Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
954Google SSO misconfiguration leading to Account Takeover Authentication bypass Account takeover SSO NA 0x4KD (@0x4kd) Bug Bounty2022-10-142023-06-13
909Support supports a Hacker Social engineering Spoofing Authorization flaw Account takeover NA mechboy (@mechboy_) Bug Bounty2022-10-252023-06-13
906GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown OS command injection Arbitrary file read Information disclosure Account takeover Stored XSS Lack of rate limiting Weak credentials Password policy bypass GL.iNet Olivier Laflamme (@olivier_boschko) Bug Bounty2022-10-262023-06-13
851My First Account Takeover Account takeover Logic flaw NA JAI NIRESH J Bug Bounty2022-11-092023-06-13
845How Sigstore quickly patched an upstream vulnerability OAuth Account takeover Phishing Sigstore dex Joern Schneeweisz Bug Bounty2022-11-102023-06-13
819Account Takeover Worth of $2500 Account takeover IDOR NA Jefferson Gonzales (@gonzxph) Bug Bounty2022-11-162023-06-13
809SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover Account takeover Azure AD Cloud Microsoft Tomer Nahum (@TomerNahum1) Bug Bounty2022-11-182023-06-13
807From Static domain to Account Takeover Account takeover Logic flaw NA Demon (@R29k_) Bug Bounty2022-11-182023-06-13
800My Account Takeover Writeup: $5000 Lack of rate limiting Bruteforce NA MRD7 (@_mrd7_) Bug Bounty2022-11-212023-06-13
787Account Takeover in KAYAK Account takeover Android Insecure deeplink KAYAK Carlos Bello Bug Bounty2022-11-232023-06-13
775How I hacked into a government e-learning website IDOR Account takeover NA iamgk808 (@iamgk808) Bug Bounty2022-11-262023-06-13
773WebView XSS, account takeover Webview XSS Android Account takeover Improper Export of Android Application Components NA shafou Bug Bounty2022-11-262023-06-13
768Access Any Owner Account without Authentication (Auth bypass + 2FA bypass) Authentication bypass MFA bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-11-272023-06-13
7652FA Enabled Accounts Can Bypass Authentication & Access Account After Deactivation Authentication bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-11-272023-06-13
735Account Takeover - Inside The Tenant Account takeover Information disclosure NA Jerry Shah (@Jerry) Bug Bounty2022-12-032023-06-13
728OTP Leaking Through Cookie Leads to Account Takeover Information disclosure Account takeover NA ag3n7 Bug Bounty2022-12-052023-06-13
666Zero Click To Account Takeover (IDOR + XSS) IDOR XSS Account takeover NA Arman (@M7arm4n) Bug Bounty2022-12-212023-06-13
6640 click Facebook Account Takeover and Two-Factor Authentication Bypass Authentication bypass GraphQL Account takeover Android MFA bypass Meta / Facebook abdellah yaala (@yaalaab) Bug Bounty2022-12-212023-06-13
638Account Takeover Due to Cognito Misconfiguration Earns Me €xxxx Amazon cognito misconfiguration Account takeover NA Mukund Bhuva (@MukundBhuva) Bug Bounty2022-12-292023-06-13
637How I got a Bug At Apple that lead’s to takeover accounts of any user who view my profile XSS Account takeover Apple Abdelkader Mouaz (@hamzadzworm) Bug Bounty2022-12-292023-06-13
633How I took over an admin panel and got $500 Blind XSS Account takeover NA Muhammed Mubarak Bug Bounty2023-01-012023-06-13
629An amazing way to turn a xss into an ATO XSS Account takeover NA Naka Bug Bounty2023-01-022023-06-13
621Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More Account takeover SSO RCE Authorization bypass SQL injection Mass assignment Information disclosure Kia Honda Infiniti Nissan Acura Mercedes-Benz Hyundai Genesis BMW Rolls Royce Ferrari Spireon Ford Reviver Porsche Toyota Jaguar Land Rover SiriusXM Sam Curry (@samwcyo) Bug Bounty2023-01-032023-06-13
602Full Team Takeover Account takeover Broken Access Control NA Tuhin Bose (@tuhin1729_) Bug Bounty2023-01-092023-06-13
601How I Earned $1000 From Business Logic Vulnerability (account takeover) Logic flaw Account takeover NA andika Bug Bounty2023-01-102023-06-13