Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1785Piercing the Cloud Armor - The 8KB bypass in Google Cloud Platform WAF WAF bypass Google Kloudle (@Kloudleinc) Bug Bounty2022-02-242023-06-13
1783Bypassing default visibility for newly-added email in Facebook(Part I - Submitting I.D) Logic flaw Meta / Facebook Kent Jarold Abulag (@wkemenhehehegsg) Bug Bounty2022-02-252023-06-13
1782A Weird Price Tampering Vulnerability Payment tampering Logic flaw NA vFlexo (@vflexo) Bug Bounty2022-02-252023-06-13
1781Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager Authentication bypass RCE SSRF Path traversal VMware Egor Dimitrenko (@elk0kc) Bug Bounty2022-02-252023-06-13
1780SSRF & LFI In Uploads Feature SSRF LFI HTML injection NA Raymond Lind Bug Bounty2022-02-262023-06-13
1779CVE-2022-22947: SpEL Casting And Evil Beans RCE Java Beans NA Wyatt Dahlenburg (@wdahlenb) Bug Bounty2022-02-262023-06-13
1778Hacking Subscription Plans for free service. Payment bypass OTP bypass NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2022-02-272023-06-13
1777BrokenPrint: A Netgear stack overflow Memory corruption RCE Netgear Alex Plaskett (@alexjplaskett) Bug Bounty2022-02-282023-06-13
1776Pwning a Server using Markdown LFI RCE Hashnode Aditya Dixit (@zombie007o) Bug Bounty2022-02-282023-06-13
1775HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations HTTP request smuggling DoS Semantic gap attacks NA Kaiwen Shen (@m0xiaoxi) Bug Bounty2022-03-012023-06-13
1774Password Reset to Admin Access Account takeover Authentication bypass Password reset NA Jesse Clark (@Hogarth45_) Bug Bounty2022-03-012023-06-13
1773Skype extension: All functionality broken? Still exploitable! Information disclosure Privacy issue Microsoft Wladimir Palant (@WPalant) Bug Bounty2022-03-012023-06-13
1772[ Directory Traversal attack ] How did I find it using GitHub Information disclosure Path traversal NA Fenrir (@leetibrahim) Bug Bounty2022-03-022023-06-13
1771webOS Revisited - Even More Mistaken Identities Local Privilege Escalation Browser hacking LG Andreas Lindh (@addelindh) Bug Bounty2022-03-022023-06-13
1770CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO Stored XSS Account takeover Apache Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-03-022023-06-13
1769IDOR in support.mozilla.org through Code Review IDOR Mozilla Brandon Roldan Bug Bounty2022-03-022023-06-13
1768Moodle 2nd Order Sqli SQL injection Moodle mufinnnnnnn (@mufinnnnnnn) Bug Bounty2022-03-022023-06-13
17674300$ Instagram IDOR Bug (2022) IDOR Meta / Facebook Nawaf Alkhaldi (@nvmeeet) Bug Bounty2022-03-022023-06-13
1766CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED) Username enumeration GraphQL GitLab Jacob Baines (@junior_baines) Bug Bounty2022-03-032023-06-13
1764How I Hacked A Crypto Company And Could Steal 1 Million Dollars Worth of Bitcoin Path traversal NA zoid (@z0idsec) Bug Bounty2022-03-052023-06-13
1763WhatsApp Bug Bounty: Bypassing biometric authentication using voip Authentication bypass Meta / Facebook Arvind (@ar_arv1nd) Bug Bounty2022-03-052023-06-13
1762Some critical vulnerabilities found with passive analysis on bug bounty programs explained Information disclosure Logic flaw NA Daniel V. (@d4niel_v) Bug Bounty2022-03-072023-06-13
1761The Bad Twin: a peculiar case of JWT exploitation scenario Account takeover NA Sandh0t (@sandh0t) Bug Bounty2022-03-072023-06-13
1760AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service Cross-tenant vulnerability Account takeover Microsoft Yanir Tsarimi (@Yanir_) Bug Bounty2022-03-072023-06-13
1759Circumventing Browser Security Mechanisms For SSRF SSRF XSS NA HTTPVoid (@httpvoid0x2f) Bug Bounty2022-03-082023-06-13