Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
853Some Tips to Finding IDORs more easily and Fixing them IDOR NA Xenon Bug Bounty2022-11-082023-06-13
852Netgear Nighthawk R7000P AWS_JSON Unauthenticated Double Stack Overflow Vulnerability Memory corruption Netgear Jean-Jamil Khalife Bug Bounty2022-11-092023-06-13
851My First Account Takeover Account takeover Logic flaw NA JAI NIRESH J Bug Bounty2022-11-092023-06-13
850Jit-Picking: Differential Fuzzing of JavaScript Engines Browser hacking Mozilla Lukas Bernhard (@bernhl) Bug Bounty2022-11-092023-06-13
849Chaining Path Traversal with SSRF to disclose internal git repo data in a Bank Asset SSRF Path traversal NA Nikhil (niks) (@niksthehacker) Bug Bounty2021-11-092023-06-13
848Sleep SQL injection on Name Parameter While Updating Profile SQL injection NA Umer Yousuf Bug Bounty2022-11-102023-06-13
847Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd IDOR Google Caesar Evan Santoso Bug Bounty2022-11-102023-06-13
846Accidental $70k Google Pixel Lock Screen Bypass Lock screen bypass Authentication bypass Android Google David Schütz (@xdavidhu) Bug Bounty2022-11-102023-06-13
845How Sigstore quickly patched an upstream vulnerability OAuth Account takeover Phishing Sigstore dex Joern Schneeweisz Bug Bounty2022-11-102023-06-13
844Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server RCE OS command injection Path traversal Local Privilege Escalation LiteSpeed Artur Avetisyan (@3v1LMonk3y) Bug Bounty2022-11-102023-06-13
843Discovering vendor-specific vulnerabilities in Android Android Samsung Google Oversecured (@OversecuredInc) Bug Bounty2022-11-102023-06-13
842Windows Kernel: Exploit CVE-2022-35803 in Common Log File System Windows Local Privilege Escalation Type confusion Microsoft luckyu (@uuulucky) Bug Bounty2022-11-112023-06-13
841From Shodan Dork to Grafana 📊Local File Inclusion LFI Old components with known vulnerabilities NA Anurag__Verma Bug Bounty2022-11-112023-06-13
840Security and Privacy Failures in Popular 2FA Apps Cryptographic issues LastPass Google Twilio Microsoft Duo Salesforce Latch Zoho Conor Gilsenan Bug Bounty2022-11-112023-06-13
839Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures Signature bypass Signature forgery Cryptographic issues Windows Microsoft Simon Rohlmann Bug Bounty2022-11-112023-06-13
838Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js RCE Prototype pollution DoS Rocket.Chat NPM CLI Parse Server Node.js Mikhail Shcherbakov Bug Bounty2022-11-112023-06-13
837CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS MacOS Local Privilege Escalation SIP bypass Apple Mickey Jin (@patch1t) Bug Bounty2022-11-112023-06-13
836Finding Reflected XSS In A Strange Way XSS NA Raymond Lind Bug Bounty2022-11-112023-06-13
835How i get $100 in just 10 minutes ! Race condition NA Jody ritonga Bug Bounty2022-11-132023-06-13
834Path Traversal Vulnerability in Payara Platform Path traversal Payara Michael Baer Bug Bounty2022-11-142023-06-13
833CVE-2022-32929 - Bypass iOS backup%27s TCC protection Local Privilege Escalation TCC bypass MacoS iOS Apple Csaba Fitzl (@theevilbit) Bug Bounty2022-11-142023-06-13
832SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution SQL injection RCE Security code review Cisco - Bug Bounty2022-11-142023-06-13
831SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege Hardcoded credentials Security code review JWT Privilege escalation Cisco - Bug Bounty2022-11-142023-06-13
830Firebase: Insecure by Default (feat. that one time our classmates tried to sue us) Hardcoded API keys Fizz Aditya Saligrama (@saligrama_a) Bug Bounty2022-11-142023-06-13
829Winning QR with DOM-Based XSS | Bug Bounty POC DOM XSS NA Haroon Hameed (@HaroonHameed40) Bug Bounty2022-11-152023-06-13