Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2226Hacking CloudKit - How I accidentally deleted your Apple Shortcuts Logic flaw Apple Frans Rosén (@fransrosen) Bug Bounty2021-09-132023-06-13
222510 golden minutes for taking over a Chess.com account Lack of rate limiting Bruteforce Session expiration issue Chess.com Seqrity (@seqrity9) Bug Bounty2021-09-142023-06-13
2224OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers Local Privilege Escalation RCE Microsoft Nir Ohfeld (@nirohfeld) Bug Bounty2021-09-142023-06-13
2223Microsoft Azure Portal – Persistent Cross-Site Scripting Stored XSS Microsoft Christian Becker (@0xchrisb) Bug Bounty2021-09-152023-06-13
2222How I hacked worldwide Tiktok users IDOR TikTok s3c (@s3c_krd) Bug Bounty2021-09-152023-06-13
2220A Facebook bug that exposes email/phone number to your friends Information disclosure Logic flaw Meta / Facebook Saugat Pokharel (@saugatpk5) Bug Bounty2021-09-152023-06-13
2219This is why you shouldn’t trust your Federated Identity Provider OAuth Account takeover Authentication bypass NA Soufiane Habti (@wld_basha) Bug Bounty2021-09-152023-06-13
2218How I was able to find 100+ XSS in United nations Bug Bounty Program XSS United Nations mrpentestguy (@MR_iambatman) Bug Bounty2021-09-162023-06-13
2217Weaponizing Reflected XSS to Account Takeover XSS Account takeover NA Hassan Shahid (@pwnsauc3) Bug Bounty2021-09-162023-06-13
2216A Small Tale of Account Takeover … IDOR Account takeover NA Saugat Pokharel (@saugatpk5) Bug Bounty2021-09-162023-06-13
2215How to have free Internet WIFI on United Airlines flights Payment tampering Logic flaw United Airlines Philippe Delteil (@PhilippeDelteil) Bug Bounty2021-09-172023-06-13
2214All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035) RCE Memory corruption Apache Eugene Lim (@spaceraccoonsec) Bug Bounty2021-09-172023-06-13
2213From Google Dorking to Information Disclosure Information disclosure Missing authentication NA MikeChan Bug Bounty2021-09-182023-06-13
2212From phpinfo page to many P1 bugs and RCE. [Symfony] File disclosure Information disclosure RCE NA Abdelrahman Khaled Bug Bounty2021-09-182023-06-13
2211A small change, and things go in your hand : Story of a $250 bounty Information disclosure NA Fardeen Ahmed (@fardeenahmed411) Bug Bounty2021-09-182023-06-13
2210Admin access !! Privilege escalation Broken Access Control NA th3.d1p4k (@DipakPanchal05) Bug Bounty2021-09-192023-06-13
2209Chaining bugs for better bounties SSRF XSS Information disclosure NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-09-192023-06-13
2208Unlimited report user in Instagram (Facebook) leads to abuse risk. Lack of rate limiting Meta / Facebook Mano Prasanth Bug Bounty2021-09-202023-06-13
22075 RCEs in npm for $15,000 RCE NA Robert Chen (@NotDeGhost) Bug Bounty2021-09-202023-06-13
2206Mama Always Told Me Not to Trust Strangers without Certificates MiTM RCE Netgear Adam (@AdamOfDc949) Bug Bounty2021-09-212023-06-13
2205RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through RCE Path traversal Citrix Systems Markus Wulftange (@mwulftange) Bug Bounty2021-09-212023-06-13
2204Cookie Stealing via Clickjacking using Burp collaborator Clickjacking NA Anurag__Verma Bug Bounty2021-09-222023-06-13
2203A fever Worth 750$- [Accessing Private Projects ] IDOR Information disclosure Mozilla Shakti Mohanty (@3ncryptSaan) Bug Bounty2021-09-222023-06-13
2202mXSS in support.mozilla.org XSS Mozilla Guilherme Keerok (@k33r0k) Bug Bounty2021-09-222023-06-13
2201Autodiscovering the Great Leak Domain name collision Microsoft Amit Serper (@0xAmit) Bug Bounty2021-09-222023-06-13