Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1417Unrar Path Traversal Vulnerability affects Zimbra Mail Path traversal Arbitrary file write RCE Zimbra Sonar (@SonarSource) Bug Bounty2022-06-282023-06-13
1416Pwning ManageEngine — From PoC to Exploit: A deep dive into CVE-2020–11531 and CVE-2020–11532 Path traversal RCE Authentication bypass Zoho Erik Wynter (@WynterErik) Bug Bounty2022-06-282023-06-13
1415The Army Of The Headless Browsers DDoS Logic flaw Meta / Facebook Komodo Cyber Consulting (@Komodosec) Bug Bounty2022-06-292023-06-13
1414[BugBounty] how do I get a premium tier account without paying a penny Mass assignment Payment bypass NA Marzuki (@aizack_ma) Bug Bounty2022-06-292023-06-13
1413My First Apple Bug And My First Writeup IDOR Email verification bypass Apple Banavath Aravind (@nanicyb) Bug Bounty2022-06-292023-06-13
1412XSS Blind Stored at 2 Assets TikTok XSS TikTok Aidil Arief Bug Bounty2022-06-292023-06-13
1411CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus XXE SSRF RCE Zoho Naveen Sunkavally Bug Bounty2022-06-292023-06-13
1410Bypassing Firefox%27s HTML Sanitizer API XSS Mozilla Gareth Heyes (@garethheyes) Bug Bounty2022-06-292023-06-13
1409Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908) RCE XSS Microsoft s1r1us (@s1r1u5_) Bug Bounty2022-06-292023-06-13
1408Facebook Portal’s business logic error lead to 500$ Logic flaw Authorization flaw Meta / Facebook unurbayar amarsaikhan (@0xunuruu) Bug Bounty2022-06-302023-06-13
1407Two faces of a same PDF document PDF parser differential attack Mozilla Google Adobe Toni Huttunen Bug Bounty2022-07-012023-06-13
1406Get root on macOS 12.3.1: proof-of-concepts for Linus Henze%27s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) Signature validation bypass Memory corruption Local Privilege Escalation MacOS Apple Zhuowei Zhang (@zhuowei) Bug Bounty2022-07-022023-06-13
1405Admin account takeover via weird Password Reset Functionality Account takeover Authentication bypass Password reset NA Mahmoud Youssef (@0xmahmoudjo0) Bug Bounty2022-07-022023-06-13
1404A swag for a Open Redirect — Google Dork — Bug Bounty Open redirect NA Proviesec (@proviesec) Bug Bounty2022-07-022023-06-13
1403Vertical Privilege Escalation: The user can takeover an admin account via response manipulation Privilege escalation HTTP response manipulation NA Jan Muhammad Zaidi (@hasanakajan) Bug Bounty2022-07-022023-06-13
1402($$$) Origin ip to account takeover WAF bypass Password reset Host header injection Account takeover NA Hemant Kumar Bug Bounty2022-07-022023-06-13
1401Penetration Testing Firebase Web Applications Firebase Information disclosure NA Bhashit Pandya (@x30r_) Bug Bounty2022-07-032023-06-13
1400We Hacked Larksuite For 1 month and Here is what we found XSS IDOR Privilege escalation Broken Access Control CSRF 40x bypass Lark Technologies Snap Sec (@snap_sec) Bug Bounty2022-07-042023-06-13
1399Rediscovering Epic Games 0-Days (Forever Unpatched?) Local Privilege Escalation Epic Games Christopher Vella (@Kharosx0) Bug Bounty2022-07-062023-06-13
1398Exposing Millions of Voter ID card users’ details. IDOR OTP bypass Account takeover Logic flaw CERT-In Aziz Al Aman (@nxtexploit) Bug Bounty2022-07-062023-06-13
1397How I found Open redirect on Bug crowd public program in 2 day Open redirect NA Ittipatjitrada (@IttipatJitrada) Bug Bounty2022-07-062023-06-13
1396CVE-2022-34265 SQL injection Django Takuto Yoshikai (@TakutoYoshikai) Bug Bounty2022-07-072023-06-13
1395Account hijacking using "dirty dancing" in sign-in OAuth-flows OAuth Account takeover NA Frans Rosén (@fransrosen) Bug Bounty2022-07-072023-06-13
1394Interesting Privilege Escalation In an Old Private Program Privilege escalation NA Zunaid Mahmud (@SZ_Mahmud_7) Bug Bounty2022-07-072023-06-13
1393How I find open redirect in Facebook Open redirect Brave Software Abhinav Kumar (@abhinavsecond) Bug Bounty2022-07-072023-06-13