Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1054TypeORM Prototype Pollution Leading To SQL Injection (CVE-2022-36531) DoS SQL injection TypeORM Norbert Szetei (@73696e65) Bug Bounty2022-09-212023-06-13
1053Tarfile: Exploiting the World With a 15-Year-Old Vulnerability Path traversal Python Kasimir Schulz (@Abraxus7331) Bug Bounty2022-09-212023-06-13
1052Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library Universal XSS SSRF Open redirect Web cache poisoning Netlify Gemini PancakeSwap Docusign Moonpay Celo Sam Curry (@samwcyo) Bug Bounty2022-09-212023-06-13
1051One takeover to rule them all Subdomain takeover EDF Gwendal Le Coguic (@gwendallecoguic) Bug Bounty2022-09-212023-06-13
1050Tarfile: Exploiting the World With a 15-Year-Old Vulnerability Path traversal Python Kasimir Schulz (@Abraxus7331) Bug Bounty2022-09-212023-06-13
1049How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty SQL injection NA Omar Hashem (@OmarHashem666) Bug Bounty2022-09-222023-06-13
1048Making HTTP header injection critical via response queue poisoning HTTP header injection HTTP request smuggling NA James Kettle (@albinowax) Bug Bounty2022-09-222023-06-13
1047Skype for Business Audit Part 1 - SKYPErsistence Local Privilege Escalation Windows Security code review Microsoft Florian Hauser (@frycos) Bug Bounty2022-09-222023-06-13
1046Exploiting Distroless Images Command injection Arbitrary file read Arbitrary file write Container escape Google Daniel Teixeira (@TheRedOperator) Bug Bounty2022-09-222023-06-13
1045My First XSS Open redirect XSS NA Avyukt Syrine (@AvyuktSyrine) Bug Bounty2022-09-232023-06-13
1044My First Valid Bug “Bypass the Admin Panel” Authentication bypass NA Digant Prajapati Bug Bounty2022-09-232023-06-13
1043Arbitrary File Corruption: End - to - End Encrypted Messaging Application Insecure intent Android NA Neil Mark Ochea (@nmochea) Bug Bounty2022-09-232023-06-13
1042WAF bypasses via 0days WAF bypass Content-type confusion Charset confusion ModSecurity Terjanq (@terjanq) Bug Bounty2022-09-232023-06-13
1041Pre-Auth Remote Code Execution - Web Page Test RCE SSRF CatchPoint Laluka (@TheLaluka) Bug Bounty2022-09-232023-06-13
1040CVE-2022-35256 - HTTP Request Smuggling in NodeJS HTTP request smuggling Node.js VVX7 (@VV_X_7) Bug Bounty2022-09-232023-06-13
1039Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations Security misconfiguration VoIP hacking NA hackthebox Bug Bounty2022-09-242023-06-13
1038Microsoft Windows Shift F10 Bypass and Autopilot privilge escalation Local privilege escalation Microsoft Matek Kamilló (@k4m1ll0) Bug Bounty2022-09-242023-06-13
1037Blind XSS on Admin Portal Leads to Information Disclosure Blind XSS NA Rohit Kumar (Rohit_443) Bug Bounty2022-09-242023-06-13
1036Escalating SSTI to Reflected XSS using curly braces {} SSTI XSS NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-09-242023-06-13
1035Stored XSS in Nvidia via Angular JS template injection CSTI Stored XSS Nvidia Mohamed Abdelhady Bug Bounty2022-09-252023-06-13
1034Shopping App Deeplink Arbitrary URLs Insecure deeplink Android NA Neil Mark Ochea (@nmochea) Bug Bounty2022-09-252023-06-13
1033Tesla paid me $10,000 because of Directory Indexing Directory listing Tesla infiltrateops Bug Bounty2022-09-252023-06-13
1032Blind account takeover Account takeover NA Bartłomiej Bergier (@_bergee_) Bug Bounty2022-09-252023-06-13
1031New Attack Paths? AS Requested Service Tickets Local Privilege Escalation Windows Kerberos Active Directory Microsoft Charlie Clark (@exploitph) Bug Bounty2022-09-252023-06-13
1030Skype for Business Audit Part 2 - SKYPErimeterleak SSRF Security code review Microsoft Florian Hauser (@frycos) Bug Bounty2022-09-262023-06-13