Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1003Bugcrowd — Tale of multiple misconfigurations!! ❌ Account takeover OAuth OTP bypass Password reset NA Vaibhav Lakhani Bug Bounty2022-10-042023-06-13
1002Securing Developer Tools: A New Supply Chain Attack on PHP Argument injection RCE Supply chain attack Security code review Packagist Thomas Chauchefoin (@swapgs) Bug Bounty2022-10-042023-06-13
1001Hacking TMNF: Part 1 - Fuzzing the game server RCE Memory corruption Format string vulnerability Ubisoft - Bug Bounty2022-10-052023-06-13
1000How I Found A P1 Bug Authentication bypass Information disclosure NA Amith Bug Bounty2022-10-052023-06-13
999Appsmith Patches Full-Read SSRF Vulnerabilities Reported by CloudSEK SSRF Appsmith Sparsh Kulshrestha (@d0tdotslash) Bug Bounty2022-10-052023-06-13
998Exploit Disclosure: Turning Thunderbird into a Decryption Oracle Privacy issue Mozilla (Thunderbird) Sarah Jamie Lewis (@SarahJamieLewis) Bug Bounty2022-10-052023-06-13
997A Deep Dive of CVE-2022–33987 (Got allows a redirect to a UNIX socket) SSRF MediaWiki Chaim Sanders Bug Bounty2022-10-062023-06-13
996Error based SQL Injection with WAF bypass manual Exploit 100% SQL injection WAF bypass NA Ahmed Qaramany (@c0nqr0r) Bug Bounty2022-10-062023-06-13
995Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style DNS cache poisoning Kaminsky attack NA Timo Longin Bug Bounty2022-10-062023-06-13
994CVE-2022-41343 RCE Insecure deserialization Phar deserialization dompdf Tanto Security team (@TantoSecurity) Bug Bounty2022-10-062023-06-13
993Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to stored Self-XSS CSRF NA Ahmad A Abdulla (@lu3ky13) Bug Bounty2022-10-062023-06-13
992SSD Advisory – pfSense Post Auth RCE RCE Privilege escalation pfSense 이예랑 (@yelang123x) Bug Bounty2022-10-062023-06-13
991Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes IP address validation bypass Hostname validation bypass URL parsing issue OpenJDK Jeff Dileo (@ChaosDatumz) Bug Bounty2022-10-062023-06-13
990Full Company Building Takeover Information disclosure NA Omar Hashem (@OmarHashem666) Bug Bounty2022-10-062023-06-13
989CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE SQL injection ZKTeco Caio Burgardt (@CaioBurgardt) Bug Bounty2022-10-062023-06-13
988Insecure Comments IDOR Authorization flaw Microsoft Meareg Bug Bounty2022-10-072023-06-13
987Auth Bypass Via Exposed Credentials Hardcoded API keys NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2022-10-072023-06-13
986Vulnerabilities in Online Payment Systems Payment bypass Payment tampering Logic flaw NA Claudio Moran Bug Bounty2022-10-082023-06-13
985The easiest bug to get a Hall of fame from a Billion dollar company. GraphQL Information disclosure GeHealthcare Ravaan Bug Bounty2022-10-102023-06-13
984Persistent PHP Payloads In PNGs: How To Inject PHP Code In An Image – And Keep It There ! Unrestricted file upload Code injection RCE NA Quentin Roland (@ROLANDQuentin2) Bug Bounty2022-10-102023-06-13
983Gcash Vulnerability Walkthrough Android Insecure deeplink Insecure intent Gcash Neil Mark Ochea (@nmochea) Bug Bounty2022-10-102023-06-13
982Reflected cross-site scripting vulnerability in Crealogix EBICS implementation Reflected XSS CREALOGIX AG Tobias Ospelt (@floyd_ch) Bug Bounty2022-10-102023-06-13
981VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability Insecure deserialization Security code review VMware Marcin %27Icewall%27 Noga (@_Icewall) Bug Bounty2022-10-102023-06-13
980[Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I] Broken Access Control Android NA Abdelhak Kharroubi Bug Bounty2022-10-102023-06-13
979Enter "Sandbreak" - Vulnerability In vm2 Sandbox Module Enables Remote Code Execution (CVE-2022-36067) RCE Sandbox bypass vm2 Oxeye (@OxeyeSecurity) Bug Bounty2022-10-102023-06-13