Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
878How I Get 5x Swag From Sony DOM XSS Directory listing Default credentials Information disclosure Sony Naeem Ahmed Sayed (@0xNaeem) Bug Bounty2022-11-022023-06-13
877How 403 Forbidden Bypass got me NOKIA Hall Of Fame (HOF) 403 bypass Nokia Jaydeepsinh Thakor (@thakor_jd_) Bug Bounty2022-11-022023-06-13
876Improper Access Control — My Third Finding on Hackerone! HTML injection Broken Access Control NA mehedishakeel (@mehedishakeel) Bug Bounty2022-11-022023-06-13
875Fuzzing For Hidden Params SQL injection NA calfcrusher Bug Bounty2022-11-022023-06-13
874Chaining Multiple Vulnerabilities Leads to Remote Code Execution (RCE) on One of the Payment Service Companies. Exposed registration page Exposed Jenkins instance Weak credentials RCE NA Rohit Soni (@streetofhacker) Bug Bounty2022-11-022023-06-13
873Gregor Samsa: Exploiting Java%27s XML Signature Verification Integer truncation RCE SAML OpenJDK Apache Commons BCEL Felix Wilhelm (@_fel1x) Bug Bounty2022-11-022023-06-13
872How I could have been the administrator for all Dutch companies and create invoices. And still can be… Logic flaw Dutch Government bob van der staak Bug Bounty2022-11-032023-06-13
871Get Blind XSS within 5 Minutes — $100 Blind XSS NA Narayanan M Bug Bounty2022-11-032023-06-13
870The power of adaptability through experience. Lateral movement Active Directory Privilege Escalation NA Mike Saunders (@hardwaterhacker) Bug Bounty2022-11-032023-06-13
869Invitation Hijacking Authorization flaw Privilege escalation NA vFlexo (@vflexo) Bug Bounty2022-11-032023-06-13
868Case of Admin Bypass for RCE, XSS, and Information Disclosure RCE Unrestricted file upload Stored XSS Information disclosure NA Sam Paredes (@caffeinevulns) Bug Bounty2022-11-032023-06-13
867How I hacked into a Cambridge’s server and got appreciation letter. Unrestricted file upload RCE Cambridge Prathamrajgor Bug Bounty2022-11-042023-06-13
866CSRF Leads to Delete User Account CSRF NA Omarbakrey Bug Bounty2022-11-042023-06-13
865Practical Client Side Path Traversal Attacks Path traversal Client-side Path Traversal Open redirect CSS injection Acronis Medi (@medi_0ne) Bug Bounty2022-11-042023-06-13
864PENTEST TALES: EXIF Data Manipulation Unrestricted file upload Stored XSS NA Armand Jasharaj Bug Bounty2022-11-052023-06-13
863Directory traversal in PDF viewing application. Leading to full database takeover Path traversal NA Tom Wrinn Bug Bounty2022-11-052023-06-13
862Story of a $1k bounty — SSRF to leaking access token and other sensitive information SSRF NA Faique (@imfaiqu3) Bug Bounty2022-11-052023-06-13
861CVE-2022-26730 | ColorSync | Hoyt LLC MacOS Memory corruption RCE Apple David Hoyt (@h02332) Bug Bounty2022-11-052023-06-13
860Exploit Feature To Get High Bug impact Logic flaw NA Mohamed Anani (@0xm5awy) Bug Bounty2022-11-052023-06-13
859IDOR on Unsubscribe emails to $200 bounty. IDOR NA shbugger1 Bug Bounty2022-11-062023-06-13
858Stormshield SNS cleartext password leak Use of GET request Method With sensitive query strings Stormshield Mehdi Alouache Bug Bounty2022-11-072023-06-13
857How we hacked’ Telenet’s cybersecurity quiz Logic flaw Telenet Mickey De Baets Bug Bounty2022-11-072023-06-13
856Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049) Local Privilege Escalation Windows Microsoft Kuba Gretzky (@mrgretzky) Bug Bounty2022-11-082023-06-13
855Comodo: From .Git to Takeover .git folder disclosure Comodo Maor Dayan (@mord1234) Bug Bounty2022-11-082023-06-13
854Compromising Plesk Via Its REST API CORS misconfiguration CSRF Plesk Adrian Tiron (@Adrian__T) Bug Bounty2022-11-082023-06-13