Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
594Bypassing authorization in Google Cloud Workstations [Google VRP] Account takeover OAuth URL validation bypass Google Sivanesh Ashok (@sivaneshashok) Bug Bounty2023-01-132023-06-13
587Account Take Over Due To AWS Cognito Misconfiguration Amazon cognito misconfiguration Account takeover NA Deshine Bug Bounty2023-01-162023-06-13
586Full Account Take Over by very simple trick. Account takeover Broken Access Control NA XeRox01 (@xerox0x1) Bug Bounty2023-01-162023-06-13
576From Error_Log File(P4) To Company Account Takeover(P1) and Unauthorized Actions On API Information disclosure NA Muhanad Israiwi (@IsrewyMohand) Bug Bounty2023-01-172023-06-13
568The easiest way I used to bypass an admin panel HTTP request smuggling Account takeover NA Sirat Sami (@siratsami71) Bug Bounty2023-01-192023-06-13
561CSRF + Stored XSS Leading to Full Account Takeover Stored XSS CSRF Account takeover NA Fares Walid (@SirBagoza) Bug Bounty2023-01-202023-06-13
553How i Hacked Scopely with “Sign in with Google” Account takeover CORS misconfiguration Client-side enforcement of server-side security OAuth Scopely Ph.Hitachi Bug Bounty2023-01-232023-06-13
540Ransacking your password reset tokens Account takeover Password reset Bruteforce Ransack library Lukas Euler Bug Bounty2023-01-262023-06-13
517Mass Account takeover by bypassing 2 FA MFA bypass IDOR Account takeover NA Zeeshan Mustafa (@by6153) Bug Bounty2023-01-312023-06-13
497SSO Gadgets: Escalate (Self-)XSS to ATO SSO OAuth Account takeover Self-XSS Login CSRF NA Lauritz Holtmann (@_lauritz_) Bug Bounty2023-02-042023-06-13
495Easy Account Takeover on dell subdomain Password reset Account takeover Dell Mohamed Fares (@_2os5) Bug Bounty2023-02-052023-06-13
480Chaining Bugs to get my First Bug Bounty CSRF Open redirect Clickjacking Account takeover NA ag3n7 (@ag3n7apk) Bug Bounty2023-02-082023-06-13
468HubSpot Full Account Takeover in Bug Bounty Account takeover Hyperlink injection Password reset HubSpot Omar Hashem (@OmarHashem666) Bug Bounty2023-02-112023-06-13
467We Hacked GitHub for a Month: Here’s What We Found Pre-account takeover Broken Access Control Email verification bypass Logic flaw GitHub Shivam Kumar Singh (@MrRajputHacker) Bug Bounty2023-02-112023-06-13
464IDOR Leads to MASS Account Takeover IDOR Account takeover NA Yaseen Zubair Bug Bounty2023-02-122023-06-13
455Bypassing CORS configurations to produce an Account Takeover for Fun and Profit CORS misconfiguration Account takeover NA Josh Fam (@Pullerze) Bug Bounty2023-02-132023-06-13
444Technical Advisory – Azure B2C – Crypto Misuse and Account Compromise Cryptographic issues JWT Account takeover Authentication bypass Microsoft (Azure) John Novak Bug Bounty2023-02-152023-06-13
429Bypassing SSO Authentication from the Login Without Password Feature Lead to Account Takeover Account takeover SSO OTP Authentication bypass NA Aidil Arief Bug Bounty2023-02-202023-06-13
400Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer Account takeover DOM XSS Microsoft (Azure) Ngo Wei Lin (@Creastery) Bug Bounty2023-02-242023-06-13
395My P1 — Account Takeover Account takeover IDOR Password reset NA Kullai (@Kullai12) Bug Bounty2023-02-252023-06-13
391Account Takeover worth of $5 OAuth Account takeover NA Jefferson Gonzales (@gonzxph) Bug Bounty2023-02-262023-06-13
387Interesting Stored XSS in sandboxed environment to Full Account Takeover Stored XSS Account takeover NA Anurag__Verma Bug Bounty2023-02-272023-06-13
374How I Earned $1800 for finding a (Business Logic) Account Takeover Vulnerability? Account takeover Authentication bypass NA Vivek Kumar Yadav (@0xd3vil) Bug Bounty2023-03-012023-06-13
371Gitpod remote code execution 0-day vulnerability via WebSockets RCE Websockets Cross-Site WebSocket Hijacking (CSWH) Cloud Samesite cookie bypass Account takeover Gitpod Elliot Ward Bug Bounty2023-03-012023-06-13
368How a simple IDOR impacted the data of thousands of customers of an Indian automotive giant Account takeover Information disclosure IDOR NA Kushal Jain Bug Bounty2023-03-012023-06-13