Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2331Taking Over Employee Accounts by Managers with Zero Employee Interaction HTML injection NA Chaitanya Rajhans (@Chaitanya_024) Bug Bounty2021-08-122023-06-13
2330Blind SSRF in URL Validator Blind SSRF NA Yash Kandekar (@Neutron__) Bug Bounty2021-08-122023-06-13
2329How I found read/write access to the personal data of 3 million users of an E-commerce website? IDOR NA Prashant Singh / SecGeek_one0one Bug Bounty2021-08-132023-06-13
2328How we was able to takeover whole organization via Privilege Escalation Privilege escalation Authorization flaw NA Yasser Mohammed (@boomneroli) Bug Bounty2021-08-132023-06-13
2327Facebook Bug:Invite user to Like a Page even after they decline the Page Like Invite Logic flaw Meta / Facebook Circle Ninja (@circleninja) Bug Bounty2021-08-142023-06-13
2326Bypass Google Captcha+Parameter Pollution Leads to send email to any user on behalf of “Organization” with any desired content HTTP parameter pollution Captcha bypass NA viral bhatt (@viralbhatt100) Bug Bounty2021-08-142023-06-13
2325Finding multiple SSRF with aws metadata access on A BANK system SSRF NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-08-142023-06-13
2324Simple HTML Injection to $250 Account takeover Mass assignment NA Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2021-08-142023-06-13
23231st Bug Bounty WriteUp: Open Redirect To XSS on Login Page Open redirect XSS NA Nassim Chami (@nvccim) Bug Bounty2021-08-152023-06-13
2322Second Order Subdomain Takeovers – They DO Exist! Subdomain takeover Broken link hijacking Microsoft Alun Jones (@ftp_alun) Bug Bounty2021-08-152023-06-13
2321Why u should use burp to test Path Traversal Vulnerability and also get RXSS Path traversal XSS CSRF Account takeover NA Yasser Mohammed (@boomneroli) Bug Bounty2021-08-162023-06-13
2320A Bug%27s Life: CVE-2021-21225 Browser hacking Google Brendon Tiszka (@btiszka) Bug Bounty2021-08-162023-06-13
2319CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware /Brave-Browser/tor/data/tor.log Privacy issue Information disclosure Brave Software sickcodes (@sickcodes) Bug Bounty2021-08-162023-06-13
2318Two weeks of securing Samsung devices: Part 2 Arbitrary file write Arbitrary file read Vulnerable Android content provider Android Samsung Oversecured (@OversecuredInc) Bug Bounty2021-08-162023-06-13
2317Dangling DNS: Announcekit Subdomain takeover NA Mohamed Elbadry (@_melbadry9) Bug Bounty2021-08-162023-06-13
2316Confirming any new Email Address bug in Facebook (Part-4) Rate limiting bypass Meta / Facebook Lokesh Kumar (@lokeshdlk77) Bug Bounty2021-08-172023-06-13
2315How to Hack Apple ID XSS Account takeover Apple Zemnmez (@zemnmez) Bug Bounty2021-08-172023-06-13
2314A New Attack Surface on MS Exchange Part 1 - ProxyLogon! RCE Privilege escalation Microsoft Orange Tsai (@orange_8361) Bug Bounty2021-08-182023-06-13
2313Account Takeover via Access Token Leakage IDOR Information disclosure Account takeover NA Tuhin Bose (@tuhin1729_) Bug Bounty2021-08-192023-06-13
2312Disclose WhatsApp Number of Instagram Accounts Despite Setting Set to be Hidden Information disclosure Logic flaw Meta / Facebook Naveen (@NaveenHax) Bug Bounty2021-08-192023-06-13
2311How I got RCE In The World Largest Russian Company RCE Mail.ru Sicksec (@OriginalSicksec) Bug Bounty2021-08-202023-06-13
2310How I found my first Subdomain Takeover vulnerability Subdomain takeover CSRF NA Monish Basaniwal Bug Bounty2021-08-202023-06-13
2309Playing With s3 Leaks AWS misconfiguration NA Aswin Thambi Panikulangara (@r0074g3n7) Bug Bounty2021-08-212023-06-13
2308How I was able to get 1000$ bounty from a ds-store file? Information disclosure Debugging enabled NA Khaled Mohamed (@0xElkomy) Bug Bounty2021-08-212023-06-13
2307MonkeyType.com Stored Cross-Site Scripting Stored XSS Authentication bypass IDOR MonkeyType.com Tyle Butler (@tbutler0x90) Bug Bounty2021-08-222023-06-13