Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4314Setting Up Gitrob and using it to find Leaking Repository of an Employee in a hackerone private program. Information disclosure NA Sahil Tikoo (@viperbluff) Bug Bounty2019-02-092023-06-13
4312Csrf Bypass Using Cross Frame Scripting CSRF NA Mr.Hacker (@mr_hacker0007) Bug Bounty2019-02-102023-06-13
4307Disclose private attachments in Facebook Messenger Infrastructure - 15,000$ IDOR Meta / Facebook Sarmad Hassan (@JubaBaghdad) Bug Bounty2019-02-132023-06-13
4306[SSRF] Server Side Request Forgery in a private Program developers.example.com SSRF NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-142023-06-13
4302Subdomain Takeover via HubSpot Subdomain takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-152023-06-13
4301Bypassing rate limit abusing misconfiguration rules Rate limiting bypass NA Daniel V. (@d4niel_v) Bug Bounty2019-02-152023-06-13
4299Subdomain Takeover via Wufoo Service in a Private Program Subdomain takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-162023-06-13
42942 Subdomains Takeover via Unbounce in a Private Program Subdomain takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-182023-06-13
4285Swiss_E-Voting_Publications XSS XXE RCE Missing authentication Authentication flaw Hardcoded credentials Swiss E-Voting setuid0 (@_setuid0_) Bug Bounty2019-02-212023-06-13
4283Subdomain Misconfiguration lead to AWS S3 Buckets Reader Subdomain takeover NA Mohamed Haron (@m7mdharon) Bug Bounty2019-02-222023-06-13
4282Download any organisation Data — S3 amazonaws Misconfiguration Authorization flaw NA Chand Singh (@Chand_42) Bug Bounty2019-02-222023-06-13
4281Bug Bounty 101 — Always Check The Source Code Lack of rate limiting Information disclosure NA Spazzy Bug Bounty2019-02-232023-06-13
4280Chain of hacks leading to Database Compromise! LFI SSRF NA Avinash Jain (@logicbomb_1) Bug Bounty2019-02-232023-06-13
4278Web Cache Deception Attack leads to user info disclosure Web cache deception Information disclosure NA Kunal pandey (@kunalp94) Bug Bounty2019-02-252023-06-13
4273Bypassing a restrictive JS sandbox JS sandbox breakout RCE NA Licencia para Hackear Bug Bounty2019-03-012023-06-13
4270Auditing GitHub Repo Wikis for Fun and Profit Misconfigured Github wiki NA Smeege (@SmeegeSec) Bug Bounty2019-03-042023-06-13
4268Fixed : Brute-force Instagram account’s passwords Bruteforce Rate limiting bypass Meta / Facebook Sameer Rao Bug Bounty2019-03-052023-06-13
4264Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack Side-channel attack Cross-Site Frame Leakage (CSFL) Meta / Facebook Ron Masas (@RonMasas) Bug Bounty2019-03-072023-06-13
4262Account Takeover Using Cross-Site WebSocket Hijacking (CSWH) Cross-Site WebSocket Hijacking (CSWH) Account takeover NA Sharan Panegav (@PanegavSharan) Bug Bounty2019-03-092023-06-13
4261SQL injection for $50 bounty, but still worth reading!! SQL injection NA Ronaldo Messi Bug Bounty2019-03-102023-06-13
4258Escalating SSRF to RCE SSRF RCE NA Youssef A. Mohamed (@GeneralEG64) Bug Bounty2019-03-252023-06-13
4257Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack. CSRF Bruteforce NA Armaan Pathan (@armaancrockroax) Bug Bounty2019-03-122023-06-13
4256How I found Blind XSS Vulnerability in redacted.com Blind XSS NA ssid (@newp_th) Bug Bounty2019-03-122023-06-13
4255Hack Your Form-New vector for Blind XSS Blind XSS Stored XSS NA Youssef A. Mohamed (@GeneralEG64) Bug Bounty2019-03-132023-06-13
4250User Account Takeover [Password Change]— Nice Catch! Account takeover Password reset NA Rohit kumar (@rohitcoder) Bug Bounty2019-03-142023-06-13