Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1029“Hey Siri, follow that car!” - How traffic cameras expose your location through parking apps. Information disclosure Session hijacking NA Inti De Ceukelaire (@securinti) Bug Bounty2022-09-262023-06-13
1028Discovering The Less-known Vulnerability In Oracle Peoplesoft TockenChpoken Privilege escalation Bruteforce Cookie manipulation NA RE:HACK (@rehackxyz) Bug Bounty2022-09-262023-06-13
1027Layer 2 network security bypass using VLAN 0, LLC/SNAP headers and invalid length Layer 2 networking vulnerability Ethernet MiTM DoS Microsoft Cisco Etienne Champetier / champtar Bug Bounty2022-09-272023-06-13
1026From nothing to AWS credentials SSRF NA (@darkandroider) Bug Bounty2022-09-272023-06-13
1025Another Tale Of IBM I (AS/400) Hacking Local Privilege Escalation Midrange system Menu security NA pz Bug Bounty2022-09-282023-06-13
1024Two RCEs are better than one: write-up of an interesting lateral movement Local Privilege Escalation RCE NA Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-09-282023-06-13
1023Exploits Explained: 5 Unusual Authentication Bypass Techniques Authentication bypass JWT CMS SSO NA Ozgur Alp (@ozgur_bbh) Bug Bounty2022-09-282023-06-13
1022Practically-exploitable Cryptographic Vulnerabilities in Matrix Cryptographic issues Matrix Martin Albrecht (@martinralbrecht) Bug Bounty2022-09-282023-06-13
1021The forgotten IPFS vulnerabilities Web3 hacking Path traversal CORS misconfiguration HTML injection Filecoin Security tintinweb Bug Bounty2022-09-282023-06-13
1020Apple CoreText - An Unexpected Journey to Learn about Failure Memory corruption Apple Daniel Lim Wee Soong (@daniellimws) Bug Bounty2022-09-292023-06-13
1019CVE-2022-37461: Two Reflected XSS Vulnerabilities in Canon Medical’s Vitrea View Reflected XSS Canon Jordan Hedges Bug Bounty2022-09-292023-06-13
1018A vulnerability on Patreon, and their elusive bounty program. Payment bypass Weak crypto Patreon Datura Mater (@DaturaMater) Bug Bounty2022-09-292023-06-13
1017XSS through DHCP: How Attackers Use Standards XSS NA Dylan Ross Bug Bounty2022-09-292023-06-13
1016ECDSA Nonce Reuse Cryptographic issues NA Ingredous Labs Bug Bounty2022-09-292023-06-13
1015Orange Arbitrary Command Execution RCE Docker daemon misconfiguration Missing authentication Orange Omar Hashem (@OmarHashem666) Bug Bounty2022-09-292023-06-13
1014Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned) Web cache poisoning Akamai Paypal Airbnb Tesla Valve Zomato Whitejar Starbucks PlayStation Marriott Hyatt Hotels Goldman Sachs Microsoft Apple LastPass Brussels Airlines Mastercard eToro BBP BMW Group Rockstar Games Francesco Mariani (@_medusa_1_) Bug Bounty2022-09-292023-06-13
1013Security vs Compliance-Cloudflare Password Policy Restriction Bypass Client-side enforcement of server-side security Cloudflare Lohith Gowda M (@lohigowda_in) Bug Bounty2022-09-292023-06-13
1012How Scanning Your Projects for Security Issues Can Lead to Remote Code Execution RCE OS command injection Snyk Ron Masas (@RonMasas) Bug Bounty2022-09-292023-06-13
1011Two Lines Of JScript For $20,000 – Pwn2Own Miami 2022 RCE ICONICS Ben McBride (@bdmcbri) Bug Bounty2022-09-292023-06-13
1010Zoneminder – Web App Testing – Oct 2022 DoS Log injection CSRF Stored XSS ZoneMinder Trenches of IT (@TrenchesofIT) Bug Bounty2022-09-302023-06-13
1009Tale of Easy P1 Bugs in Wild Forced browsing 403 bypass Information disclosure NA Harsh Tandel Bug Bounty2022-10-012023-06-13
1008Breaking Business Logic - Part: 2^7 = 1 Race condition NA Hemdeep Gamit Bug Bounty2022-10-022023-06-13
1006Using Default Credential to Admin Account Takeover Weak credentials NA Rohit Kumar (Rohit_443) Bug Bounty2022-10-022023-06-13
1005CSRF Attack — 0 click account delete - 1st write-up CSRF HTML injection NA Deepak (@bug_vs_me) Bug Bounty2022-10-032023-06-13
1004My First And Second Bugs Are — 2FA Bypass MFA bypass HTTP response manipulation Information disclosure NA Jai Niresh J Bug Bounty2022-10-032023-06-13