Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4505IDOR in JWT and the shortest token you will ever see {}.{“uid”: “1234567890”} IDOR NA Plenum (@plenumlab) Bug Bounty2018-10-302023-06-13
4503It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive knowledge about the program Information disclosure Authentication bypass Account takeover NA Zseano (@zseano) Bug Bounty2018-10-302023-06-13
4501Stored XSS in Bug Bounty Stored XSS NA KatsuragiCSL (@ZuuitterE) Bug Bounty2018-11-012023-06-13
4500P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC Information disclosure NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-11-012023-06-13
4499Finding hidden gems vol. 3: quick win with .sh file Information disclosure NA Mateusz Olejarka (@molejarka) Bug Bounty2018-11-012023-06-13
4498CVE-2018-11759 – Apache mod_jk access control bypass Path traversal Apache HTTP Server Raphaël Arrouas Bug Bounty2018-11-012023-06-13
4495Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining) Open redirect Token leak Account takeover NA Muhammad Asim Shahzad (@protector47) Bug Bounty2018-11-032023-06-13
4494Unauthenticated RSFTP to Command Injection Path traversal RCE NA Nicodemo Gawronski Bug Bounty2018-11-032023-06-13
4493Duplicate but still cool IDOR Account takeover NA Plenum (@plenumlab) Bug Bounty2018-11-052023-06-13
4485CVE-2018-9539: Use-after-free vulnerability in privileged Android service Memory corruption Use-After-Free Google Tamir Zahavi-Brunner (@tamir_zb) Bug Bounty2018-11-092023-06-13
4482Chain exploitation of XSS DOM XSS Clickjacking CSRF NA Mikhail Klyuchnikov (@__Mn1__) Bug Bounty2018-11-122023-06-13
4480[DOM based XSS] Or why you should not rely on Cloudflare too much DOM XSS NA KatsuragiCSL (@ZuuitterE) Bug Bounty2018-11-132023-06-13
4479OOB XXE in PrizmDoc (CVE-2018–15805) OOB XXE PrizmDoc Nik srivastava Bug Bounty2018-11-132023-06-13
4478Spoof All Domains Containing %27d%27 in Apple Products [CVE-2018-4277] Browser hacking Apple Tencent%27s Xuanwu Lab Bug Bounty2018-11-132023-06-13
4470[POC] Cross-Site Scripting on Garuda Indonesia Website XSS Garuda Indonesia Arif-ITSEC111 Bug Bounty2018-11-162023-06-13
4469XSS in hidden input fields XSS NA Gareth Heyes (@garethheyes) Bug Bounty2018-11-162023-06-13
4468Microsoft BingPlaces Business - (url) Redirect Vulnerability Open redirect Microsoft Benjamin K.M. Bug Bounty2018-11-162023-06-13
4464From Security Misconfiguration to Gaining Access of SMTP server File disclosure NA Daniel V. (@d4niel_v) Bug Bounty2018-11-182023-06-13
4462Youtube - Open redirection Open redirect Google Barak Tawily (@quitten11) Bug Bounty2018-11-192023-06-13
4461XS-Searching Google’s bug tracker to find out vulnerable source code XS-Search Information disclosure Google Luan Herrera (@lbherrera_) Bug Bounty2018-11-192023-06-13
4457Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read! SSRF LFI NA Zain Sabahat (@Zain_Sabahat) Bug Bounty2018-11-222023-06-13
4455Stored XSS Vulnerability in Jotform and H1C Private Site Stored XSS NA Anas Mahmood (@AnasIsHere) Bug Bounty2018-11-232023-06-13
4448Instagram Multi-factor authentication Bypass MFA bypass Meta / Facebook Vishnuraj Bug Bounty2018-11-272023-06-13
4447Pwning eBay - How I Dumped eBay Japan%27s Website Source Code .git folder disclosure Source code disclosure Ebay David (@slashcrypto) Bug Bounty2018-11-282023-06-13
4445Broken Authentication — Bug Bounty Session management issue NA Vulnerables Bug Bounty2018-11-282023-06-13