Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
695Privilege escalation leads to deleting other user’s account and company Workspace [Access Control] Privilege escalation Broken Access Control NA Pratik Gaikwad Bug Bounty2022-12-142023-06-13
694You’ve Crossed the Line — Disturbing a Host’s Rest Windows MS-RPC DoS Microsoft Ben Barnea (@nachoskrnl) Bug Bounty2022-12-142023-06-13
693CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution Websockets RCE Arbitrary file write Path traversal OnlyOffice Iain Wallace (@strawp) Bug Bounty2022-12-142023-06-13
691CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution Websockets XSS RCE Arbitrary file write Path traversal OnlyOffice Iain Wallace (@strawp) Bug Bounty2022-12-142023-06-13
690Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashes SSO IDOR Missing authentication HAwebsso.nl Jonathan Bouman (@JonathanBouman) Bug Bounty2022-12-142023-06-13
689FlowscreenComponents Basepack, Version 3.0.7 Advisory XSS Security code review UnofficialSF Matthew Rutledge Bug Bounty2022-12-152023-06-13
688Missing Bricks: Finding Security Holes in LEGO APIs XSS XXE LEGO Shiran Yodev Bug Bounty2022-12-152023-06-13
687Foxit PDF Reader - Use after Free - Remote Code Execution Exploit - CVE-2022-28672 Memory corruption Use-After-Free Foxit Ashfaq Ansari (@HackSysTeam) Bug Bounty2022-12-162023-06-13
686Param Hunting to Injections HTML injection XSS NA 302 Found Bug Bounty2022-12-162023-06-13
685CVE-2022-42710: A journey through XXE to Stored-XSS Stored XSS XXE Security code review Linear Omar Hashem (@OmarHashem666) Bug Bounty2022-12-162023-06-13
684Simple CORS misconfig leads to disclose the sensitive token worth of $$$ CORS misconfiguration Token leak Linear Ramalingasamy Bug Bounty2022-12-162023-06-13
683The Bug That Kept On Giving :: PaymentBypass :: Response Manipulation Payment bypass Logic flaw NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2022-12-162023-06-13
682I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS Stored XSS Self-XSS Zoom Eugene Lim (@spaceraccoonsec) Bug Bounty2022-12-172023-06-13
681Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability Local Privilege Escalation GateKeeper bypass Apple (macOS) Jonathan Bar Or (@yo_yo_yo_jbo) Bug Bounty2022-12-172023-06-13
680Directory Traversal Vulnerability in Huawei HG255s Products Path traversal Huawei Ismail Tasdelen Bug Bounty2022-12-172023-06-13
679How I was able to steal users credentials via Swagger UI DOM-XSS DOM XSS Old components with known vulnerabilities NA Mohamed Reda (@M0x0101) Bug Bounty2022-12-182023-06-13
678Better Make Sure Your Password Manager Is Secure Hardcoded credentials XSS Cryptographic issues Authorization flaw Authentication bypass Click Studios kuekerino (@kuekerino) Bug Bounty2022-12-192023-06-13
677Cengage LTI Session Management Leakage SSO Session management issue Cengage Tony Porterfield Bug Bounty2022-12-202023-06-13
676How I found my first XSS on a Bug Bounty Program XSS Coinbase Vikas Anand (@kingcoolvikas) Bug Bounty2022-12-202023-06-13
675[GraphQL IDOR]Leaking credit card information of 1000s of users IDOR GraphQL NA Vipul Sahu Bug Bounty2022-12-202023-06-13
674How I got a 4 digits(₹) bounty from an Indian company Broken link hijacking NA RV Sharma Bug Bounty2022-12-202023-06-13
673From PostAuth RCE to PreAuth RCE on Liferay Portal RCE Insecure deserialization NA RV Sharma Bug Bounty2022-12-202023-06-13
672Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities MacOS Local Privilege Escalation SIP bypass Apple (macOS) Mickey Jin (@patch1t) Bug Bounty2022-12-202023-06-13
671Owning half of a government assets through AWS Information disclosure Hardcoded API keys NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2022-12-202023-06-13
670A Technical Analysis of CVE-2022-22583 and CVE-2022-32800 MacOS Local Privilege Escalation SIP bypass Apple (macOS) Mickey Jin (@patch1t) Bug Bounty2022-12-212023-06-13