Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2936Replying Comments On Someone’s Livestream From Page Is Posted As Personal Identity Information disclosure Meta / Facebook Prakash Panta (@prakashpanta268) Bug Bounty2020-12-302023-06-13
2929Patch. Bypass. Repeat: Story of a FaceBook Page Admin Disclosure bug worth $5000 Information disclosure Meta / Facebook Shubham Bhamare (@theshubh77) Bug Bounty2021-01-042023-06-13
2916Information Disclosure through Signup Endpoint Information disclosure NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-01-082023-06-13
2910Unauthorized Access to OData Entities + $2K Bounty From Microsoft Authorization flaw Information disclosure Microsoft Borna Nematzadeh (@LogicalHunter) Bug Bounty2021-01-102023-06-13
2908UNEP Breached, 100K+ Employee Records Accessed Information disclosure United Nations Jackson Henry (@JacksonHHax) Bug Bounty2021-01-112023-06-13
2901GoCD Multiple Vulnerabilities RCE Information disclosure Insecure deserialization Security code review GoCD Denis Andzakovic Bug Bounty2021-01-122023-06-13
2898Tale of 2 TOOTB Bugs: Google and WhatsApp Information disclosure Logic flaw Google Meta / Facebook Circle Ninja (@circleninja) Bug Bounty2021-01-142023-06-13
2887ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792 Insecure deeplink Information disclosure Android Google Apple Ashley King (@AshleyKingUK) Bug Bounty2021-01-172023-06-13
2886Let’s know How I have explored the buried secrets in React Native application Information disclosure Hardcoded credentials NA secureITmania (@secureitmania) Bug Bounty2021-01-182023-06-13
2884The Embedded YouTube Player Told Me What You Were Watching (and more) Information disclosure Google David Schütz (@xdavidhu) Bug Bounty2021-01-182023-06-13
2881[Bug Bounty] 600$ Info Disclosure: obtain any user’s backup data Information disclosure IDOR NA Tommaso De Ponti Bug Bounty2021-01-192023-06-13
2877Staff Information Disclosure on Support Ticketing System ($x,xxx) Information disclosure NA Ph.Hitachi Bug Bounty2021-01-222023-06-13
2876Page Admin Disclosure When Replying Comments Information disclosure Meta / Facebook Prakash Panta (@prakashpanta268) Bug Bounty2021-01-222023-06-13
2851Android apk leaks access token to takeover the whole infrastructure Information disclosure Hardcoded credentials Android NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-01-302023-06-13
2847Disclose the FB profile of Facebook employees who create official announcement messages (Bug Bounty) Information disclosure Meta / Facebook Amine Aboud (@amineaboud) Bug Bounty2021-02-012023-06-13
28441st Facebook Bug Bounty | Disclose page’s admin to mod/admin of group Information disclosure Meta / Facebook nhiephon (@_nhiephon) Bug Bounty2021-02-022023-06-13
2835Page Admin Disclosed In Groups Due To Improper Session Handling In Facebook Web Information disclosure Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2021-02-042023-06-13
2818Hacking Chess.com and Accessing 50 Million Customer Records Reflected XSS Information disclosure Account takeover Chess.com Sam Curry (@samwcyo) Bug Bounty2021-02-112023-06-13
2810How I Hacked Everyone’s Resume/CV’s and Got €€€ IDOR Authorization flaw Information disclosure NA Vishal Bharad Bug Bounty2021-02-142023-06-13
2776Let’s know How I have explored the buried secrets in Xamarin application Hardcoded API keys Information disclosure NA secureITmania (@secureitmania) Bug Bounty2021-02-212023-06-13
2762Somebody Call The Plumber, GraphQL is Leaking Again… Information disclosure GraphQL NA N0ur5 Bug Bounty2021-02-272023-06-13
2757Somebody Call The Plumber, GraphQL is Leaking Again… Information disclosure GraphQL NA N0ur5 Bug Bounty2021-02-282023-06-13
2749Secret Key Exposure in API Config Directory Information disclosure NA Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2021-03-012023-06-13
2748Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure CORS misconfiguration Information disclosure NA Harsh Parekh (@notmarshmllow) Bug Bounty2021-03-012023-06-13
2737The easiest $2500 I got it from bug bounty program Information disclosure Uber Abdullah Mohamed (@3bodymo_) Bug Bounty2021-03-062023-06-13