Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
803How i found 29 stored XSS in modern framework Stored XSS NA Dewanand Vishal (@dewcode91) Bug Bounty2022-11-202023-06-13
802Email Graffiti: hacking old email Broken link hijacking Google (Youtube) Dylan Ayrey (@insecurenature) Bug Bounty2022-11-202023-06-13
801Hacking Smartwatches for Spear Phishing IoT Phishing Android NA Cybervelia (@cybervelia) Bug Bounty2022-11-202023-06-13
800My Account Takeover Writeup: $5000 Lack of rate limiting Bruteforce NA MRD7 (@_mrd7_) Bug Bounty2022-11-212023-06-13
799Fastly Subdomain Takeover $2000 Subdomain takeover NA ValluvarSploit (@ValluvarSploit) Bug Bounty2022-11-212023-06-13
798Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs GraphQL Security misconfiguration Meta / Facebook David Schütz (@xdavidhu) Bug Bounty2022-11-212023-06-13
797A Confused Deputy Vulnerability in AWS AppSync Confused deputy Cloud Privilege escalation AWS Nick Frichette (@frichette_n) Bug Bounty2022-11-212023-06-13
795SSD Advisory – NETGEAR R7800 AFPD PreAuth Memory corruption Buffer Overflow Netgear - Bug Bounty2022-11-222023-06-13
794Interesting Stored XSS via meta data Stored XSS NA Veshraj Ghimire (@GhimireVeshraj) Bug Bounty2022-11-222023-06-13
793SSRF via DNS Rebinding (CVE-2022–4096) SSRF DNS rebinding TOCTOU Appsmith Basavaraj Banakar (@basu_banakar) Bug Bounty2022-11-222023-06-13
792CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You RCE DNS rebinding Information disclosure Tailscale Jamie McClymont (@JJJollyjim) Bug Bounty2022-11-222023-06-13
791CVE-2021-40662 Chamilo LMS 1.11.14 RCE Stored XSS CSRF RCE Chamilo LMS Febin Bug Bounty2021-11-232023-06-13
790XSS Vulnerability Found in ConnectWise Remote Access Platform With Great Potential For Misuse by Scammers Stored XSS ConnectWise Nati Tal Bug Bounty2022-11-232023-06-13
789CVE-2022-32898: ANE_ProgramCreate() multiple kernel memory corruption Memory corruption iOS Kernel hacking Apple simo (@_simo36) Bug Bounty2022-11-232023-06-13
788How I get +10 SQLi and +30 XSS via Automation Tool SQL injection XSS NA Mahmoud Attia (@0xElkot) Bug Bounty2022-11-232023-06-13
787Account Takeover in KAYAK Account takeover Android Insecure deeplink KAYAK Carlos Bello Bug Bounty2022-11-232023-06-13
786CVE-2022-40300: SQL Injection In Manageengine Privileged Access Management SQL injection Zoho (ManageEngine) Justin Hung Bug Bounty2022-11-232023-06-13
785Dodging OAuth origin restrictions for Firebase spelunking OAuth Security misconfiguration Authentication flaw NA Aditya Saligrama (@saligrama_a) Bug Bounty2022-11-232023-06-13
784From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942) Authentication bypass Kerberos RCE Privilege escalation Security code review Intel Julien Ahrens (@MrTuxracer) Bug Bounty2022-11-232023-06-13
783Multiple vulnerabilities in H2O ≤ 3.32.1.3 Insecure deserialization RCE Arbitrary file read Security code review H2O Clément Amic Bug Bounty2022-11-232023-06-13
782Contrast discovers zero-day flaw in popular Quarkus Java framework Drive-by attack CSRF RCE Quarkus Joseph Beeton Bug Bounty2022-11-232023-06-13
781Legally hacking a Government Satellite? Missing authentication OS command injection RCE NA RiotSecTeam (@RiotSecTeam) Bug Bounty2022-11-242023-06-13
780Hacker%27s Guide to Directory/Endpoint Enumeration 40x bypass NA Inderjeet Singh (@3nc0d3dGuY) Bug Bounty2022-11-242023-06-13
779CVE-2022–43781 OS command injection RCE Atlassian Petrus Viet (@VietPetrus) Bug Bounty2022-11-252023-06-13
778Able to Mass-change profile section leads to my first $BOUNTY$ HTML injection IDOR CSRF NA SYRINE Bug Bounty2022-11-252023-06-13