Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
243Unveiling the Secrets: My Journey of Hacking Google’s OSS CSRF Self-XSS Google 7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) Bug Bounty2023-03-312023-06-13
241Beware of Java%27s String.getBytes Hash collision Cryptographic issues Security code review Swiss E-Voting Ruben Santamarta (@reversemode) Bug Bounty2023-03-312023-06-13
240Finding RCE in NodeJS templating engine %27Eta%27 - CVE-2022-25967 RCE Server-side prototype pollution Security code review Eta Rayhan Ahmed Niloy (@Rayhan0x01) Bug Bounty2023-04-012023-06-13
239Bug Bounty: como encontrei o bug Unrestricted File Upload Unrestricted file upload NA Paulo Mota Bug Bounty2023-04-022023-06-13
236Two Minor Cross-Tenant Vulnerabilities in AWS App Runner Cross-tenant vulnerability Cloud AWS Nick Frichette (@frichette_n) Bug Bounty2023-04-032023-06-13
235Simple Bugs 0x01: Password Changing to Account Takeover! Account takeover CSRF NA Vitor Falcao (@egl_falcao) Bug Bounty2023-04-032023-06-13
234Blind XSS via SMS Support Chat — $1100 Bug Bounty! Blind XSS Chatbot NA Chevon Phillip (@ChevonPhillip) Bug Bounty2023-04-032023-06-13
233CyberGhostVPN - the story of finding MITM, RCE, LPE in the Linux client RCE MiTM Local Privilege Escalation CyberGhost mmmds Bug Bounty2023-04-032023-06-13
232Holiday Hunting With Aquatone SSRF Missing authentication Information disclosure NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2023-04-032023-06-13
231Pentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server RCE SSTI Authorization bypass Groovy scripting Hitachi Vantara (Pentaho) Harry Withington Bug Bounty2023-04-042023-06-13
226Discovering Headroll (CVE-2023–0704) in Chromium SOP bypass Browser hacking Google (Chromium) Rhys Elsmore (@rhyselsmore) Bug Bounty2023-04-052023-06-13
225Exploiting insecure exception logging Blind XSS NA Bogdan Calin Bug Bounty2023-04-052023-06-13
224Bash Privileged-mode Vulnerabilities In Parallels Desktop And CDPATH Handling In MacOS MacoS Local Privilege Escalation Parallels Reno Robert (@renorobertr) Bug Bounty2023-04-062023-06-13
223Simple Bugs 0x02: Overwritting Uploaded Files Normalization NA Vitor Falcao (@egl_falcao) Bug Bounty2023-04-062023-06-13
219SharePoint Webpart Property Traversal Vulnerability Analysis (CVE-2022–38053, CVE-2023–21742, CVE-2023–21717) Property traversal Microsoft (Sharepoint) Nguyễn Tiến Giang (@testanull) Bug Bounty2023-04-062023-06-13
218Stored Cross-Site Scripting (XSS) in Zimbra version 8.8.15_GA_4059 CVE-2022-41348 Stored XSS Zimbra Guillaume Jacques Bug Bounty2023-04-072023-06-13
217SQL Wildcard DoS - Hang Till Death DoS File upload NA Jerry Shah (@Jerry) Bug Bounty2023-04-082023-06-13
216Steal authentication token with one-click on misconfigured WebView. Android Webview Account takeover NA Kerolos A. Saber (@0xWise) Bug Bounty2023-04-082023-06-13
215How I was able to change password of any corporate user Account takeover Password reset Authentication bypass NA CH3TAN Bug Bounty2023-04-092023-06-13
214A successful prototype pollution chained to a DOM XSS Prototype pollution DOM XSS NA Allam Rachid (@blank_cold) Bug Bounty2023-04-102023-06-13
213Account Take Over (Via an API) Account takeover Information disclosure Broken Access Control Cryptographic issues NA Thabiso Mokoena Bug Bounty2023-04-102023-06-13
212Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories Repojacking Supply chain attack NA Joren Vrancken Bug Bounty2023-04-102023-06-13
211CVE-2023-1767 - Stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score Stored XSS Markdown XSS Supply chain attack Snyk Gal Weizman (@WeizmanGal) Bug Bounty2023-04-102023-06-13
209Shell in the Ghost: Ghostscript CVE-2023-28879 writeup Buffer Overflow Memory corruption RCE Ghostscript sigabrt9 (@sigabrt9) Bug Bounty2023-04-112023-06-13
207SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620) Authentication bypass SecurePoint Julien Ahrens (@MrTuxracer) Bug Bounty2023-04-112023-06-13