Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1545A Tale of Confusing IDOR IDOR TikTok Avi (@_naaash_) Bug Bounty2022-05-182023-06-13
1544Exploiting an Unbounded memcpy in Parallels Desktop: A Pwn2Own 2021 Guest-to-Host Virtualization Escape Memory corruption Parallels RET2 Systems (@ret2systems) Bug Bounty2022-05-192023-06-13
1543CVE-2022-21404: Another Story Of Developers Fixing Vulnerabilities Unknowingly Because Of CodeQL Insecure deserialization Oracle Paulino Calderon (@calderpwn) Bug Bounty2022-05-192023-06-13
1542From Wayback to Account Takeover Information disclosure Account takeover Plex Mohamed Taha (@Mohamed12742780) Bug Bounty2022-05-192023-06-13
1541How I was able to access IBM internal documents Information disclosure IDOR IBM Mohamed Taha (@Mohamed12742780) Bug Bounty2022-05-192023-06-13
1540Gaining access through error-based SQLi using WebSockets SQL injection Websockets Password reset NA Bitcrack (@bitcrack_cyber) Bug Bounty2022-01-122023-06-13
1539Research: Auditing WordPress Plugins SQL injection LFI XSS RCE NA cy//ective (@cyllective) Bug Bounty2022-05-202023-06-13
1538Leaking Your GitHub Repositories With Snyk Code Path traversal Broken Access Control NA Ron Masas (@RonMasas) Bug Bounty2022-05-202023-06-13
1537Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web Account takeover Pre-hijacking attack Dropbox Meta / Facebook LinkedIn WordPress Zoom Avinash Sudhodanan (@sudoavi) Bug Bounty2022-05-202023-06-13
1536I Obtained ADMIN access via the Account Activation link [In 30 seconds] Privilege escalation Amazon cognito misconfiguration NA popalltheshells Bug Bounty2022-05-202023-06-13
1535PayPal IDOR via billing Agreement Token (closed Informative, payment fraud) IDOR Paypal Souhaib Naceri (@h4x0r_dz) Bug Bounty2022-05-212023-06-13
1534How I was able to down a service of Microsoft ? Denial of Service (DOS) Attack on Microsoft. DoS Microsoft Harsh Banshpal (@harshbanshpal) Bug Bounty2022-05-212023-06-13
1533A business Logic issue worth $1500 Logic flaw NA Mohsin Khan (@tabaahi_) Bug Bounty2022-05-212023-06-13
1532Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click Clickjacking Paypal Souhaib Naceri (@h4x0r_dz) Bug Bounty2022-05-222023-06-13
15312FA Bypass on private bug bounty program due to CSRF token misconfiguration MFA bypass NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-05-222023-06-13
15302FA Bypass on private bug bounty program due to improper caching mechanism MFA bypass NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-05-222023-06-13
1529Finding vulnerabilities in Swiss Post%27s future e-voting system - Part 2 Insecure deserialization Cryptographic issues NA Ruben Santamarta (@reversemode) Bug Bounty2022-05-222023-06-13
1528Breaking Reverse Proxy Parser Logic Path traversal NA Blake Jacobs (@z0idsec) Bug Bounty2022-05-222023-06-13
1526CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED) Local Privilege Escalation VMware Jacob Baines (@Junior_Baines) Bug Bounty2022-05-242023-06-13
1525Spoofing Microsoft 365 Like It’s 1995 Spoofing Phishing Microsoft Steve Borosh (@424f424f) Bug Bounty2022-05-242023-06-13
1524How I Found a company’s internal S3 Bucket with 41k Files AWS misconfiguration NA Tarun Koyalwar (@KoyalwarTarun) Bug Bounty2022-05-242023-06-13
1523How I made it into the United Nations hall of fame as I slept XSS United Nations Vikaran (@vikaran101) Bug Bounty2022-05-252023-06-13
1522The Printer Goes BRRRRR!!! Memory corruption HP Lexmark Canon Mehdi Talbi (@abu_y0ussef) Bug Bounty2022-05-252023-06-13
1521Hijacking Over 100k GoDaddy Websites Subdomain takeover GoDaddy Jonathan Cran (@jcran) Bug Bounty2022-05-252023-06-13
15202nd RCE and XSS in Apache Struts before 2.5.30 RCE Double OGNL evaluation XSS Apache Struts Chris (@mc_0wn) Bug Bounty2022-05-252023-06-13