Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
828Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) RCE Code injection SSRF Line Feed injection Arbitrary file read Authentication bypass Security code review Checkmk Stefan Schiller (@scryh_) Bug Bounty2022-11-152023-06-13
827Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk SQL injection Logic flaw Zendesk Tal Peleg Bug Bounty2022-11-152023-06-13
826Stealing passwords from infosec Mastodon - without bypassing CSP HTML injection Mastodon infosec.exchange Gareth Heyes (@garethheyes) Bug Bounty2022-11-152023-06-13
825Remote Code Execution in Spotify’s Backstage via vm2 Sandbox Escape (CVSS Score of 9.8) RCE VM sandbox escape Spotify Gal Goldsthein (@G4lGo89) Bug Bounty2022-11-152023-06-13
824Relaying to AD Certificate Services over RPC Active Directory ADCS Windows NA Sylvain Heiniger (@sploutchy) Bug Bounty2022-11-162023-06-13
823Control Your Types Or Get Pwned: Remote Code Execution In Exchange Powershell Backend RCE Windows Checkmk Piotr Bazydło (@chudyPB) Bug Bounty2022-11-162023-06-13
822Chromium: Same Origin Policy bypass within a single site a.k.a. "Google Roulette" SOP bypass Browser hacking Google (Chromium) Michał Bentkowski (@SecurityMB) Bug Bounty2022-11-162023-06-13
821CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures CSRF RCE RPM Spec Injection F5 Ron Bowes (@iagox86) Bug Bounty2022-11-162023-06-13
820The Story Of A Strange / Stored IDOR. IDOR NA Hassan Farooq Bug Bounty2022-11-162023-06-13
819Account Takeover Worth of $2500 Account takeover IDOR NA Jefferson Gonzales (@gonzxph) Bug Bounty2022-11-162023-06-13
818Information Exposure — My Fourth Finding on Hackerone! Directory listing Information disclosure NA mehedishakeel (@mehedishakeel) Bug Bounty2022-11-172023-06-13
817Got Another XSS using Double Encoding XSS NA ag3n7 Bug Bounty2022-11-172023-06-13
816Security concerns with the e-Tugra certificate authority Default credentials Exposed registration page e-Tugra Ian Carroll (@iangcarroll) Bug Bounty2022-11-172023-06-13
815MEGA’s Unlimited Cloud Storage Vulnerability Logic flaw Privilege escalation MEGA Nirmal Dahal (@TheNittam) Bug Bounty2022-11-172023-06-13
814[RE:SCRUTINY] Delay Then Migrate Your Meterpreter Internal pentest Lateral movement NA RE:HACK (@rehackxyz) Bug Bounty2022-11-172023-06-13
813Bypassing XSS filters using Double Encoding XSS WAF bypass NA ag3n7 (@ag3n7apk) Bug Bounty2022-11-182023-06-13
812How i found 8 vulnerabilities in 24h? Logic flaw NA Mohamed Anani (@0xM5awy) Bug Bounty2022-11-182023-06-13
811$250 for Email account enumeration using “NameToMail” tool Username enumeration NA snoopy (@snoopy101101) Bug Bounty2022-11-182023-06-13
810macOS Sandbox Escape vulnerability via Terminal MacOS Sandbox escape Local Privilege Escalation Apple Wojciech Reguła (@_r3ggi) Bug Bounty2022-11-182023-06-13
809SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover Account takeover Azure AD Cloud Microsoft Tomer Nahum (@TomerNahum1) Bug Bounty2022-11-182023-06-13
808Remote Command Execution in a Bank Server RCE Arbitrary file read Unrestricted file upload NA Bipin Jitiya (@win3zz) Bug Bounty2022-11-182023-06-13
807From Static domain to Account Takeover Account takeover Logic flaw NA Demon (@R29k_) Bug Bounty2022-11-182023-06-13
806Remediation Archeology — Finding and Decoding an Ancient XSS XSS NA Bend Theory (@bendtheory) Bug Bounty2022-11-182023-06-13
805Russian roulette XSS Blind XSS NA Splintersec (@splint3rsec) Bug Bounty2022-11-192023-06-13
804System misconfiguration is the number one vulnerability, at least for Mastodon Security misconfiguration MinIO misconfiguration infosec.exchange Lenin Alevski (@Alevsk) Bug Bounty2022-11-192023-06-13