Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2148500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻 OTP bypass Account takeover Password reset NA Gowtham_Naidu (@NaiduPonnana) Bug Bounty2021-10-132023-06-13
2147Write Up – Google VRP N/A: Arbitrary Local File Read (Macos) Via <a> Tag And Null Byte (%00) In Google Earth Pro Desktop App Local File Read Google Omar Espino (@omespino) Bug Bounty2021-10-142023-06-13
2146Remote code execution in Managed Anthos Service Mesh control plane RCE Google Anthony Weems Bug Bounty2021-10-152023-06-13
2145Exploitation of file’s download parameters to create potential risk of malware delivery: $200 bug! CSRF RCE NA Muhammad Aamir (@Muhammad__Aamir) Bug Bounty2021-10-172023-06-13
2144Business Logic Errors - A Logic Destruction Logic flaw NA Jerry Shah (@Jerry) Bug Bounty2021-10-172023-06-13
2143How I Escalated a Time-Based SQL Injection to RCE SQL injection RCE Sony JM Sanchez / 0xEchidonut (@jmrcsnchz) Bug Bounty2021-10-172023-06-13
2142Independently Secure, Together Not So Much – A Story Of 2 WP Plugins RCE Race condition Unrestricted file upload Security code review NA Adrian Tiron (@Adrian__T) Bug Bounty2021-10-172023-06-13
2141The Speckle Umbrella story — part 2 Information disclosure Logic flaw Google Imre Rad (@ImreRad) Bug Bounty2021-10-182023-06-13
2140Shells And SOAP: Websphere Deserialization To RCE RCE Insecure deserialization IBM Wyatt Dahlenburg (@wdahlenb) Bug Bounty2021-10-182023-06-13
2139A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection SQL injection WAF bypass AWS Marc Olivier Bergeron Bug Bounty2021-10-192023-06-13
2138Exploiting Request forgery on Mobile Applications. CSRF Account takeover Android iOS Pinterest Sayed Abdelhafiz (@dPhoeniixx) Bug Bounty2021-10-192023-06-13
2137From staging to 0 click account takeover Account takeover Logic flaw Pinterest mohamad mahmoudi (@Lotus_619) Bug Bounty2021-10-192023-06-13
2136CVE-2021-2471 MySQL JDBC XXE XXE Oracle (MySQL) pyn3rd (@pyn3rd) Bug Bounty2021-10-212023-06-13
2135Unauthorized access to any Facebook user’s draft profile picture frames IDOR Meta / Facebook Sandeep Hodkasia (@sandeephodkasia) Bug Bounty2021-10-222023-06-13
2134All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646) RCE Memory corruption Microsoft Eugene Lim (@spaceraccoonsec) Bug Bounty2021-10-222023-06-13
2133Moodle - Stored XSS and blind SSRF possible via feedback answer text Stored XSS SSRF Moodle rekter0 (@rekter0) Bug Bounty2021-10-222023-06-13
2132A story of another awesome old school hacking that lead to a cool P1 bug 403 bypass NA Vuk Ivanovic Bug Bounty2021-10-222023-06-13
2131How i Got 3 SQL injection in just 10 minutes. SQL injection NA Ahmed Fatouh (@XDev05) Bug Bounty2021-10-232023-06-13
2129Discourse SNS webhook RCE RCE Signature validation bypass Discourse joernchen (@joernchen) Bug Bounty2021-10-232023-06-13
2128Google Chrome Vulnerability Worth for $6K: Use After Free (CVE-2021-30573) Memory corruption Google Security For Everyone / S4E Team (@secforeveryone) Bug Bounty2021-10-232023-06-13
2127How I was able to revoke your Instagram 2FA Bruteforce Rate limiting bypass Meta / Facebook Dhiyaneshwaran (@DhiyaneshDK) Bug Bounty2021-10-232023-06-13
2125A 7500$ Google sites IDOR IDOR Google Jalal (@r0ckin_) Bug Bounty2021-10-242023-06-13
2124Zimbra “nginx” Local Root Exploit Local Privilege Escalation Zimbra Darren Martyn (@_darrenmartyn) Bug Bounty2021-10-252023-06-13
2123An Effective 5 min recon leads to a Hall of Fame Information disclosure NA Renganathan (@IamRenganathan) Bug Bounty2021-10-262023-06-13
2122Zimbra “zmslapd” Local Root Exploit. Local Privilege Escalation Zimbra Darren Martyn (@_darrenmartyn) Bug Bounty2021-10-272023-06-13