Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2386How I found a bug in Apple within just in 5min. XSS Apple Akash basnet (@noneofyou007) Bug Bounty2021-07-252023-06-13
2385Easy Bounty With Exposed Buckets & Blobs Cloud storage misconfiguration NA mr.d0x (@mrd0x) Bug Bounty2021-07-262023-06-13
2384Bug Chain leads to Mass Account Takeover! Information disclosure Password reset Account takeover NA Shubhayu Majumdar (@shubhayu64) Bug Bounty2021-07-262023-06-13
2383Mattermost Server v5.32 > v5.36 Reflected XSS in OAuth flow Reflected XSS OAuth Mattermost zi0Black (@zi0Black) Bug Bounty2021-07-262023-06-13
2382Apple Hall Of Fame for a Small Misconfiguration || Unauth Cache Purging Unauthenticated cache purge Apple Prajit Sindhkar (@PrajitSindhkar) Bug Bounty2021-07-262023-06-13
2381XXE Case Studies XXE NA cinzinga (@cinzinga_) Bug Bounty2021-07-262023-06-13
2380You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures Password reset Host header injection CSRF Account takeover NA Tommaso Innocenti (@innotommy) Bug Bounty2021-07-262023-06-13
2379Telegram Report: SSRF leads to DOS attack [Reports that didn%27t make it] SSRF DoS Telegram Philippe Delteil (@PhilippeDelteil) Bug Bounty2021-07-272023-06-13
2378Abusing JSON Web Token to steal accounts — 3000$ IDOR NA Filipe Azevedo (@filipaze_) Bug Bounty2021-07-272023-06-13
2377XSS-Special-Cases: XSS That Works only in mobile Devices XSS NA 0xdln (@0xdln) Bug Bounty2021-07-272023-06-13
2376Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth RCE PHP Object Injection Moodle Johannes Moritz Bug Bounty2021-07-272023-06-13
2375Information Disclosure to Account Takeover Information disclosure OAuth Account takeover Authentication bypass NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-07-282023-06-13
2374How I earned $$$$ by Amazon S3 Bucket misconfigurations? AWS misconfiguration Subdomain takeover NA Abdullah Mohamed (@3bodymo_) Bug Bounty2021-07-292023-06-13
2373Chaining Open Redirect with XSS to Account Takeover Open redirect XSS Account takeover NA Radian ID Bug Bounty2021-07-292023-06-13
2372How I could have hacked your medium account by phishing your FB, Twitter & Google credentials. Open redirect OAuth Medium Renganathan (@IamRenganathan) Bug Bounty2021-07-292023-06-13
2371How I found my first IDOR in HackerOne IDOR NA N1GHTMAR3 (@n1ghtmar3_2421) Bug Bounty2021-07-292023-06-13
2370Gaining Access To GCP Of Google Stadia — 500$ Bounty Information disclosure Google Sebastien Kaul Bug Bounty2021-07-292023-06-13
2369Google Bug Bounty: $500 worth client-side DoS on Google Keep Application-level DoS Google Tommaso De Ponti (@heytdep) Bug Bounty2021-07-302023-06-13
2368Account takeover via stored xss Stored XSS NA vikram naidu (@ImVikram7msd) Bug Bounty2021-07-302023-06-13
2367XXE in Public Transport Ticketing Mobile APP XXE RCE NA Nikhil (niks) (@niksthehacker) Bug Bounty2021-07-302023-06-13
2366Facebook Vulnerability: Expose Group Member — $3000 IDOR Meta / Facebook Muhammad Sholikhin (@MuhammadLikhin) Bug Bounty2021-07-302023-06-13
2365How I bypassed website using Akamai waf XSS NA Yusif Cəfərov (@yusifceferov_) Bug Bounty2021-07-312023-06-13
2364How I escalate my Self-Stored XSS to Account Takeover with the help of IDOR Self-XSS IDOR Account takeover HackerEarth Jefferson Gonzales (@gonzxph) Bug Bounty2021-07-312023-06-13
2363From Hobby to Hacking Unrestricted file upload RCE Missing authentication NA Muhammad Syahrul Haniawan (@b0x_in) Bug Bounty2021-07-312023-06-13
2362Bug Bounty Stories #1: Tale of CSP bypass in an electron app! CSP bypass NA SecurityGOAT (@RuntimeSecurity) Bug Bounty2021-07-312023-06-13