Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1937How I was able to spoof any Instagram username on Instagram shop IDOR Meta / Facebook Nawaf Alkhaldi (@nvmeeet) Bug Bounty2022-01-062023-06-13
1936Exploiting Redash instances with CVE-2021-41192 Privilege escalation Session management issue SSRF NA Ian Carroll (@iangcarroll) Bug Bounty2022-01-062023-06-13
1935A phishing document signed by Microsoft – part 2 Phishing RCE Microsoft Pieter Ceelen (@ptrpieter) Bug Bounty2022-01-072023-06-13
1934A Tale Of 5250$: How I Accessed Millions Of User’s Data Including Their National ID’s AWS misconfiguration Information disclosure NA Sam (@__Sam0_0) Bug Bounty2022-01-072023-06-13
19332FA bypass by reading the documentation MFA bypass NA tomorrowisnew (@tomorrowisnew_) Bug Bounty2022-01-092023-06-13
1932Host Header Injection Lead To Account Takeovers Host header injection Password reset Account takeover NA M7.Arman (@ArmanSecurity) Bug Bounty2022-01-092023-06-13
1931How did I find Log4j vulnerability via Static Code Analysis and receive €€€ bounty? Log4shell RCE NA Pranav Gajjar (@Pranav_Gajjar_) Bug Bounty2022-01-102023-06-13
1930New macOS vulnerability, “powerdir,” could lead to unauthorized user data access Privacy issue MacOS Apple Microsoft 365 Defender Research Team Bug Bounty2022-01-102023-06-13
1929Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle%27s Shibboleth Session hijacking Session management issue Account takeover RCE Moodle Johannes Moritz Bug Bounty2022-01-102023-06-13
1928Cross-Origin Resource Sharing (CORS) Misconfiguration leads to User’s PII leaks. CORS misconfiguration NA Tarikul Islam (@sa1tama0) Bug Bounty2022-01-102023-06-13
1927Exploiting URL Parsers: The Good, Bad, And Inconsistent URL parsing issue NA Noam Moshe Bug Bounty2022-01-102023-06-13
1926Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more RCE Microsoft Gabriel Sztejnworcel (@sztejnworcel) Bug Bounty2022-01-112023-06-13
1925How I downed acronis.com in 2 minutes — Lucky bug write up DoS Acronis Ugroon (@veletisleri) Bug Bounty2022-01-112023-06-13
1924Pwning the portal: from database dump to session hijacking SQL injection XSS CSRF NA Bitcrack (@bitcrack_cyber) Bug Bounty2022-01-122023-06-13
1923C.S.T.I Lead To Account Takeover $$$ CSTI Account takeover NA M7.Arman (@ArmanSecurity) Bug Bounty2022-01-132023-06-13
1922Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969) Insecure deserialization Microsoft Florian Hauser (@frycos) Bug Bounty2022-01-132023-06-13
1921Xiaomi Execute Arbitrary JavaScript XSS HTML injection Android Xiaomi Neil Mark Ochea (@nmochea) Bug Bounty2022-01-132023-06-13
1920XSS Filter Evasion + IDOR XSS IDOR NA JM Sanchez / 0xEchidonut (@jmrcsnchz) Bug Bounty2022-01-132023-06-13
1919FB Lite All Users Active Status Changed Logic flaw Meta / Facebook Neil Mark Ochea (@nmochea) Bug Bounty2022-01-142023-06-13
1918RCE In Adobe Acrobat Reader For Android(CVE-2021-40724) RCE Path traversal Android Google Adobe sunny (@hulkvision) Bug Bounty2022-01-142023-06-13
1917120 Days of High Frequency Hunting SSRF LFI Information disclosure Broken Access Control Authentication bypass XSS SQL injection NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-01-152023-06-13
1916Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) SQL injection Broken Access Control Moodle 0xkasper (@0xkasper) Bug Bounty2022-01-152023-06-13
1915XXE in SAML SSO Writeup - Bug Bounty XXE NA Aditya Singh / rook1337 (@imrook1337) Bug Bounty2022-01-162023-06-13
1914How i found “Broken Access Control Through out-of-sync setup” and got $1000 Broken Access Control Authorization flaw NA Mr Robert | Ahmed M Hassan (@Mr_Robert20) Bug Bounty2022-01-162023-06-13
1913Critical XSS in chrome extension XSS postMessage NA p3rr0 (@Hperalta89) Bug Bounty2022-01-172023-06-13