Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2119Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD Broken authentication Authentication flaw GoCD Sonar (@SonarSource) Bug Bounty2021-10-272023-06-13
2110How I found Command Injection via Obsolete PHPThumb OS command injection RCE NA Sushant Kamble Bug Bounty2021-10-302023-06-13
2106Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 RCE Insecure deserialization Security code review Sitecore Shubham Shah (@infosec_au) Bug Bounty2021-11-012023-06-13
2105A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions Local Privilege Escalation MacOS Apple Perception Point (@PerceptionPo1nt) Bug Bounty2021-11-032023-06-13
2102Multiple Concrete CMS Vulnerabilities ( Part1 – RCE ) RCE Race condition Concrete CMS FORTBRIDGE (@FORTBRIDGE1) Bug Bounty2021-11-052023-06-13
2089Unrestricted File Upload Leads to SSRF and RCE ImageTragick Unrestricted file upload SSRF RCE NA Muhammad Adel (@ItsFadinG_) Bug Bounty2021-11-112023-06-13
2073Diving into Open-source LMS Codebases Insecure file upload Insecure deserialization RCE CSRF SQL injection Reflected XSS Moodle Chamilo LMS Poh Jia Hao (@Chocologicall) Bug Bounty2021-11-162023-06-13
2065A Story of an Epic Blind Remote Code Execution(RCE) RCE OS command injection NA Akash Solanki (@MAALP1225) Bug Bounty2021-11-182023-06-13
2059[BugBounty] XSS with Markdown — Exploit & Fix on OpenSource XSS NA Lê Thành Phúc Bug Bounty2021-11-222023-06-13
2041This Microsoft Windows RCE Vulnerability Gives an Attacker Complete Control Memory corruption Microsoft Malcolm Stagg (@malcolmst) Bug Bounty2021-11-302023-06-13
2040NodeBB 1.18.4 - Remote Code Execution With One Shot RCE XSS Authentication bypass Arbitrary file read NodeBB Sonar (@SonarSource) Bug Bounty2021-11-302023-06-13
2030AWS SageMaker Jupyter Notebook Instance Takeover Self-XSS CSRF RCE AWS Gafnit Amiga (@gafnitav) Bug Bounty2021-12-022023-06-13
2024How I managed to hack User accounts of a billion-dollar sport platform OTP bypass Bruteforce Lack of rate limiting NA Vishnuraj Bug Bounty2021-12-042023-06-13
2019Hacking into Admin Panel of U.S Federal government system C.A.R.S — without credentials. Client-side enforcement of server-side security Privilege escalation U.S. General Services Administration Hazem Brini (@ImJungsuu) Bug Bounty2021-12-072023-06-13
2017Windows 10 RCE: The exploit is in the link RCE Microsoft Fabian Bräunlein Bug Bounty2021-12-072023-06-13
2009File Upload to RCE Unrestricted file upload NA Ahmed Magdy (@8Ahmed88Magdy8) Bug Bounty2021-12-092023-06-13
2008A phishing document signed by Microsoft – part 1 Phishing RCE Microsoft Pieter Ceelen (@ptrpieter) Bug Bounty2021-12-092023-06-13
1992Exploitation Of CVE-2021-21220 – From Incorrect JIT Behavior To RCE Browser hacking Memory corruption RCE Google Microsoft Bruno Keith (@bkth_) Bug Bounty2021-12-162023-06-13
1986RCE in Visual Studio Code%27s Remote WSL for Fun and Negative Profit RCE Microsoft Parsia Hackerman (@cryptogangsta) Bug Bounty2021-12-202023-06-13
1983How I earned $$$ by bypassing 2FA MFA bypass Forced browsing NA Mohamed Taha (@Mohamed12742780) Bug Bounty2021-12-212023-06-13
1982SSD Advisory – Rocket.Chat Client-side Remote Code Execution RCE MacOS Rocket.Chat - Bug Bounty2021-12-212023-06-13
1980NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories Security misconfiguration .git folder disclosure Microsoft Wiz (@wiz_io) Bug Bounty2021-12-212023-06-13
1968Bi/ug Bounties and HyperV RCE Research RCE Microsoft Hyper-V Peter Hlavaty (@rezer0dai) Bug Bounty2021-12-272023-06-13
1966Bounty Evaluation GitHub = $15,000 US Dollars | Rate Limit Bruteforce Email verification bypass Account takeover GitHub Taniya Agarwal Bug Bounty2021-12-282023-06-13
1964Remote Code Execution in Google Cloud Dataflow RCE Google Mike Brancato (@meatballninja) Bug Bounty2021-12-282023-06-13