Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5019Rolling around and Bypassing Facebook’s Linkshim protection on iOS Open redirect Meta / Facebook Seif Elsallamy (@seifelsallamy) Bug Bounty2017-07-262023-06-13
5018Disabling New Emails From Facebook Without Email Owner Interaction Logic flaw Authorization flaw Meta / Facebook Zahid Ali Bug Bounty2017-07-262023-06-13
5017How we invented the Tesla DOM DOOM XSS DOM XSS Tesla Detectify Labs Bug Bounty2017-07-272023-06-13
5016Cracking the lens: targeting HTTP%27s hidden attack-surface Reflected XSS SSRF Yahoo! / Verizon Media BT New Relic James Kettle (@albinowax) Bug Bounty2017-07-272023-06-13
5015How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! SSRF RCE CRLF injection Insecure deserialization GitHub Orange Tsai (@orange_8361) Bug Bounty2017-07-282023-06-13
5014Referer Based XSS XSS NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-07-302023-06-13
5013How i found massive information disclosure of 1500 famous people Information disclosure NA Valeriy Shevchenko (@Krevetk0Valeriy) Bug Bounty2017-07-312023-06-13
5012Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram! Logic flaw Meta / Facebook Ali Kabeel Bug Bounty2017-07-312023-06-13
5011XSS Because of wrong Content-type Header XSS Internshala Noman Shaikh (@nomanali181) Bug Bounty2017-08-042023-06-13
5010How to confirm a Google user’s specific email address (Bug Bounty Submission) Logic flaw Google Tom Anthony (@TomAnthonySEO) Bug Bounty2017-08-092023-06-13
5009$10k host header Authorization flaw Google Ezequiel Pereira (@epereiralopez) Bug Bounty2017-08-102023-06-13
5008Getting access to 25k employees details Exposed registration page NA Sahil Ahamad (@ehsahil) Bug Bounty2017-08-112023-06-13
5007Insecure Direct Object Reference In Facebook Events IDOR Meta / Facebook Armaan Pathan (@armaancrockroax) Bug Bounty2017-08-112023-06-13
5006Chain the vulnerabilities and take your report impact on the moon (CSRF to HTML INJECTION which results OPEN REDIRECT and could steal USER CREDENTIALS) CSRF HTML injection Legal Robot Armaan Pathan (@armaancrockroax) Bug Bounty2017-08-122023-06-13
5005Reflected XSS on www.yahoo.com Reflected XSS Yahoo! / Verizon Media Samuel (@saamux) Bug Bounty2017-08-122023-06-13
5004Accidentally typo to bypass administration access Authentication bypass NA yappare (@yappare) Bug Bounty2017-08-132023-06-13
5003Password Not Provided - Compromising Any Flurry User%27s Account [Yahoo Bug Bounty] Authentication flaw Account takeover Yahoo! / Verizon Media Jack Cable (@jackhcable) Bug Bounty2017-08-152023-06-13
5002Secure Your Jenkins Instance Or Hackers Will Force You To! (Snapchat’s $5,000 Vulnerability) RCE LFI Exposed Jenkins instance Snapchat Ben Sadeghipour (@nahamsec) Bug Bounty2017-08-222023-06-13
5000Pre-domain wildcard CORS Exploitation CORS misconfiguration NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-08-262023-06-13
4999Upgrade from LFI to RCE via PHP Sessions LFI RCE NA Julien Ahrens (@MrTuxracer) Bug Bounty2017-08-282023-06-13
4998Bypassing Rate Limit Protection by spoofing originating IP Bruteforce NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-08-302023-06-13
4997Improper Storage of Private Project’s Files IDOR NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-08-302023-06-13
4996Developer Luminate IDOR IDOR Yahoo! / Verizon Media Rojan Rijal (@uraniumhacker) Bug Bounty2017-08-302023-06-13
4995Luminate Store Basics defacement and potential takeover CSRF Session management issue Yahoo! / Verizon Media Rojan Rijal (@uraniumhacker) Bug Bounty2017-08-302023-06-13
4994Uber XSS via Cookie XSS Uber Chaobin Zhang Bug Bounty2017-08-302023-06-13