Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2148500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻 OTP bypass Account takeover Password reset NA Gowtham_Naidu (@NaiduPonnana) Bug Bounty2021-10-132023-06-13
2138Exploiting Request forgery on Mobile Applications. CSRF Account takeover Android iOS Pinterest Sayed Abdelhafiz (@dPhoeniixx) Bug Bounty2021-10-192023-06-13
2137From staging to 0 click account takeover Account takeover Logic flaw Pinterest mohamad mahmoudi (@Lotus_619) Bug Bounty2021-10-192023-06-13
2118Unauthorized access to any user’s account. IDOR Authentication bypass Account takeover NA vikram naidu (@ImVikram7msd) Bug Bounty2021-10-282023-06-13
2107How i made 500$ with XSS XSS Account takeover NA Nassim Chami (@nvccim) Bug Bounty2021-11-012023-06-13
2091ChaosDB Explained: Azure%27s Cosmos DB Vulnerability Walkthrough Cross-tenant vulnerability Account takeover Privilege escalation Microsoft Nir Ohfeld (@nirohfeld) Bug Bounty2021-11-102023-06-13
2085chaining improper authentication to idor and no rate limit for mass account takeover Account takeover Lack of rate limiting CSRF IDOR NA mohit (@mohit29295572) Bug Bounty2021-11-122023-06-13
2080Exploiting CSP in Webkit to Break Authentication & Authorization Information disclosure CSP leak Account takeover Apple Sachin Thakuri (@sachinnthakuri) Bug Bounty2021-11-132023-06-13
2075Full account takeover through referral code. Authentication flaw Account takeover Shipt Mostafa Mamdoh Bug Bounty2021-11-162023-06-13
2063Exploiting OAuth: Journey to Account Takeover Account takeover OAuth XSS Weak CSP CSRF NA Aditya Dixit (@zombie007o) Bug Bounty2021-11-192023-06-13
2053Account Takeover in $Million Company? Account takeover Password reset Fastmail 0xGodson (@0xGodson_) Bug Bounty2021-11-242023-06-13
2012Account Takeover via Stored XSS Account takeover Stored XSS NA Demon (@R29k_) Bug Bounty2021-12-092023-06-13
2000Zero Click To Account Takeover Account takeover Password reset NA M7.Arman (@ArmanSecurity) Bug Bounty2021-12-142023-06-13
1990Flickr Account Takeover Account takeover Authentication flaw Flickr Lauritz Holtmann (@_lauritz_) Bug Bounty2021-12-182023-06-13
1981How I found (P2) Broken Authentication with Zero Skill of Hacking Authentication bypass Account takeover NA yoshi m lutfi (@yoshiahmadlutfi) Bug Bounty2021-12-212023-06-13
1973Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)😲 Authentication bypass IDOR Lack of rate limiting NA Anurag__Verma Bug Bounty2021-12-252023-06-13
1966Bounty Evaluation GitHub = $15,000 US Dollars | Rate Limit Bruteforce Email verification bypass Account takeover GitHub Taniya Agarwal Bug Bounty2021-12-282023-06-13
1965Full account takeover vulnerability in Minecraft Account takeover Minecraft Abdulrahman Makki (@AMakki1337) Bug Bounty2021-12-282023-06-13
1955Bug Hunting Journey of 2021 Stored XSS Open redirect Token leak CSRF Logic flaw Information disclosure IDOR Account takeover NA Sudhanshu Rajbhar (@sudhanshur705) Bug Bounty2021-12-312023-06-13
1953One Click To Account Takeover Mass assignment NA M7.Arman (@ArmanSecurity) Bug Bounty2022-01-012023-06-13
1951A tale of zero click account takeover Account takeover IDOR NA Veshraj Ghimire (@GhimireVeshraj) Bug Bounty2022-01-012023-06-13
1945P5 to P1: Interesting Account Takeover Account takeover Session expiration issue Password reset NA Tushar Sharma (@tusharSharma_0) Bug Bounty2022-01-032023-06-13
1941thisclosed_#1 - Full Account Takeover of ANY user via Insecure Direct Object Reference (IDOR) on reset password functionality IDOR Password reset Account takeover NA Samuele Gugliotta (@indevi0us) Bug Bounty2022-01-042023-06-13
1939Accessing GoDaddy internal instance through an email logic bug. Logic flaw Privilege escalation Account takeover GoDaddy Mostafa Mamdoh Bug Bounty2022-01-052023-06-13
1932Host Header Injection Lead To Account Takeovers Host header injection Password reset Account takeover NA M7.Arman (@ArmanSecurity) Bug Bounty2022-01-092023-06-13