Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1558Takeover seller accounts worth billions & millions IDOR Account takeover NA Bijan Murmu (@0xBijan) Bug Bounty2022-05-122023-06-13
1556Forging OAuth tokens using discovered client id and client secret Information disclosure Account takeover NA Basyouni (@AshrafBasyoni4) Bug Bounty2022-05-122023-06-13
1555From android app to access admin dashboard Exposed registration page Account takeover NA Oday Alhalabi (@OdayAlhalabi) Bug Bounty2022-05-132023-06-13
1551Hacking Swagger-UI - from XSS to account takeovers DOM XSS Account takeover Shopify Paypal GitLab Atlassian Yahoo! / Verizon Media Microsoft Jamf Dawid Moczadło (@kannthu1) Bug Bounty2022-05-162023-06-13
1549Stealing Google Drive OAuth tokens from Dropbox CSRF SSRF Account takeover Dropbox Sivanesh Ashok (@sivaneshashok) Bug Bounty2022-05-172023-06-13
1542From Wayback to Account Takeover Information disclosure Account takeover Plex Mohamed Taha (@Mohamed12742780) Bug Bounty2022-05-192023-06-13
1537Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web Account takeover Pre-hijacking attack Dropbox Meta / Facebook LinkedIn WordPress Zoom Avinash Sudhodanan (@sudoavi) Bug Bounty2022-05-202023-06-13
1519How an Open Redirection Leads to an Account Takeover? Open redirect Account takeover NA Mahendra Purbia (@Mah3Sec_) Bug Bounty2022-05-262023-06-13
1512Exploiting iOS app for fun and profit Account takeover Information disclosure NA Bijan Murmu (@0xbijan) Bug Bounty2022-05-292023-06-13
1491Account Takeover by Chaining Two IDORs IDOR Account takeover NA Demon (@R29k_) Bug Bounty2022-06-082023-06-13
1472500$ Account Takeover Account takeover Information disclosure HTTP response manipulation Xsolla Hemant Kumar Bug Bounty2022-06-142023-06-13
1454CSRF leads to account takeover in Yahoo! CSRF Account takeover Yahoo! / Verizon Media Retr02332 (@Retr02332) Bug Bounty2022-06-162023-06-13
1450How I hacked one of the biggest Airline in the world IDOR Account takeover Authorization flaw NA Dali Jandro (@Sazouki_) Bug Bounty2022-06-182023-06-13
1448Account Takeover by OTP bypass Information disclosure Client-side enforcement of server-side security OTP bypass Account takeover NA Vaibhav Kumar Srivastava Bug Bounty2022-06-192023-06-13
1442Exploiting vulnerabilities in iOS Application IDOR Bruteforce Lack of rate limiting Account takeover iOS NA Raj Singh Chauhan (@raj_singh_ch) Bug Bounty2022-06-222023-06-13
1405Admin account takeover via weird Password Reset Functionality Account takeover Authentication bypass Password reset NA Mahmoud Youssef (@0xmahmoudjo0) Bug Bounty2022-07-022023-06-13
1402($$$) Origin ip to account takeover WAF bypass Password reset Host header injection Account takeover NA Hemant Kumar Bug Bounty2022-07-022023-06-13
1398Exposing Millions of Voter ID card users’ details. IDOR OTP bypass Account takeover Logic flaw CERT-In Aziz Al Aman (@nxtexploit) Bug Bounty2022-07-062023-06-13
1395Account hijacking using "dirty dancing" in sign-in OAuth-flows OAuth Account takeover NA Frans Rosén (@fransrosen) Bug Bounty2022-07-072023-06-13
1390Account Takeover via Response Manipulation Authentication bypass Account takeover MFA bypass HTTP response manipulation NA BUG HUNTER Bug Bounty2022-07-082023-06-13
1385Exploiting SQL Injection at Authorization token SQL injection Account takeover NA Basudev Bug Bounty2022-07-092023-06-13
1367Abusing URL Shortners for fun and profit Information disclosure Account takeover IDOR NA Sicksec (@OriginalSicksec) Bug Bounty2022-07-142023-06-13
1362Exploiting Arbitrary Object Instantiations in PHP without Custom Classes Lack of rate limiting Privilege escalation IDOR Account takeover NA Muhammad Talha / evilmango Bug Bounty2022-07-152023-06-13
1359Authorization token leak from verify email endpoint Account takeover Information disclosure NA Vengeance Bug Bounty2022-07-162023-06-13
1355CRLF to Account takeover (chaining bugs) CRLF injection XSS Account takeover NA MoSec (@moe1n1) Bug Bounty2022-07-162023-06-13