Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
750Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable Supply chain attack GitHub Rust Noam Dotan Bug Bounty2022-12-012023-06-13
749Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access Cloud SQL injection Privilege escalation Information disclosure IBM Ronen Shustin (@ronenshh) Bug Bounty2022-12-012023-06-13
748Bypassing The Client Side Encryption To Read Internal Windows Server Files Client-side encryption bypass LFI Security code review NA Abhishek Morla (@abhishekmorla) Bug Bounty2022-12-012023-06-13
747How I found my first RCE! RCE Components with known vulnerabilities WSO2 SSRF NA 302Found Bug Bounty2022-12-012023-06-13
746From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225) SQL injection Kerberos RCE Privilege escalation Security code review Intel Julien Ahrens (@MrTuxracer) Bug Bounty2022-12-012023-06-13
745Command Injection in Asus M25 NAS OS command injection Source code disclosure Asus Quentin Kaiser (@QKaiser) Bug Bounty2022-12-012023-06-13
744Interesting find on the Invite link Logic flaw NA Sathvika Bug Bounty2022-12-022023-06-13
743[WRITE-UP] Irremovable comments on the FB Lite app | A story of a simple FB Lite bug that I found just by observation (Bounty: 500 USD) Logic flaw Meta / Facebook Shubham Bhamare (@theshubh77) Bug Bounty2022-12-022023-06-13
742Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway XSS CRLF injection SSRF LFI Local Privilege Escalation Arbitrary file read Proxmox JianTao Li (@cursered) Bug Bounty2022-12-022023-06-13
741CertPotato – Using ADCS to privesc from virtual and network service accounts to local system Local Privilege Escalation ADCS Microsoft Hocine Mahtout (@Sant0rryu) Bug Bounty2022-12-022023-06-13
740Pre-Auth RCE with CodeQL in Under 20 Minutes Security code review RCE Command injection Authorization flaw pgAdmin Florian Hauser (@frycos) Bug Bounty2022-12-022023-06-13
739Hacking on a plane: Leaking data of millions and taking over any account IDOR NA rez0 (@rez0__) Bug Bounty2022-12-022023-06-13
738SysmonEoP Local Privilege Escalation Windows Microsoft Filip Dragovic (@filip_dragovic) Bug Bounty2022-12-032023-06-13
7373 Step IDOR in HackerResume IDOR HackerResume Swapnil Maurya (@swapmaurya20) Bug Bounty2022-12-032023-06-13
736A $$$ worth of cookies! | Reflected DOM-Based XSS | Bug Bounty POC DOM XSS NA Haroon Hameed (@HaroonHameed40) Bug Bounty2022-12-032023-06-13
735Account Takeover - Inside The Tenant Account takeover Information disclosure NA Jerry Shah (@Jerry) Bug Bounty2022-12-032023-06-13
734Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys Android Hardcoded credentials Client-side encryption bypass NA Aditya Dixit (@zombie007o) Bug Bounty2022-12-032023-06-13
733Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability Zip Slip attack Path traversal Source code disclosure Drupal Egidio Romano / EgiX Bug Bounty2022-12-032023-06-13
732URL Validation Bypass Using Browser URI Normalization URL validation bypass NA Marx Chryz Del Mundo Bug Bounty2022-12-042023-06-13
731The most underrated injection of all time — CYPHER INJECTION. How I found and exploited it ? Cypher injection SSRF NA Ashutosh Dutta (@maniacmarvel_) Bug Bounty2022-12-042023-06-13
730Hijacking GitHub Repositories by Deleting and Restoring Them Repojacking GitHub Joren Vrancken Bug Bounty2022-12-042023-06-13
729Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass SSTI RCE WAF bypass GitHub Peter M (@h1pmnh) Bug Bounty2022-12-042023-06-13
728OTP Leaking Through Cookie Leads to Account Takeover Information disclosure Account takeover NA ag3n7 Bug Bounty2022-12-052023-06-13
727[BAC/IDOR] How my father credit card help me to find this access control issue IDOR Lack of rate limiting NA Xcoder(Joy ahmed) (@xcoder074) Bug Bounty2022-12-052023-06-13
726TheHole New World - how a small leak will sink a great browser (CVE-2021-38003) Memory corruption RCE Google (Chrome) Bruce Chen (@bruce30262) Bug Bounty2022-12-062023-06-13