Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1286How I earned 500$ by uploading a file: write-up of one of my first bug bounty Unrestricted file upload Semrush Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-08-022023-06-13
1285Multiple bugs in one program leads to 1500€ Privilege escalation IDOR Authorization flaw NA can1337 (@canmustdie) Bug Bounty2022-08-022023-06-13
1284(ZOHO) Manage Engine Desktop Central – SQL Injection / Arbitrary File Write SQL injection Arbitrary file write Path traversal Zoho Tom Ellson (@tde_sec) Bug Bounty2022-08-022023-06-13
1283XSS in Gmail%27s Amp4Email XSS Google Adi "Adico" Cohen (@wir3less2) Bug Bounty2022-08-022023-06-13
1282Elasticsearch A Easy Win For Bug Bounty Hunters || How To Find and Report Information disclosure NA Tamim Hasan (@tamimhasan404) Bug Bounty2022-08-032023-06-13
1281Hijacking email with Cloudflare Email Routing HTTP response manipulation Privilege escalation NA Albert Pedersen (@AlbertSPedersen) Bug Bounty2022-08-032023-06-13
1280Came looking for SSRF and found XSS XSS WAF bypass NA Ibrahim Radi (@ibraradi9) Bug Bounty2022-08-042023-06-13
1279QNAP Poisoned XML Command Injection (Silently Patched) OS command injection RCE QNAP Jake Baines (@Junior_Baines) Bug Bounty2022-08-042023-06-13
1278Symlinks as mount portals: Abusing container mount points on MikroTik%27s RouterOS to gain code execution Container escape Local Privilege Escalation MikroTik nns Bug Bounty2022-08-052023-06-13
1277CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE Local Privilege Escalation VMware Spencer McIntyre (@zeroSteiner) Bug Bounty2022-08-052023-06-13
1276Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI Local Privilege Escalation Cloud Microsoft Nir Ohfeld (@nirohfeld) Bug Bounty2022-08-052023-06-13
1275How i was able to get 29 free products. | Bug Bounty Race condition NA Fırat Bug Bounty2022-08-062023-06-13
1274CVE-2022-29582 - An io_uring vulnerability Memory corruption Google Jayden (@Awarau1) Bug Bounty2022-08-062023-06-13
1273Irremovable guest in facebook event — Facebook bug bounty Logic flaw Meta / Facebook Rajiv Gyawali (@rajiv_gyawali) Bug Bounty2022-08-062023-06-13
1272Liferay revisited: A tale of 20k$ RCE NA VNG Security Response Center (@vngsecresponse) Bug Bounty2022-08-062023-06-13
12712FA Bypass via Google Identity & OAuth Login MFA bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-08-072023-06-13
1270SSD Advisory – Apple Safari ICU Out-Of-Bounds Write Memory corruption Out-of-bounds Write Apple Dohyun Lee (@l33d0hyun) Bug Bounty2022-08-072023-06-13
1269Stored XSS in app.gitbook.com Stored XSS GitBook Mohammad Alfin Hidayatullah (@Alpinbrainsec) Bug Bounty2022-08-082023-06-13
1268From Shodan to RCE: That one time I hacked a Fortune 500 company. Missing authentication Arbitrary file read RCE Exposed Jenkins instance NA vimanari_ (@vimanari_) Bug Bounty2022-08-082023-06-13
1267Simple Open Redirect Bypass. Open redirect NA Harshad Gaikwad (@h4rsh4d) Bug Bounty2022-08-092023-06-13
1266Bypassed Cloudflare’s Web Application Firewall (WAF) XSS HTML injection WAF bypass NA Ansh Vaid (@anshvaid4) Bug Bounty2022-08-092023-06-13
1265Dancing on the architecture of VMware Workspace ONE Access (ENG) Authentication bypass SQL injection RCE VMware Petrus Viet (@VietPetrus) Bug Bounty2022-08-092023-06-13
1264From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager Authentication bypass Information disclosure Local Privilege Escalation VMware Steven Seeley (@steventseeley) Bug Bounty2022-08-092023-06-13
1263Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability OS command injection RCE Cisco Quentin Kaiser (@QKaiser) Bug Bounty2022-08-092023-06-13
1262Security Implications of URL Parsing Differentials Open redirect URL parsing differentials bug URL parsing issue Thomas Chauchefoin (@swapgs) Security Implications of URL Parsing Differentials Bug Bounty2022-08-092023-06-13