwinds Network Performance Monitor Insecure deserialization RCE Security code review SolarWinds Piotr Bazydło (@chudyPB) Bug Bounty2023-02-282023-06-13
377Empowering weak primitives: file truncation to code execution with Git Argument injection RCE NA Thomas Chauchefoin (@swapgs) Bug Bounty2023-02-282023-06-13
376A New Vector For “Dirty” Arbitrary File Write to RCE Arbitrary file write RCE NA Maxence Schmitt (@maxenceschmitt) Bug Bounty2023-02-282023-06-13
375Broken links hijacking and CDN takeover Broken link hijacking Subdomain takeover NA Bartłomiej Bergier (@_bergee_) Bug Bounty2023-02-282023-06-13
374How I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability? Account takeover Authentication bypass NA Vivek Kumar Yadav (@0xd3vil) Bug Bounty2023-03-012023-06-13
373Exfiltrating AWS Credentials via PDF Rendering of Unsanitized Input SSRF HTML injection XSS NA Cristi Vlad (@CristiVlad25) Bug Bounty2023-03-012023-06-13
372Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability CRLF injection Hop-by-hop header XSS NA Simon Bräuer (@redshark1802) Bug Bounty2023-03-012023-06-13
371Gitpod remote code execution 0-day vulnerability via WebSockets RCE Websockets Cross-Site WebSocket Hijacking (CSWH) Cloud Samesite cookie bypass Account takeover Gitpod Elliot Ward Bug Bounty2023-03-012023-06-13
369Web Cache Deception Attack on a private bug bounty program Web cache deception NA snoopy (@snoopy101101) Bug Bounty2023-03-012023-06-13
368How a simple IDOR impacted the data of thousands of customers of an Indian automotive giant Account takeover Information disclosure IDOR NA Kushal Jain Bug Bounty2023-03-012023-06-13
367Mining Takeovers for Fun and Profit Subdomain takeover NA Artur Marzano (@MacmodSec) Bug Bounty2023-03-012023-06-13
366Traveling with OAuth - Account Takeover on Booking.com OAuth Account takeover Authentication bypass Open redirect Booking.com KAYAK Aviad Carmel (@AviadCarmel) Bug Bounty2023-03-022023-06-13
365Hacking the Nintendo DSi Browser Memory corruption Use-After-Free Browser hacking Nintendo Nathan Farlow (@0x1337cafe) Bug Bounty2023-03-022023-06-13
364Email Verification Bypass Worth $$$ Email verification bypass NA the_unluck_guy (@7he_unlucky_guy) Bug Bounty2023-03-032023-06-13
363The Story of My First Reflected XSS Reflected XSS NA Ahmed Kamal Abu_Elwafa (@AhmedKa01184061) Bug Bounty2023-03-032023-06-13
362How I Earned $$$ for Excessive Data Exposure Through Directory Traversal Leads to Product Price Manipulation Path traversal Information disclosure Payment bypass NA Mohamed Shibil Bug Bounty2023-03-032023-06-13