Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2044[socket.io] Cross-Site Websockets Hijacking Cross-Site Websocket Hijacking (CSWH) Node.js third-party modules sh1yo (@sh1yo_) Bug Bounty2021-11-292023-06-13
2043Price Manipulation Bypass Using Integer Overflow Method Payment tampering Memory corruption NA Marx Chryz Bug Bounty2021-11-292023-06-13
2042Play The Opera Please Browser hacking Opera Dhiraj (@RandomDhiraj) Bug Bounty2021-11-292023-06-13
2041This Microsoft Windows RCE Vulnerability Gives an Attacker Complete Control Memory corruption Microsoft Malcolm Stagg (@malcolmst) Bug Bounty2021-11-302023-06-13
2040NodeBB 1.18.4 - Remote Code Execution With One Shot RCE XSS Authentication bypass Arbitrary file read NodeBB Sonar (@SonarSource) Bug Bounty2021-11-302023-06-13
2038VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability LFI SSRF XSS Arbitrary file read VMware Khoa Dinh (@_l0gg) Bug Bounty2021-11-302023-06-13
2037HTTP Header Injection In Citrix ADC And Citrix Gateway (CVE-2020-8300, CVE-2021-22927) Host header injection XSS Citrix Systems Wolfgang Ettlinger Bug Bounty2021-11-302023-06-13
2036Microsoft Teams – CSV Injection CSV injection Microsoft Christian Becker (@0xchrisb) Bug Bounty2021-12-012023-06-13
2035P1 _Bug in Apple that phase “old is Gold Logic flaw Apple Saurabh Sankhwar (@mr_encryption) Bug Bounty2021-12-012023-06-13
2033This shouldn%27t have happened: A vulnerability postmortem Memory corruption Mozilla Tavis Ormandy (@taviso) Bug Bounty2021-12-012023-06-13
2032Easy SQLi in Amazon subsidiary using Sqlmap SQL injection Amazon Mostafa Mamdoh Bug Bounty2021-12-012023-06-13
2031Exploring Container Security: A Storage Vulnerability Deep Dive Race condition Kubernetes Kubernetes Fabricio Voznika Bug Bounty2021-12-022023-06-13
2030AWS SageMaker Jupyter Notebook Instance Takeover Self-XSS CSRF RCE AWS Gafnit Amiga (@gafnitav) Bug Bounty2021-12-022023-06-13
2029Bypassing Box’s Time-based One-Time Password MFA OTP bypass MFA bypass Box Tal Peleg Bug Bounty2021-12-022023-06-13
2028Disclose Ad Accounts linked with Instagram Accounts Information disclosure Logic flaw GraphQL Meta / Facebook Naveen (@NaveenHax) Bug Bounty2021-12-022023-06-13
2027Write Up – XSS Stored In files.slack.com Via XML/SVG File (iOS) – $1,000 USD XSS Slack Omar Espino (@omespino) Bug Bounty2021-12-032023-06-13
2026How I accessed the Sensitive document which I had already deleted Privacy issue NA Pawan Chhabria (@heybenchmarkkk) Bug Bounty2021-12-042023-06-13
2024How I managed to hack User accounts of a billion-dollar sport platform OTP bypass Bruteforce Lack of rate limiting NA Vishnuraj Bug Bounty2021-12-042023-06-13
2023This is how i was able to See and Delete your Private Facebook Portal photos IDOR Meta / Facebook Abhishek Pathak (@pathleax) Bug Bounty2021-12-042023-06-13
2022Accidental IDOR in eLearnSecurity to Knowing Your Address and Cert You Bought. IDOR INE Anugrah SR (@cyph3r_asr) Bug Bounty2021-12-052023-06-13
2021SSRF vulnerability in AppSheet - Google VRP SSRF Google David Nechuta (@david_nechuta) Bug Bounty2021-12-052023-06-13
2020Microsoft Azure Portal – CSV Injection CSV injection Microsoft Christian Becker (@0xchrisb) Bug Bounty2021-12-062023-06-13
2019Hacking into Admin Panel of U.S Federal government system C.A.R.S — without credentials. Client-side enforcement of server-side security Privilege escalation U.S. General Services Administration Hazem Brini (@ImJungsuu) Bug Bounty2021-12-072023-06-13
2018How I was able to change Reddit acquired Dubsmash%27s music library sound tracks%27 titles IDOR Reddit Sandeep Hodkasia (@sandeephodkasia) Bug Bounty2021-12-072023-06-13
2017Windows 10 RCE: The exploit is in the link RCE Microsoft Fabian Bräunlein Bug Bounty2021-12-072023-06-13