Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
777Exploiting an N-day vBulletin PHP Object Injection Vulnerability PHP Object Injection Security code review vBulletin Egidio Romano / EgiX Bug Bounty2022-11-262023-06-13
776Hacking Dutch Government-Broken Authentication To Full Website Takeover (P1) Exposed registration page Dutch Government V1dr4X Bug Bounty2022-11-262023-06-13
775How I hacked into a government e-learning website IDOR Account takeover NA iamgk808 (@iamgk808) Bug Bounty2022-11-262023-06-13
774Exploiting CORS Misconfigurations CORS misconfiguration CSRF XST Apple Google Mozilla (Firefox) WHATWG scarlet / attack ships on fire Bug Bounty2022-11-262023-06-13
773WebView XSS, account takeover Webview XSS Android Account takeover Improper Export of Android Application Components NA shafou Bug Bounty2022-11-262023-06-13
772A great weekend hack(worth $8k) SQL injection IDOR Stored XSS NA Manas Harsh (@ManasH4rsh) Bug Bounty2022-11-262023-06-13
771[Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application Android Hardcoded credentials IDOR NA Abdelhak Kharroubi Bug Bounty2022-11-262023-06-13
770A Real World Example Of Classic Remote Command Execution (RCE) OS command injection XSS RCE NA Bhashit Pandya (@x30r_) Bug Bounty2022-11-262023-06-13
769Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames IDOR Broken Access Control Android IoT Ourphoto Nick M (@1oopho1e) Bug Bounty2022-11-262023-06-13
768Access Any Owner Account without Authentication (Auth bypass + 2FA bypass) Authentication bypass MFA bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-11-272023-06-13
767Firebase Exploit bug bounty Security misconfiguration Firebase NA Damaidec Bug Bounty2022-11-272023-06-13
766Unique Rate limit bypass worth 1800$ Rate limiting bypass Captcha bypass NA Manav Bankatwala (@ManavBankatwala) Bug Bounty2022-11-272023-06-13
7652FA Enabled Accounts Can Bypass Authentication & Access Account After Deactivation Authentication bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-11-272023-06-13
764Multiple Vulnerabilities found in Airtel Android Application Arbitrary Code Execution URL validation bypass Symlink attack XSS Android Webview Airtel Google Gaurang Bhatnagar (@hax0rgb) Bug Bounty2022-11-272023-06-13
763The Untold SendBird Misconfigurations Broken Access Control SendBird LTiDi (@dunglt140150) Bug Bounty2022-11-272023-06-13
762Improper error handling leads to exposing internal tokens Information disclosure NA Agnieszka Pietruczuk Bug Bounty2022-11-282023-06-13
761Broken access control + misconfiguration = Beautiful privilege escalation Broken Access Control Privilege escalation NA Hossam Mesbah (@m359ah) Bug Bounty2022-11-282023-06-13
760discord.exe – Improper Input Validation Security code review Local Privilege Escalation Phishing Discord RiotSecTeam (@RiotSecTeam) Bug Bounty2022-11-282023-06-13
759Cross-Site Scripting in CodeIgniter version 3.1.13 Reflected XSS Security code review CodeIgniter Antoine Cervoise Bug Bounty2022-11-292023-06-13
758VoIP Spoofing (Intigriti) 1,250€ VoIP Spoofing NA 0xJin (@0xJin) Bug Bounty2022-11-292023-06-13
756Brocade Fabric OS ≤ v8.0.2c rbash escape to read system files rbash escape Local Privilege Escalation Broadcom Bitcrack (@bitcrack_cyber) Bug Bounty2022-11-292023-06-13
755Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 Unrestricted file upload Security code review RCE Rocket Software Mehdi Elyassa Bug Bounty2022-11-302023-06-13
754Stored XSS at https://www.tiktok.com/ the name of the attacker’s account carrying XSS payload will be triggered when the victim Send Video Stored XSS TikTok Aidil Arief Bug Bounty2022-11-302023-06-13
752VLC : Integer overflow in vnc module <= 3.0.18 CVE-2022-41325 Memory corruption Integer overflow VLC 0xMitsurugi Bug Bounty2022-11-302023-06-13
751XSS on account.leagueoflegends.com via easyXDM [2016] XSS postMessage Riot Games Luke Young (@TheBoredEng) Bug Bounty2022-12-012023-06-13