Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1596[EN] Privileged account creation via Mass Assignment towards a full compromise using a Stored XSS Stored XSS Mass assignment Security code review pass Culture Aethlios (@AethliosIK) Bug Bounty2022-04-262023-06-13
1595Azure Monitor – Malicious KQL Query Privilege escalation Cloud Microsoft Joosua Santasalo (@SantasaloJoosua) Bug Bounty2022-04-272023-06-13
1594Bypassing WAF for $2222 WAF bypass Path traversal NA Divyansh Sharma Bug Bounty2022-04-272023-06-13
1593Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) SSRF VMware Keiran Sampson (@hpy_downunder) Bug Bounty2022-04-272023-06-13
15922FA Secret value disclosure leads to 2FA Bypass - Bug Bounty Writeup MFA bypass Information disclosure NA Aditya Singh / rook1337 (@imrook1337) Bug Bounty2022-04-282023-06-13
1591Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL Cross-tenant vulnerability Privilege escalation Authentication bypass Cloud Microsoft Shir Tamari (@shirtamari) Bug Bounty2022-04-282023-06-13
1590Contact Point Deanonymization Vulnerability in Meta Information disclosure Meta / Facebook Lokesh Kumar (@lokeshdlk77) Bug Bounty2022-04-282023-06-13
1589Exploitation of an SSRF vulnerability against EC2 IMDSv2 SSRF NA Yassine Aboukir (@Yassineaboukir) Bug Bounty2022-04-282023-06-13
1588Sensitive Data Exfiltration through XSS ($450) Token leak NA Zulfi Al-Farizi Bug Bounty2022-04-302023-06-13
1587Page Admin Disclosure when Posting a Reel Spoofing Meta / Facebook Syd Ricafort (@devsyd11) Bug Bounty2022-04-302023-06-13
1586ATO without any interaction [aws cognito misconfiguration] Account takeover Lack of rate limiting GitHub Shreyaskoli (@SPY8OY) Bug Bounty2022-04-302023-06-13
1585Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks Privilege escalation CI/CD NA Noam Dotan Bug Bounty2022-05-022023-06-13
1584How I got a lousyT-Shirt from the Dutch Government. Old components with known vulnerabilities Dutch Government Mava (@mava656) Bug Bounty2022-05-032023-06-13
1583CVE-2022-25262 | JetBrains Hub single-click SAML response takeover Authorization flaw SAML OAuth JetBrains Yurii Sanin (@SaninYurii) Bug Bounty2022-05-032023-06-13
1582Hacking a Bank by Finding a 0day in DotCMS Directory traversal Unrestricted file upload RCE NA Shubham Shah (@infosec_au) Bug Bounty2022-05-032023-06-13
1581[UNPATCHED] Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloading RCE GitHub Vladimir Metnew (@vladimir_metnew) Bug Bounty2022-05-042023-06-13
1580How i found a vulnerability that leads to access any users’ sensitive data and got $500 Information disclosure Flickr Mr Robert | Ahmed M Hassan (@Mr_Robert20) Bug Bounty2022-05-042023-06-13
1579Business Logic Errors - Art of Testing Cards Payment bypass Logic flaw NA Jerry Shah (@Jerry) Bug Bounty2022-05-042023-06-13
1578Remotely permanent crash any Instagram user via permanent DoS in user DM%27s. DoS Meta / Facebook Naveen (@NaveenHax) Bug Bounty2022-05-042023-06-13
1577Samsung Flow - Any App Can Read The External Storage Android Insecure intent Samsung Ken Gannon (@Yogehi) Bug Bounty2022-05-042023-06-13
1576Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store Android Insecure intent Samsung Ken Gannon (@Yogehi) Bug Bounty2022-05-042023-06-13
1575Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) XSS CSRF Account takeover NA Zulfi Al-Farizi Bug Bounty2022-05-062023-06-13
1574CVE-2022-0540 - Authentication bypass in Seraph Authentication bypass NA Khoa Dinh (@_l0gg) Bug Bounty2022-05-062023-06-13
1573How We hacked (bypassed) Admin Panel just by JS file Information disclosure NA Zhenwar Hawlery (@zhenwarx) Bug Bounty2022-05-062023-06-13
1572Advanced sqlmap Case Study SQL injection NA Peter M (@h1pmnh) Bug Bounty2022-05-062023-06-13