Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1651SSRF and Account Takeover via XSS in ERPNext (0-day) SSRF XSS Account takeover ERPNext huli (@aszx87410) Bug Bounty2022-04-062023-06-13
1650How i got access to 1600k Users PII Data $$$$ Information disclosure NA Gokul AP (@CodingGokul) Bug Bounty2022-04-062023-06-13
1649Multiple vulnerability leading to account takeover in TikTok SMB subdomain. IDOR TikTok Ahmad A Abdulla (@lu3ky13) Bug Bounty2022-04-072023-06-13
1648Meta%27s SparkAR RCE Via ZIP Path Traversal RCE Path traversal Meta / Facebook Fady Othman (@Fady_Othman) Bug Bounty2022-04-072023-06-13
1647How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty SQL injection NA Vishal Saini (@k4k4r07) Bug Bounty2022-04-082023-06-13
1646MSRC – Joint security research write up – Azure AD Consent bypass disclosure with Kim Jamia – Q1/2022 Authorization flaw Microsoft Joosua Santasalo (@SantasaloJoosua) Bug Bounty2022-04-092023-06-13
1645Securing Easy Appointments and earning CVE-2022-0482 Broken Access Control Easy!Appointments Francesco Carlucci (@francecarlucci) Bug Bounty2022-04-092023-06-13
1644XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain XSS HTML injection Huawei Ahmed Hassan Bug Bounty2022-04-102023-06-13
1642The #100DaysOfHacking Challenge : A Game Changer for Me IDOR NA Najam Ul Saqib (@NjmUlSqb) Bug Bounty2022-04-102023-06-13
1640SVG SSRFs and saga of bypasses SSRF HTML injection NA Preetham Bomma (@cyber01_) Bug Bounty2022-04-112023-06-13
1639AWS RDS Vulnerability Leads to AWS Internal Service Credentials LFI AWS Gafnit Amiga (@gafnitav) Bug Bounty2022-04-112023-06-13
1638NotGitBleed Information disclosure GitHub Aaron Devaney Bug Bounty2022-04-112023-06-13
1637Broken session control leads to access the admin panel even after revoking the access!! — #ZOHO Broken Access Control Zoho Naveenroy Bug Bounty2022-04-122023-06-13
1636XSS - The LocalStorage Robbery XSS NA Jerry Shah (@Jerry) Bug Bounty2022-04-122023-06-13
1635CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed) Local Privilege Escalation Microsoft Jacob Baines (@Junior_Baines) Bug Bounty2022-04-122023-06-13
1634IDOR (Insecure Direct Object Reference) leads to listing all valid Users and edit their Profiles IDOR Drexel University Ahmed Hassan Bug Bounty2022-04-122023-06-13
1633CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client Local Privilege Escalation AWS Rhino Security Labs (@RhinoSecurity) Bug Bounty2022-04-122023-06-13
1632Bypass Apple Corp SSO on Apple Admin Panel Path traversal Apple Stealthy (@stealthybugs) Bug Bounty2022-04-122023-06-13
1631Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities DoS Memory corruption Microsoft Kasif Dekel (@kasifdekel) Bug Bounty2022-04-132023-06-13
1630Threat Evasion for aws:multifactorAuthPresent condition using Cloudshell MFA bypass AWS Falcnix (@falcnix) Bug Bounty2022-04-132023-06-13
1628MY First Bug In Hackerone Information disclosure NA anjaneyulu kanakatla Bug Bounty2022-04-142023-06-13
1627Bypass Rate Limit — A blank space leads to this random encounter! Password reset Rate limiting bypass NA Roxst4r (@mveswar98) Bug Bounty2022-04-142023-06-13
1626Blinding Snort: Breaking The Modbus OT Preprocessor Memory corruption Cisco Claroty%27s Team82 (@Claroty) Bug Bounty2022-04-142023-06-13
1625Abusing Azure Hybrid Workers for Privilege Escalation – Part 2: An Azure PrivSec Story Privilege escalation Microsoft Josh Magri (@passthehashbrwn) Bug Bounty2022-04-142023-06-13
1624United Nations bug bounty[writeup] Information disclosure United Nations Debprasad Banerjee Bug Bounty2022-04-142023-06-13