Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1365Exploiting Arbitrary Object Instantiations in PHP without Custom Classes RCE Arbitrary Object Instantiation Bruteforce LDAP injection NA Arseniy Sharoglazov (@_mohemiv) Bug Bounty2022-07-142023-06-13
1364How I spammed a Google meet (But for good) DoS Google Shaunak (SHA25) Bug Bounty2022-07-152023-06-13
1362Exploiting Arbitrary Object Instantiations in PHP without Custom Classes Lack of rate limiting Privilege escalation IDOR Account takeover NA Muhammad Talha / evilmango Bug Bounty2022-07-152023-06-13
1361Good Recon Leads To Senssitive Accounts Information disclosure Username enumeration NA Milanjain Bug Bounty2022-07-152023-06-13
1360Ability to login as google staff in Google Cloud Community Privilege escalation Google Gaurav Bhatia Bug Bounty2022-07-152023-06-13
1359Authorization token leak from verify email endpoint Account takeover Information disclosure NA Vengeance Bug Bounty2022-07-162023-06-13
1358First Bug Bounty from DOS: Taking the service down DoS NA Faique (@imfaiqu3) Bug Bounty2022-07-162023-06-13
1357Business logic error Logic flaw NA anjaneyulu kanakatla Bug Bounty2022-07-162023-06-13
1356Subdomain takeover and Text injection on a 404 error page-$100 bounty Subdomain takeover NA Jeewan Bhatta (@thenullkid) Bug Bounty2022-07-162023-06-13
1355CRLF to Account takeover (chaining bugs) CRLF injection XSS Account takeover NA MoSec (@moe1n1) Bug Bounty2022-07-162023-06-13
1354Going beyond Alert with XSS XSS Account takeover NA pipsh Bug Bounty2022-07-162023-06-13
1353A Story Of My First Bug Bounty Information disclosure NA Raj Qureshi (@RajQureshi9) Bug Bounty2022-07-172023-06-13
1352FFUF-ing RECON, or how to get to P1–P3 from a slightly different recon vHost misconfiguration 403 bypass Information disclosure NA Vuk Ivanovic Bug Bounty2022-07-172023-06-13
1351CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to Jellyfin Broken Access Control XSS jellyfin Dan Barros Bug Bounty2022-07-182023-06-13
1350Good things takes time | Story of my first “valid” critical bug! Missing authentication Exposed administrative interface NA Kr1shna 4garwal (@Kr1shna4garwal) Bug Bounty2022-07-182023-06-13
1349Hey Google Lets submit bug from Victim Account ! IDOR Google Prasanth Elangovan Bug Bounty2022-07-182023-06-13
1348Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages Payment bypass Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2022-07-182023-06-13
1347MyBB 0day Authenticated Remote code execution RCE Argument injection MyBB Anna / 416e6e61 (@AnnaViolet20) Bug Bounty2022-07-192023-06-13
1346Authomize Discovers PassBleed Password Stealing and Impersonation Risks in Okta Sensitive data sent over an unencrypted channel Authorization flaw Information disclosure Okta Authomize (@Authomize) Bug Bounty2022-07-192023-06-13
1345Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass Local Privilege Escalation OPC Foundation Sector 7 (@sector7_nl) Bug Bounty2022-07-192023-06-13
1344How i was able to bypass Open Redirect 3 times on same program. Open redirect NA himanshu pdy (@himanshu_pdy) Bug Bounty2022-07-192023-06-13
1343Logging Passwords in Plaintext in Azure Arc Information disclosure Local Privilege Escalation Cloud Microsoft Jimi Sebree (@DinoBytes) Bug Bounty2022-07-192023-06-13
1342SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE Insecure deserialization RCE Microsoft Alex Birnberg (@alexbirnberg) Bug Bounty2022-07-192023-06-13
1341CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation Local Privilege Escalation Zyxel Jake Baines (@Junior_Baines) Bug Bounty2022-07-192023-06-13
1340Local File Inclusion (interesting method) LFI NA Captain hook Bug Bounty2022-07-192023-06-13