Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2095Bypass Chrome Ad-Heavy detection mechanism Browser hacking Google (Chrome) 0x0021h (@0x0021h) Bug Bounty2021-11-092023-06-13
2094Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over IDOR Google Cam (@secretlyhidden1) Bug Bounty2021-11-092023-06-13
2093400$ Bounty again using Google Dorks Directory listing Information disclosure NA Haris M (@hrsm321) Bug Bounty2021-11-092023-06-13
2092Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond HTTP Header Smuggling HTTP Request Smuggling NA Daniel Thatcher (@_danielthatcher) Bug Bounty2021-11-102023-06-13
2091ChaosDB Explained: Azure%27s Cosmos DB Vulnerability Walkthrough Cross-tenant vulnerability Account takeover Privilege escalation Microsoft Nir Ohfeld (@nirohfeld) Bug Bounty2021-11-102023-06-13
2089Unrestricted File Upload Leads to SSRF and RCE ImageTragick Unrestricted file upload SSRF RCE NA Muhammad Adel (@ItsFadinG_) Bug Bounty2021-11-112023-06-13
2088Write Up – Google VRP Bug Bounty: /etc/environment Local Variables Exfiltrated On Linux Google Earth Pro Desktop App – $1,337 USD XSS Google Omar Espino (@omespino) Bug Bounty2021-11-112023-06-13
2087Simple SSRF Allows Access To Internal Assets SSRF NA Sam Paredes (@caffeinevulns) Bug Bounty2021-11-112023-06-13
2086From URL dumps digging to IDOR , BAC, Massive Phishing in Udemy Broken Access Control Information disclosure IDOR HTML injection Udemy Mostafa Mamdoh Bug Bounty2021-11-122023-06-13
2085chaining improper authentication to idor and no rate limit for mass account takeover Account takeover Lack of rate limiting CSRF IDOR NA mohit (@mohit29295572) Bug Bounty2021-11-122023-06-13
2084How I got $200 in 30 Seconds. Information disclosure NA Yash__ HackZ (@HackzYash) Bug Bounty2021-11-122023-06-13
2083Privilege Escalation, worth of €300 Broken Access Control IDOR Privilege escalation NA Hemant Kumar Bug Bounty2021-11-122023-06-13
2082Never leave this tip while you hunting Broken Access Control Broken Access Control NA secureITmania (@secureitmania) Bug Bounty2021-11-132023-06-13
2081Impact of an Insecure Deep Link Insecure deeplink CafeBazaar Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2021-11-132023-06-13
2080Exploiting CSP in Webkit to Break Authentication & Authorization Information disclosure CSP leak Account takeover Apple Sachin Thakuri (@sachinnthakuri) Bug Bounty2021-11-132023-06-13
2079Broken Link Hijacking — 404 Google Play Store— xxx$ Bounty Broken link hijacking NA Proviesec (@proviesec) Bug Bounty2021-11-142023-06-13
2078How I Found P1 bug Due to Sensitive data exposure And Earn $$$$ Information disclosure NA Piyush shukla (@PiyushShukla__) Bug Bounty2021-11-152023-06-13
2077DOS attack in Yahoo, How i was able to deny new users from service? DoS Yahoo! / Verizon Media Mostafa Mamdoh Bug Bounty2021-11-152023-06-13
2076T-Reqs: HTTP Request Smuggling with Differential Fuzzing HTTP Request Smuggling NA Bahruz Jabiyev (@BahruzJabiyev) Bug Bounty2021-11-152023-06-13
2075Full account takeover through referral code. Authentication flaw Account takeover Shipt Mostafa Mamdoh Bug Bounty2021-11-162023-06-13
2074DOS attack in Yahoo, How i was able to deny new users from service? DoS Logic flaw Yahoo! / Verizon Media Mostafa Mamdoh Bug Bounty2021-11-162023-06-13
2073Diving into Open-source LMS Codebases Insecure file upload Insecure deserialization RCE CSRF SQL injection Reflected XSS Moodle Chamilo LMS Poh Jia Hao (@Chocologicall) Bug Bounty2021-11-162023-06-13
2072Finding Zero-Day Vulnerabilities in the Supply Chain CSTI Signature bypass Adaxes Roni Carta (@0xLupin) Bug Bounty2021-11-162023-06-13
2071Keybase App Vulnerability: Incomplete Cleanup of Messages In Keybase for Android/iOS, CVE-2021-34421 Information disclosure Keybase Olivia O’Hara (@oliviaohara) Bug Bounty2021-11-172023-06-13
2070The tale of CVE-2021–34479 (VSCode XSS) XSS CSP bypass Microsoft Daniel Santos (@bananabr) Bug Bounty2021-11-172023-06-13