Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
725How we breached ZDFheute live on television Information disclosure Zweites Deutsches Fernsehen CyberCitizen Bug Bounty2022-12-062023-06-13
724The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 Command injection RCE Security code review Netgear Vu Thi Lan (@lanleft_) Bug Bounty2022-12-062023-06-13
723Cool Vulns Don%27t Live Long - Netgear And Pwn2Own Code injection RCE Security code review Netgear Kevin Denis Bug Bounty2022-12-062023-06-13
722How you can find your first bug using google Information disclosure NA shbugger1 Bug Bounty2022-12-072023-06-13
721A03:2021 — [Injection] SQL Injection through internal directory disclose SQL injection Information disclosure NA Tushar Bug Bounty2022-12-072023-06-13
720DataBinding2Shell: Novel Pathways to RCE Web Frameworks RCE Spring4Shell Spring Grails Haowen Mu (@meizjm3i) Bug Bounty2022-12-072023-06-13
719Race Condition vulnerability in Azure Video Indexer allowed trial account users use Advance / Premium feature Race condition Microsoft (Azure) Vikas Anil Sharma (@vikzsharma) Bug Bounty2022-12-072023-06-13
718CORS Misconfig on Out of scope domain Bug Bounty Writeup (300 USD Reward ) CORS misconfiguration NA Eagle_92 Bug Bounty2022-12-082023-06-13
717{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF WAF bypass SQL injection Palo Alto Networks AWS Cloudflare F5 Imperva Noam Moshe Bug Bounty2022-12-082023-06-13
716STRIPE Live Key Exposed:: Bounty: $1000 Information disclosure NA Vipul Sahu Bug Bounty2022-12-092023-06-13
715Privilege Escalation to remove the owner from the organization Privilege escalation Mass assignment NA Hemant Kumar Bug Bounty2022-12-092023-06-13
714The first step to PWN2OWN - A sad one Command injection Netgear Vương Quốc Huy Bug Bounty2022-12-092023-06-13
713Public Report – VPN by Google One Security Assessment Android iOS DoS Windows MacoS Local Privilege Escalation Google Daniel Romero (@daniel_rome) Bug Bounty2022-12-092023-06-13
712Automate Cross-Site Scripting (XSS) exploitation with unusal events and Burp Intruder XSS WAF bypass NA Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-12-102023-06-13
711Scoring $$$ for a very simple bug : You don’t always need proxy tools IDOR NA MRD7 (@_mrd7_) Bug Bounty2022-12-102023-06-13
705How “I hacked the Dutch government and got the lousy t-shirt” XSS Dutch Government IamDEAD Bug Bounty2022-12-112023-06-13
704How I became a millionaire in 3h | Fintech Bug Bounty — Part 1 IDOR Lack of rate limiting Logic flaw NA 0x4KD (@0x4kd) Bug Bounty2022-12-122023-06-13
703PII data exfiltration within minutes Information disclosure NA Mayank Garg Bug Bounty2022-12-122023-06-13
702Not usual CSP bypass case Unrestricted file upload XSS CSP bypass NA Karol Mazurek Bug Bounty2022-12-122023-06-13
701CVE-2022-20942: It%27s not old functionality, it%27s vintage Information disclosure Cisco Silver Security (@SugarFiendSec) Bug Bounty2022-12-132023-06-13
700CVE-2019–6238: Apple XAR directory traversal vulnerability Local Privilege Escalation Apple Yiğit Can Yılmaz Bug Bounty2022-12-132023-06-13
699AWS ECR Public Vulnerability Cloud Privilege escalation Broken Access Control AWS Gafnit Amiga (@gafnitav) Bug Bounty2022-12-132023-06-13
698Exploiting an SQL injection with WAF bypass SQL injection WAF bypass NA Benoit Philippe Bug Bounty2022-12-132023-06-13
697Doing it the researcher’s way: How I Managed to Get SSTI (Server Side Template Injection) which lead to arbitrary file reading on One of the Leading Payment Systems in Asia SSTI WAF bypass NA JzeeRx Bug Bounty2022-12-132023-06-13
696How I Hacked A Company (My First Red Team Engagement 🚩)Permalink SQL injection NA Monish Kumar (@aidenpearce369) Bug Bounty2022-12-132023-06-13