Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4562Just another tale of severe bugs on a private program. Open redirect SSRF IDOR Logic flaw NA Siva Krishna Samireddi (@le4rner) Bug Bounty2018-09-282023-06-13
4559How I was able to takeover account%27s of an Earning App Information disclosure NA Abbas Wafa Bug Bounty2018-10-012023-06-13
4556How i found Stored xss on your-domain.redacted.com XSS NA Rudra Sarkar (@rudr4_sarkar) Bug Bounty2018-10-022023-06-13
4554AWS takeover through SSRF in JavaScript SSRF NA Gwendal Le Coguic (@gwendallecoguic) Bug Bounty2018-10-022023-06-13
4552Exploiting an unknown vulnerability Logic flaw Payment tampering NA Abhishek Bundela (@abhibundela) Bug Bounty2018-10-032023-06-13
4546Blind XML External Entities Out-Of-Band Channel Vulnerability : PayPal Case Study Blind XXE Paypal Abdelmoughite Eljoaydi Bug Bounty2018-10-052023-06-13
4544My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY Reflected XSS CSP bypass NA Ali Tütüncü(@alicanact60) Bug Bounty2018-10-072023-06-13
4540DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More DOM XSS Tinder VPN Mentor (@vpnmentor) Bug Bounty2018-10-092023-06-13
4537Payment bypass Payment bypass Logic flaw NA Pratik Yadav (@PratikY9967) Bug Bounty2018-10-092023-06-13
4535Access to staging environment via User-Agent string Authentication bypass NA Yasser Gersy (@yassergersy) Bug Bounty2018-10-102023-06-13
4533Add description to Instagram Posts on behalf of other users - 6500$ IDOR Meta / Facebook Sarmad Hassan (@JubaBaghdad) Bug Bounty2018-10-122023-06-13
4532Magic XSS with two parameters XSS NA Mahmood Shahabi (@m4shahab1) Bug Bounty2018-10-122023-06-13
4528Path traversal while uploading results in RCE Path traversal RCE NA Harsh Jaiswal (@rootxharsh) Bug Bounty2018-10-152023-06-13
4523A Story of mishandling the Chunked Data (CVE-2018-17082) XSS PHP Prashanth Varma (@cymtrick) Bug Bounty2018-10-202023-06-13
4521Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature Logic flaw HackerOne Japz Divino (@japzdivino) Bug Bounty2018-10-222023-06-13
4520Cookie-based-injection XSS making exploitable with-out exploiting other Vulns XSS NA Utkarsh Agrawal (@agrawalsmart7) Bug Bounty2018-10-222023-06-13
4518XSS with HTML and how to convert the HTML into charcode() XSS Purinar Logistics Arif-ITSEC111 Bug Bounty2018-10-222023-06-13
4516SOAP- Based Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software XXE NA Nikhil (niks) (@niksthehacker) Bug Bounty2018-10-242023-06-13
4515DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE. DoS Meta / Facebook Rahul Kankrale (@RahulKankrale) Bug Bounty2018-10-252023-06-13
4512A very useful technique to bypass the CSRF protection for fun and profit. CSRF NA Yeasir Arafat Bug Bounty2018-10-262023-06-13
4511How Misconfigured API leaked user private information? IDOR Authorization flaw NA Yeasir Arafat Bug Bounty2018-10-262023-06-13
4510Privilege Escalation like a Boss IDOR NA Jay Jani (@JayJani007) Bug Bounty2018-10-272023-06-13
4509#BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites! .git folder disclosure Source code disclosure NA Avinash Jain (@logicbomb_1) Bug Bounty2018-10-272023-06-13
4507Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable CSRF Clickjacking NA Zseano (@zseano) Bug Bounty2018-10-292023-06-13
4506CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services Memory corruption Google Tamir Zahavi-Brunner (@tamir_zb) Bug Bounty2018-10-302023-06-13