Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2255How @Mailru traeted my report on their program AWS misconfiguration Mail.ru Aý Oùb (@Yukusawa18) Bug Bounty2021-09-032023-06-13
2252Bypassed! and uploaded a sweet reverse shell Unrestricted file upload NA Ajay Sharma (@security_donut) Bug Bounty2021-09-052023-06-13
2251Business Logic Errors - Must Vote Logic flaw NA Jerry Shah (@Jerry) Bug Bounty2021-09-052023-06-13
2250Eye for an eye: Unusual single click JWT token takeover Open redirect JWT Account takeover JetBrains Yurii Sanin (@SaninYurii) Bug Bounty2021-09-052023-06-13
2249Anti-crawler Burp Suite RCE RCE Browser hacking PortSwigger Wfox Bug Bounty2021-09-062023-06-13
2248How I can take over any user’s account with their mobile number Account takeover OTP bypass Authentication bypass NA Sushmitha Katikitala Bug Bounty2021-09-062023-06-13
22472 CSRF 1 IDOR on Google Marketing Platform IDOR CSRF Google apapedulimu / Nosa Shandy (@LocalHost31337) Bug Bounty2021-09-062023-06-13
2246SSD Advisory – NETGEAR D7000 Authentication Bypass Authentication bypass Netgear - Bug Bounty2021-09-062023-06-13
2245Full structure takeover to many brands of company Directory listing Information disclosure NA Abdelrahman Khaled Bug Bounty2021-09-062023-06-13
2244SSRF in PDF export with PhantomJs SSRF XSS LFI NA أنس روبي (@xhzeem) Bug Bounty2021-09-072023-06-13
22435 Different Vulnerabilities in Google’s Threadit DOM XSS Clickjacking Privilege escalation Information disclosure Google Thomas Orlita (@ThomasOrlita) Bug Bounty2021-09-072023-06-13
2242Accessing Grofers Grafana Instance Using Shodan Weak credentials Grofers Lohith Gowda M (@lohigowda_in) Bug Bounty2021-09-082023-06-13
2241Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser Stored XSS Local File Read Opera Renwa (@RenwaX23) Bug Bounty2021-09-082023-06-13
2240Facebook email disclosure and account takeover Information disclosure Account takeover Meta / Facebook Rikesh Baniya / NotRickyy (@rikeshbaniya) Bug Bounty2021-09-082023-06-13
2239Account Takeover via XSS in e-signature feature worth 2500$ XSS Account takeover NA Gökhan Güzelkokar (@gkhck_) Bug Bounty2021-09-082023-06-13
2238Spook.js: Attacking Google Chrome%27s Strict Site Isolation via Speculative Execution and Type Confusion Browser hacking Side-channel attack Site Isolation bypass Google Ayush Agarwal Bug Bounty2021-09-082023-06-13
2237GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink Logic flaw Information disclosure GitHub Justin Steven (@justinsteven) Bug Bounty2021-09-082023-06-13
2236Change home directory and bypass TCC aka CVE-2020-27937 Privacy issue MacOS Apple Wojciech Reguła (@_r3ggi) Bug Bounty2021-09-092023-06-13
2235Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances Container takeover Container escape Privilege escalation Cloud Microsoft Unit 42 (@Unit42_Intel) Bug Bounty2021-09-092023-06-13
2234Mistuned Part 1: Client-side XSS to Calculator and More XSS Memory corruption iOS Apple CodeColorist (@codecolorist) Bug Bounty2021-09-102023-06-13
2233How I Was Able to delete any facebook story where am I mentioned or tagged Logic flaw Meta / Facebook Sank Dahal (@sank68034756) Bug Bounty2021-09-102023-06-13
2232Bypassing GCP Org Policy with Custom Metadata Authorization flaw Google Kat Traxler (@NightmareJS) Bug Bounty2021-09-102023-06-13
2231How I found my first AEM related bug. LFR NA Vedant Tekale (@_justYnot) Bug Bounty2021-09-112023-06-13
2229Exposing Millions of IRCTC Passengers%27 ticket details. IDOR IRCTC Renganathan (@IamRenganathan) Bug Bounty2021-09-122023-06-13
2227Escalating Azure Privileges with the Log Analytics Contributor Role Logic flaw Microsoft Karl Fosaaen (@kfosaaen) Bug Bounty2021-09-132023-06-13