Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4915How I was able to takeover Facebook account Authentication bypass Meta / Facebook Ameer Hamza Bug Bounty2017-12-102023-06-13
4914Don%27t Trust the Host Header for Sending Password Reset Emails Password reset Account takeover Mavenlink Jack Cable (@jackhcable) Bug Bounty2017-12-132023-06-13
4913Hacking the Hackers: Leveraging an SSRF in HackerTarget SSRF HackerTarget Corben Leo (@hacker_) Bug Bounty2017-12-172023-06-13
4912LFI to 10 servers pwn LFI RCE NA Nirmal Dahal (@TheNittam) Bug Bounty2017-12-192023-06-13
4911Unrestricted File Upload to RCE | Bug Bounty POC RCE Meta / Facebook Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2017-12-192023-06-13
4910P4 to P2 - The story of one blind SSRF Blind SSRF NA Mikhail Klyuchnikov (@__Mn1__) Bug Bounty2017-12-192023-06-13
4909Account Takeover Due to Misconfigured Login with Facebook/Google Account takeover Authorization flaw Google Meta / Facebook Bhavuk Jain (@bhavukjain1) Bug Bounty2017-12-202023-06-13
4908Microsoft SharePoint%27s %27Follow%27 Feature XSS (CVE-2017–8514) -Adesh Kolte XSS Microsoft Adesh Nandkishor kolte (@AdeshKolte) Bug Bounty2017-12-212023-06-13
4907Jumping to the hell with 10 attempts to bypass devil%27s WAF XSS NA Ak1T4 (@akita_zen) Bug Bounty2017-12-272023-06-13
4906How I found SSRF on TheFacebook.com SSRF Meta / Facebook Thunder Bug Bounty2017-12-272023-06-13
4905Stealing $10,000 Yahoo Cookies! CORS misconfiguration Yahoo! / Verizon Media Tabahi (@_tabahi) Bug Bounty2017-12-302023-06-13
4904Abusing internal API to achieve IDOR in New Relic IDOR New Relic Jon Bottarini (@jon_bottarini) Bug Bounty2018-01-022023-06-13
4903Facebook chat / dashboard content injection Content injection Meta / Facebook void (@voidz0r) Bug Bounty2018-01-032023-06-13
4902Content Injection in DuoLingo’s TinyCards App for Android [CVE-2017-16905] Content injection DuoLingo Nightwatch Cybersecurity (@nightwatchcyber) Bug Bounty2018-01-042023-06-13
4901"F**k you Thomas" - ToyTalk bug bounty writeup Authentication bypass HTML injection ToyTalk Jahmel Harris Bug Bounty2018-01-042023-06-13
4900Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1) IDOR NA Mohammed Abdul Raheem (@mohdaltaf163) Bug Bounty2018-01-042023-06-13
4899RCE Vulnerabilite in Yahoo Subdomain! ( Yahoo! RCE via Spring Engine SSTI ) By tghawkins RCE Yahoo! / Verizon Media Mohamed Haron (@m7mdharon) Bug Bounty2018-01-052023-06-13
4898#BugBounty — How I was able to read chat of users in an Online travel portal IDOR NA Avinash Jain (@logicbomb_1) Bug Bounty2018-01-102023-06-13
4897Chaining Bugs to Steal Yahoo Contacts! CORS misconfiguration XSS Yahoo! / Verizon Media Corben Leo (@hacker_) Bug Bounty2018-01-112023-06-13
4896#BugBounty — How I was able to delete anyone’s account in an Online Car Rental Company CSRF Parameter tampering NA Avinash Jain (@logicbomb_1) Bug Bounty2018-01-142023-06-13
4895Hacking Facebook accounts using CSRF in Oculus-Facebook integration CSRF Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2018-01-152023-06-13
4893#BugBounty — AWS S3 added to my “Bucket” list! AWS misconfiguration NA Avinash Jain (@logicbomb_1) Bug Bounty2018-01-162023-06-13
4892Reflected XSS via AngularJS Template Injection Reflected XSS CSTI Hostinger Taha Ibrahim Draidia Bug Bounty2018-01-172023-06-13
4891$1800 in less than an hour. CSRF XSS Indeed yappare (@yappare) Bug Bounty2018-01-172023-06-13
4890My Research on Misconfigured Jenkins Servers Information disclosure Missing authentication Exposed Jenkins instance Google Tesco Pearson News Uk Mikail Tunç (@emtunc) Bug Bounty2018-01-182023-06-13