Write-ups

Check The Published Writeups

WDBTitleTagsProgramsAuthorsTypePublicationAdded
1571Cloudflare Pages, part 1: The fellowship of the secret Command injection Container escape Bash Path injection RCE Local Privilege Escalation Information disclosure Cloudflare Sean Yeoh (@seanyeoh) Bug Bounty2022-05-062023-06-13
1570The $16,000 Dev Mistake Information disclosure NA Daniel Marte (@Masonhck3571) Bug Bounty2022-05-072023-06-13
1569Its all about 2fa bypass, or Account Takeover Password reset Account takeover OTP bypass NA anjaneyulu kanakatla Bug Bounty2022-05-082023-06-13
1568P1 Bug — PII information disclosure Information disclosure IDOR NA Huntersherlock Bug Bounty2022-05-082023-06-13
1567How I Paid For My Holiday With Bug Bounty XSS Broken Access Control IDOR Unrestricted file upload NA Tobydavenn Bug Bounty2022-05-082023-06-13
1566Can analyzing javascript files lead to remote code execution? Unrestricted file upload RCE NA Asem Eleraky (@melotover) Bug Bounty2022-05-082023-06-13
1565Account verification code bypass lead to a $4000 bounty OTP bypass NA Mohsin Khan (@tabaahi_) Bug Bounty2022-05-082023-06-13
1564RCE via Dependency Confusion Dependency confusion NA Samrat Gupta (@Sm4rty_) Bug Bounty2022-05-102023-06-13
1563ResolveURI RXSS Imperva Waf Bypass XSS NA Ahsan Shahid (@hunter0x8) Bug Bounty2022-05-102023-06-13
1562The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… CSS injection Clickjacking Account takeover XSS Cookie bomb Self-XSS CSRF NA Renwa (@RenwaX23) Bug Bounty2022-05-102023-06-13
1561Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923) Active Directory Privilege Escalation Microsoft Oliver Lyak (@ly4k_) Bug Bounty2022-05-102023-06-13
1560Diving Into Pre-created Computer Accounts Active Directory Local Privilege Escalation Windows NA Oddvar Moe (@Oddvarmoe) Bug Bounty2022-05-102023-06-13
1559Spoofing SaaS Vanity URLs for Social Engineering Attacks URL spoofing Box Zoom Google Tal Peleg Bug Bounty2022-05-112023-06-13
1558Takeover seller accounts worth billions & millions IDOR Account takeover NA Bijan Murmu (@0xBijan) Bug Bounty2022-05-122023-06-13
1557New Wine in Old Bottle - Microsoft Sharepoint Post-Auth Deserialization RCE (CVE-2022-29108) Insecure deserialization RCE Microsoft Nguyễn Tiến Giang (@testanull) Bug Bounty2022-05-122023-06-13
1556Forging OAuth tokens using discovered client id and client secret Information disclosure Account takeover NA Basyouni (@AshrafBasyoni4) Bug Bounty2022-05-122023-06-13
1555From android app to access admin dashboard Exposed registration page Account takeover NA Oday Alhalabi (@OdayAlhalabi) Bug Bounty2022-05-132023-06-13
1554My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information%27s & In Some cases Passwords At More Than 1000 Companies Exposed registration page NA Orwa Atyat (@GodfatherOrwa) Bug Bounty2022-05-142023-06-13
1552Impact of an Insecure DeepLink Insecure deeplink Android CafeBazaar Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2022-05-162023-06-13
1551Hacking Swagger-UI - from XSS to account takeovers DOM XSS Account takeover Shopify Paypal GitLab Atlassian Yahoo! / Verizon Media Microsoft Jamf Dawid Moczadło (@kannthu1) Bug Bounty2022-05-162023-06-13
1550Bypassing WAF to Weaponize a Stored XSS Stored XSS NA ne555 Bug Bounty2022-05-172023-06-13
1549Stealing Google Drive OAuth tokens from Dropbox CSRF SSRF Account takeover Dropbox Sivanesh Ashok (@sivaneshashok) Bug Bounty2022-05-172023-06-13
1548Kubernetes Privilege Escalation: Excessive Permissions in Popular Platforms Privilege escalation Broken Access Control Kubernetes Google AWS Microsoft Red Hat Yuval Avrahami (@yuval_avrahami) Bug Bounty2022-05-172023-06-13
1547Vulnerability in Huawei%27s AppGallery can download paid apps for free Payment bypass Logic flaw Huawei Dylan Roussel (@evowizz) Bug Bounty2022-05-182023-06-13
1546Variant Cloud Analysis Default credentials NA jspin (@jespinhara) Bug Bounty2022-05-182023-06-13