Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1912Write Up – Private Bug Bounty: Firebase Database Exposed By Misconfiguration – $2,000 USD Android Insecure Firebase database NA Omar Espino (@omespino) Bug Bounty2022-01-172023-06-13
1911Stealing administrative JWT%27s through post auth SSRF (CVE-2021-22056) SSRF CSRF VMware Shubham Shah (@infosec_au) Bug Bounty2022-01-172023-06-13
1910Mixed Messages: Busting Box’s MFA Methods OTP bypass MFA bypass Box Tal Peleg Bug Bounty2022-01-182023-06-13
1909Zooming in on Zero-click Exploits Memory corruption Zoom Natalie Silvanovich (@natashenka) Bug Bounty2022-01-182023-06-13
1908CVE-2022-21661: Exposing Database Info Via Wordpress SQL Injection SQL injection WordPress ngocnb Bug Bounty2022-01-182023-06-13
1907Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1 Insecure deserialization Cryptographic issues Swiss Post Ruben Santamarta (@reversemode) Bug Bounty2022-01-182023-06-13
1906The Tale of a Click leading to RCE RCE SSRF CatchPoint Roni Carta (@0xLupin) Bug Bounty2022-01-182023-06-13
1905How I messed up my own profile data Authorization flaw NA Himmat Singh Bug Bounty2022-01-202023-06-13
1904ZohOwned :: A Critical Authentication Bypass on Zoho ManageEngine Desktop Central Authentication bypass Zoho Steven Seeley (@steventseeley) Bug Bounty2022-01-202023-06-13
1903Hashing the Favicon.ico Information disclosure NA Ski Mask (@Ski_Mask0) Bug Bounty2022-01-212023-06-13
1902Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s meeting. Insecure deeplink Android NA Quel (@RootIntrud3r) Bug Bounty2022-01-212023-06-13
1901120 Days of Frequent Hacking SSRF LFI Information disclosure XSS SQL injection NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-01-212023-06-13
1900How I was able to find multiple vulnerabilities of a Symfony Web Framework web application Debug mode enabled Information disclosure NA Abid Ahmad (@RootIntrud3r) Bug Bounty2022-01-232023-06-13
1899Path Traversal Paradise Path traversal LFI NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-01-232023-06-13
1898Solarwinds Web Help Desk: When the Helpdesk is too Helpful Information disclosure Hardcoded credentials SolarWinds Assetnote Security Research Team (@assetnote) Bug Bounty2022-01-232023-06-13
1897How I got access to 25+ Tesla’s around the world. By accident. And curiosity. Default credentials Tesla David Colombo (@david_colombo_) Bug Bounty2022-01-232023-06-13
1896CVE-2021-44790: Code Execution On Apache Via An Integer Underflow Memory corruption Apache Chamal Bug Bounty2022-01-252023-06-13
1895First Valid BUG Finding At Microsoft And I Got the Acknowledgments Page Microsoft XSS Microsoft Aidil Arief Bug Bounty2022-01-252023-06-13
1894How I was able to take over accounts in websites deal with Github as an SSO provider Bruteforce Lack of rate limiting SSO Email verification bypass Account takeover NA Khaled Mohamed Bug Bounty2022-01-252023-06-13
1893HOW I hacked thousand of subdomains Subdomain takeover NA MoSec (@moe1n1) Bug Bounty2022-01-252023-06-13
1892Hacking the Apple Webcam (again) Universal XSS Browser hacking Apple Ryan Pickren Bug Bounty2022-01-252023-06-13
1891How I could have read your confidential bug reports by simple mail? Information disclosure Logic flaw Microsoft Sudhakar Muthumani (@Sudhakarmuthu04) Bug Bounty2022-01-252023-06-13
1890CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google%27s KCTF Containers Container escape Kubernetes bug Google Crusaders of Rust (@cor_ctf) Bug Bounty2022-01-252023-06-13
1889Exploiting: Buffer overflow in Xiongmai DVRs Memory corruption Buffer Overflow Xiongmai Chris Leech Bug Bounty2022-01-262023-06-13
1888Auth Bypass in ADOdb CVE-2021-3850 Authentication bypass NA Emmet Leah Bug Bounty2022-01-262023-06-13