Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
284Easy $$$ via API params manipulation leading to bypassing the email verification block Mass assignment Email verification bypass NA Fares Walid (@SirBagoza) Bug Bounty2023-03-182023-06-13
281JMX Exploitation Revisited RCE JMX NA Markus Wulftange (@mwulftange) Bug Bounty2023-03-202023-06-13
277How I got access to Essilor International company customer PII INFO by AWS metadata access through SSRF SSRF NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2023-03-212023-06-13
276Windows Installer EOP (CVE-2023-21800) Local Privilege Escalation Microsoft (Windows) Adrian Denkiewicz Bug Bounty2023-03-212023-06-13
275PHP Filter Chains: File Read From Error-based Oracle Arbitrary file read LFI PHP filter chain NA Rémi Matasse (@_remsio_) Bug Bounty2023-03-212023-06-13
274Improper Privilege Management in Grails Spring Security Core <= 5.1.0 (CVE-2022-41923) Privilege escalation Authorization bypass Grails Benjamin Sepe (@Butanal_C4H8O) Bug Bounty2023-03-212023-06-13
273Expression DoS Vulnerability Found In Spring - CVE-2023-20861 DoS Spring Dan Glendowne Bug Bounty2023-03-222023-06-13
272Story of a Beautiful Account Takeover. Account takeover OTP bypass NA Ambush Neupane (@N_ambush) Bug Bounty2023-03-232023-06-13
271Finding Initial Access on a real life Penetration Test Old components with known vulnerabilities Internal pentest RCE NA Warren Butterworth (@w88ugs) Bug Bounty2023-03-232023-06-13
269Exploiting prototype pollution in Node without the filesystem Server-side prototype pollution RCE NA Gareth Heyes (@garethheyes) Bug Bounty2023-03-232023-06-13
268Joomla! CVE-2023-23752 to Code Execution Broken Access Control RCE Joomla! Jacob Baines (@Junior_Baines) Bug Bounty2023-03-232023-06-13
266CVE-2023–1410 : Stored XSS in the Graphite Function Description tooltip Stored XSS Grafana Labs Aswin K V (@deep_marketer_) Bug Bounty2023-03-252023-06-13
265How I escalated default credentials to Remote Code Execution Default credentials RCE NA Pawan Chhabria (@heybenchmarkkk) Bug Bounty2023-03-262023-06-13
261Dynamic Linking Injection and LOLBAS Fun DLL Hijacking Dynamic-linking injection Local Privilege Escalation NA Joseph Henry Bug Bounty2023-03-282023-06-13
258A short tell of LFI from PDF link → Professor the Hunter LFI NA Professor the Hunter (@bughuntar) Bug Bounty2023-03-292023-06-13
256I’d TAP That Pass Azure AD Cloud OAuth NA Daniel Heinsen (@hotnops) Bug Bounty2023-03-292023-06-13
255BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained Account takeover Azure AD Cloud XSS Privilege escalation Microsoft (Bing) Hillai Ben-Sasson (@hillai) Bug Bounty2023-03-292023-06-13
253Hacking Admin Panel & Getting free subscription Exposed registration API Privilege escalation Account takeover NA Zeeshan Mustafa (@by6153) Bug Bounty2023-03-292023-06-13
252CVE-2022-37734: graphql-java Denial-of-Service GraphQL DoS Security code review graphql-java Artem Logutov Bug Bounty2023-03-302023-06-13
251Riding the Azure Service Bus (Relay) into Power Platform RCE Cross-tenant vulnerability Cloud Insecure deserialization Microsoft (Azure) Nick Landers (@monoxgas) Bug Bounty2023-03-302023-06-13
250Found SSRF and LFI in Just 10 minutes of using burp! SSRF LFI NA Khaled Mohamed (@0xElkomy) Bug Bounty2023-03-302023-06-13
248Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) RCE XSS Cloud Microsoft (Azure) Lidor Ben Shitrit Bug Bounty2023-03-302023-06-13
246Exploiting Hibernate Injection in "Order by" Clause (Oracle database) HQL injection NA Mannu Linux (@IndiShell1046) Bug Bounty2023-03-302023-06-13
245From an Innocent api-key to PII data Information disclosure Hardcoded API keys NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2023-03-302023-06-13
244Exposed Docker Registries Server as Critical Reminder on Container Security Docker Registry NA Emad Shawky Bug Bounty2023-03-312023-06-13