Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1676Small bugs are more dangerous than you think Self-XSS Stored XSS Open redirect CSRF NA Liv Matan (@terminatorLM) Bug Bounty2022-04-012023-06-13
1675Debugging the undebuggable and finding a CVE in Microsoft Defender for Endpoint Endpoint spoofing Microsoft Gijs Hollestelle Bug Bounty2022-04-012023-06-13
1674Write Up – Finapi (Open Banking API) Oauth Credentials Exposed In Plain Text In Android App Hardcoded credentials Android NA Omar Espino (@omespino) Bug Bounty2022-04-012023-06-13
1673Design Flaw : A Tale of Permanent DOS (Informative -> Triaged) DoS NA Akash Hamal (@AkashHamal0x01) Bug Bounty2022-04-022023-06-13
1672Multiple Times I Hacked Duke University With RXSS Vulnerability!!! Reflected XSS Duke University Amit Kumar (@Amitlt2) Bug Bounty2022-04-022023-06-13
1671View Friends List of any users using “View as” | Facebook Bug bounty Logic flaw Broken Access Control Meta / Facebook Ph.Hitachi Bug Bounty2022-04-022023-06-13
1670How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables Memory corruption Local Privilege Escalation Linux Kernel Organization David Bouman (@pqlqpql) Bug Bounty2022-04-022023-06-13
1669Hacked Instagram Handle Of Samsung…. Broken link hijacking Samsung Amit Kumar (@Amitlt2) Bug Bounty2022-04-032023-06-13
1668Exploiting a double-edged SSRF for server and client-side impact SSRF NA Yassine Aboukir (@Yassineaboukir) Bug Bounty2022-04-032023-06-13
1667Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline Privilege escalation CI/CD GitHub Noam Dotan Bug Bounty2022-04-042023-06-13
1666Cloud SSRF Exploitation SSRF NA Dan Barros Bug Bounty2022-04-042023-06-13
1665Hacked Nokia With Reflected Cross-site Scripting Vulnerability…. Reflected XSS Nokia Amit Kumar (@Amitlt2) Bug Bounty2022-04-042023-06-13
1664MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639 Local Privilege Escalation Apple Mickey Jin (@patch1t) Bug Bounty2022-04-042023-06-13
1663NoSQL Injection in Plain Sight NoSQL injection NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-04-042023-06-13
1662Spoof as another Facebook user to report an impostor account Spoofing Meta / Facebook Syd Ricafort (@devsyd11) Bug Bounty2022-04-052023-06-13
1661CVE-2021-38159: MOVEit Transfer SQL Injection Analysis SQL injection Palantir Public Tuan Anh Nguyen (@haxor31337) Bug Bounty2022-04-052023-06-13
1660CloudKit Share Records leak the title of private iCloud files IDOR Broken Access Control Apple David Schütz (@xdavidhu) Bug Bounty2022-04-052023-06-13
1659How I hacked one of the biggest airlines group of the world IDOR Account takeover NA Tarek Bouali (@iambouali) Bug Bounty2022-04-052023-06-13
1658Azure Active Directory Exposes Internal Information Information disclosure Microsoft Secureworks Counter Threat Unit (@Secureworks) Bug Bounty2022-04-052023-06-13
1657HTTP Request Smuggling on business.apple.com and Others. HTTP request smuggling Apple Stealthy (@stealthybugs) Bug Bounty2022-04-052023-06-13
1656New npm Flaws Let Attackers Better Target Packages for Account Takeover Information disclosure GitHub Yakir Kadkoda Bug Bounty2022-04-052023-06-13
1655CVE-2021-4119: [Bookstack] Email harvesting via SQL "LIKE" clause exploitation Broken Access Control SQL injection Bookstack Haxatron (@Haxatron1) Bug Bounty2022-04-052023-06-13
1654The Bug That Kept On Giving :: PaymentBypass :: Eposed Return Url Payment bypass Logic flaw NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2022-04-052023-06-13
1653Azure Active Directory Exposes Internal Information Cloud Information disclosure Azure AD Microsoft (Azure) Counter Threat Unit Research Team Bug Bounty2022-04-052023-06-13
1652Watch out the links : Account takeover! Account takeover NA Akash Hamal (@AkashHamal0x01) Bug Bounty2022-04-062023-06-13