Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
15922FA Secret value disclosure leads to 2FA Bypass - Bug Bounty Writeup MFA bypass Information disclosure NA Aditya Singh / rook1337 (@imrook1337) Bug Bounty2022-04-282023-06-13
1590Contact Point Deanonymization Vulnerability in Meta Information disclosure Meta / Facebook Lokesh Kumar (@lokeshdlk77) Bug Bounty2022-04-282023-06-13
1580How i found a vulnerability that leads to access any users’ sensitive data and got $500 Information disclosure Flickr Mr Robert | Ahmed M Hassan (@Mr_Robert20) Bug Bounty2022-05-042023-06-13
1573How We hacked (bypassed) Admin Panel just by JS file Information disclosure NA Zhenwar Hawlery (@zhenwarx) Bug Bounty2022-05-062023-06-13
1571Cloudflare Pages, part 1: The fellowship of the secret Command injection Container escape Bash Path injection RCE Local Privilege Escalation Information disclosure Cloudflare Sean Yeoh (@seanyeoh) Bug Bounty2022-05-062023-06-13
1570The $16,000 Dev Mistake Information disclosure NA Daniel Marte (@Masonhck3571) Bug Bounty2022-05-072023-06-13
1568P1 Bug — PII information disclosure Information disclosure IDOR NA Huntersherlock Bug Bounty2022-05-082023-06-13
1556Forging OAuth tokens using discovered client id and client secret Information disclosure Account takeover NA Basyouni (@AshrafBasyoni4) Bug Bounty2022-05-122023-06-13
1542From Wayback to Account Takeover Information disclosure Account takeover Plex Mohamed Taha (@Mohamed12742780) Bug Bounty2022-05-192023-06-13
1541How I was able to access IBM internal documents Information disclosure IDOR IBM Mohamed Taha (@Mohamed12742780) Bug Bounty2022-05-192023-06-13
1512Exploiting iOS app for fun and profit Account takeover Information disclosure NA Bijan Murmu (@0xbijan) Bug Bounty2022-05-292023-06-13
1489De-Anonymization attacks against Proton services Privacy issue Information disclosure HTML injection Local Privilege Escalation Proton AG Ruben Santamarta (@reversemode) Bug Bounty2022-06-082023-06-13
1486Chaining vulnerabilities to criticality in Progress WhatsUp Gold SSRF Local File Disclosure Information disclosure Progress (WhatsUp Gold) Shubham Shah (@infosec_au) Bug Bounty2022-06-092023-06-13
1476Finding vulnerabilities in curl 7.83.0 without reading a single-line of C code SSRF Information disclosure HSTS bypass Internet Bug Bounty (curl) Haxatron (@Haxatron1) Bug Bounty2022-06-122023-06-13
1472500$ Account Takeover Account takeover Information disclosure HTTP response manipulation Xsolla Hemant Kumar Bug Bounty2022-06-142023-06-13
1468403 bypass on a fortune 100 financial institution (P3) Information disclosure Authorization flaw Forced browsing NA Damaidec Bug Bounty2022-06-142023-06-13
1449Personal Access Token Disclosure in Asana Desktop Application Information disclosure Hardcoded credentials Asana Lauritz Holtmann (@_lauritz_) Bug Bounty2022-06-182023-06-13
1448Account Takeover by OTP bypass Information disclosure Client-side enforcement of server-side security OTP bypass Account takeover NA Vaibhav Kumar Srivastava Bug Bounty2022-06-192023-06-13
1440We were vulnerable - how a security company could have vulns Broken Access Control Authorization flaw Information disclosure Volkis Soman Verma Bug Bounty2022-06-222023-06-13
1430Bug: Cisco IOS SNMPv3 ACL Issues Information disclosure Cisco Gerry Gosselin (@ggPixelHealth) Bug Bounty2022-06-262023-06-13
1401Penetration Testing Firebase Web Applications Firebase Information disclosure NA Bhashit Pandya (@x30r_) Bug Bounty2022-07-032023-06-13
1391PII Disclosure of Apple Users ($10k) IDOR Lack of rate limiting Bruteforce Information disclosure Apple Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2022-07-072023-06-13
1384How I earned 200$ in Bug Bounty Program Information disclosure NA Idan Malihi Bug Bounty2022-07-092023-06-13
1367Abusing URL Shortners for fun and profit Information disclosure Account takeover IDOR NA Sicksec (@OriginalSicksec) Bug Bounty2022-07-142023-06-13
1361Good Recon Leads To Senssitive Accounts Information disclosure Username enumeration NA Milanjain Bug Bounty2022-07-152023-06-13