Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
206Java Exploitation Restrictions in Modern JDK Times Insecure deserialization NA Florian Hauser (@frycos) Bug Bounty2023-04-112023-06-13
204How ChatGPT helped me find a bug XSS File upload NA Abhishekgk Bug Bounty2023-04-112023-06-13
203SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897) Memory leak SecurePoint Julien Ahrens (@MrTuxracer) Bug Bounty2023-04-122023-06-13
202CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd Local Privilege Escalation shadow-utils Tom Neaves Bug Bounty2023-04-122023-06-13
201Rooting A Common-criteria Certified Printer To Improve Opsec Printer hacking Canon RedTeam Pentesting (@RedTeamPT) Bug Bounty2023-04-122023-06-13
199How I got RCE in + 10 websites… RCE Security misconfiguration NA m4cddr (@m4cddr) Bug Bounty2023-04-132023-06-13
197User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264) OAuth OpenID Connect Privilege escalation Authentication flaw Keycloack Jordi Zayuelas i Muñoz Bug Bounty2023-04-142023-06-13
196From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR Debug mode enabled IDOR Information disclosure JWT Broken Access Control Exposed registration page NA Aayush Vishnoi (@AayushVishnoi10) Bug Bounty2023-04-142023-06-13
194From payload to 300$ bounty: A story of CRLF injection and responsible disclosure on HackerOne CRLF injection NA Karthikeyan.V (@karthithehacker) Bug Bounty2023-04-162023-06-13
192(CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension SSTI RCE Security code review Shopware Ngo Wei Lin (@Creastery) Bug Bounty2023-04-172023-06-13
191A Big company Admin Panel takeover $4500 Authentication bypass 40x bypass Account takeover NA nanwn Bug Bounty2023-04-172023-06-13
187Break the Logic: Playing with product ratings on a shopping site(600$) Logic flaw Parameter tampering NA Fırat Bug Bounty2023-04-182023-06-13
184My First Case of SSRF Using Dirsearch SSRF NA Mba-oji Chiagoziem (@g0ziem) Bug Bounty2023-04-182023-06-13
182#BrokenSesame: Accidental write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services Cloud RCE Container escape Kubernetes Privilege escalation Lateral movement Supply chain attack Cross-tenant vulnerability Alibaba Ronen Shustin (@ronenshh) Bug Bounty2023-04-192023-06-13
178Vulnerability Spotlight: CVE-2023-0264 OpenID Connect OAuth Authentication flaw Privilege escalation Security code review Keycloack Timo Müller (@mtimo44) Bug Bounty2023-04-192023-06-13
177How I hacked hackers in Voorivex Hunt Event Cloudflare bypass WAF bypass Account takeover NA snoopy (@snoopy101101) Bug Bounty2023-04-192023-06-13
176CVE-2022-29844: A Classic Buffer Overflow On The Western Digital My Cloud Pro Series PR4100 Buffer Overflow Memory corruption RCE Western Digital Luca Moro (@johncool__) Bug Bounty2023-04-202023-06-13
175Uncovering a Critical Vulnerability: My Journey of Discovering CVE-2021–31589, a Reflected XSS in LinkedIn Components with known vulnerabilities Reflected XSS LinkedIn Karthikeyan.V (@karthithehacker) Bug Bounty2023-04-202023-06-13
174Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 Bounty Components with known vulnerabilities XSS NA Karthikeyan.V (@karthithehacker) Bug Bounty2023-04-202023-06-13
173The Fuzzing Guide to the Galaxy: An Attempt with Android System Services Android Fuzzing Heap overflow Integer overflow Out-of-bounds Write Memory corruption Local Privilege Escalation Samsung Anthony Remy Bug Bounty2023-04-202023-06-13
170Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 Bounty Components with known vulnerabilities XSS NA Karthikeyan.V (@karthithehacker) Bug Bounty2023-04-202023-06-13
169CVE-2023-23525: Get Root via A Fake Installer Local Privilege Escalation Apple (macOS) Mickey Jin (@patch1t) Bug Bounty2023-04-202023-06-13
168XS-Leak: Deanonymize Microsoft Skype Users by any 3rd-party websites XSLeaks Microsoft (Skype) Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2023-04-212023-06-13
167From BitLocker-Suspended to Virtual Machine Internal pentest NA Reino Mostert Bug Bounty2023-04-212023-06-13
166Exploits Explained: Permission misconfiguration within Salesforce JavaScript Remoting tokens used for Apex Controllers Salesforce Security misconfiguration Broken Access Control NA Mahmoud Gamal (@Zombiehelp54) Bug Bounty2023-04-212023-06-13