Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1929Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle%27s Shibboleth Session hijacking Session management issue Account takeover RCE Moodle Johannes Moritz Bug Bounty2022-01-102023-06-13
1923C.S.T.I Lead To Account Takeover $$$ CSTI Account takeover NA M7.Arman (@ArmanSecurity) Bug Bounty2022-01-132023-06-13
1894How I was able to take over accounts in websites deal with Github as an SSO provider Bruteforce Lack of rate limiting SSO Email verification bypass Account takeover NA Khaled Mohamed Bug Bounty2022-01-252023-06-13
1864IDOR vulnerability on invoice and weak password reset leads to account take over IDOR Password reset Account takeover Payment tampering Logic flaw NA Damaidec Bug Bounty2022-02-012023-06-13
1842Google Security Misconfiguration Leads to Account Takeover ! Logic flaw Spoofing Google Harsh Banshpal Bug Bounty2022-02-082023-06-13
1841Full Account takeover (ATO) — a tale of two bugs 🐛 IDOR Account takeover NA Kwadwo Amoako Bug Bounty2022-02-082023-06-13
1825A tale of 0-Click Account Takeover and 2FA Bypass. Account takeover Password reset MFA bypass NA Firas Fatnassi (@Fatnass1F1ras) Bug Bounty2022-02-122023-06-13
1822Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover AWS misconfiguration Account takeover NA Preetham Bomma (@cyber01_) Bug Bounty2022-02-142023-06-13
1774Password Reset to Admin Access Account takeover Authentication bypass Password reset NA Jesse Clark (@Hogarth45_) Bug Bounty2022-03-012023-06-13
1770CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO Stored XSS Account takeover Apache Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-03-022023-06-13
1761The Bad Twin: a peculiar case of JWT exploitation scenario Account takeover NA Sandh0t (@sandh0t) Bug Bounty2022-03-072023-06-13
1760AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service Cross-tenant vulnerability Account takeover Microsoft Yanir Tsarimi (@Yanir_) Bug Bounty2022-03-072023-06-13
1729How I managed to trigger XSS automatically to get critical account takeover Stored XSS NA c4rrilat0r (@c4rrilat0r) Bug Bounty2022-03-152023-06-13
1696Bug Bounty Adventures: A NodeBB 0-day CSRF Account takeover SSO Authentication flaw Opera Marouane Mouhtadi (@Mar0_0uane) Bug Bounty2022-03-252023-06-13
1693Stealing cookies from subdomain leads to takeover user accounts at redacted.com Account takeover XSS NA Bijan Murmu (@0xBijan) Bug Bounty2022-03-272023-06-13
1659How I hacked one of the biggest airlines group of the world IDOR Account takeover NA Tarek Bouali (@iambouali) Bug Bounty2022-04-052023-06-13
1656New npm Flaws Let Attackers Better Target Packages for Account Takeover Information disclosure GitHub Yakir Kadkoda Bug Bounty2022-04-052023-06-13
1652Watch out the links : Account takeover! Account takeover NA Akash Hamal (@AkashHamal0x01) Bug Bounty2022-04-062023-06-13
1651SSRF and Account Takeover via XSS in ERPNext (0-day) SSRF XSS Account takeover ERPNext huli (@aszx87410) Bug Bounty2022-04-062023-06-13
1649Multiple vulnerability leading to account takeover in TikTok SMB subdomain. IDOR TikTok Ahmad A Abdulla (@lu3ky13) Bug Bounty2022-04-072023-06-13
1615Full Account Takeover via Open Redirection Open redirect Token leak Account takeover OAuth NA vFlexo (@vflexo) Bug Bounty2022-04-172023-06-13
1586ATO without any interaction [aws cognito misconfiguration] Account takeover Lack of rate limiting GitHub Shreyaskoli (@SPY8OY) Bug Bounty2022-04-302023-06-13
1575Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) XSS CSRF Account takeover NA Zulfi Al-Farizi Bug Bounty2022-05-062023-06-13
1569Its all about 2fa bypass, or Account Takeover Password reset Account takeover OTP bypass NA anjaneyulu kanakatla Bug Bounty2022-05-082023-06-13
1562The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… CSS injection Clickjacking Account takeover XSS Cookie bomb Self-XSS CSRF NA Renwa (@RenwaX23) Bug Bounty2022-05-102023-06-13