Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
642LDAP anonymous login story of my 3 simple P3 findings LDAP anonymous login Department of Homeland Security Tamim Hasan (@tamimhasan404) Bug Bounty2022-12-282023-06-13
641Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000 Exposed registration page NA Manav Bankatwala (@ManavBankatwala) Bug Bounty2022-12-282023-06-13
640Feedback Analyzer Exploitation Information disclosure NA hacker_might Bug Bounty2022-12-282023-06-13
639Getting Secret Key to Building Custom Burp Extension SQL injection NA Ashlyn Lau Bug Bounty2022-12-292023-06-13
638Account Takeover Due to Cognito Misconfiguration Earns Me €xxxx Amazon cognito misconfiguration Account takeover NA Mukund Bhuva (@MukundBhuva) Bug Bounty2022-12-292023-06-13
637How I got a Bug At Apple that lead’s to takeover accounts of any user who view my profile XSS Account takeover Apple Abdelkader Mouaz (@hamzadzworm) Bug Bounty2022-12-292023-06-13
636Exploring the World of ESI Injection ESI injection WAF bypass XSS NA Sudhanshu Rajbhar (@sudhanshur705) Bug Bounty2022-12-292023-06-13
635CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building SQL injection NA Omar Hashem (@OmarHashem666) Bug Bounty2022-12-302023-06-13
634Subdomain Hijacking Of Any Qwilr’s Customer Subdomain takeover NA Prial Islam Khan (@prial261) Bug Bounty2023-01-012023-06-13
633How I took over an admin panel and got $500 Blind XSS Account takeover NA Muhammed Mubarak Bug Bounty2023-01-012023-06-13
632$500 in 5 minutes Broken link hijacking Dropbox CoffeeAddict Bug Bounty2023-01-012023-06-13
631Bypass Premium Account Payment (GetPocket) Payment bypass Mozilla (GetPocket) querylab Bug Bounty2023-01-012023-06-13
630India’s Aadhar card source code disclosure via exposed .svn/wc.db Source code disclosure .svn folder disclosure Aadhaar 0xLittleSpidy (@0xLittleSpidy) Bug Bounty2023-01-022023-06-13
629An amazing way to turn a xss into an ATO XSS Account takeover NA Naka Bug Bounty2023-01-022023-06-13
628Web-Cache Poisoning $$$? Worth it? Web cache poisoning XSS NA Yaseen Zubair Bug Bounty2023-01-022023-06-13
627Exploiting thousands of Domains for XSS XSS GoDaddy Kailash (@Corrupted_brain) Bug Bounty2023-01-022023-06-13
625Bypass firewalls with of-CORs and typo-squatting CORS misconfiguration Tesla Chris Grayson Bug Bounty2023-01-022023-06-13
624Access to page with default credentials that require authenticate $$$. Default credentials NA Adham sayed (doosec101) Bug Bounty2023-01-032023-06-13
623Vue JS Reflected XSS Reflected XSS Blind XSS CORS misconfiguration UI redressing NA sid0krypt (@Siddhar07949650) Bug Bounty2023-01-032023-06-13
622Fetch Diversion DOM XSS NA Nicolas Christin (@acut3hack) Bug Bounty2023-01-032023-06-13
621Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More Account takeover SSO RCE Authorization bypass SQL injection Mass assignment Information disclosure Kia Honda Infiniti Nissan Acura Mercedes-Benz Hyundai Genesis BMW Rolls Royce Ferrari Spireon Ford Reviver Porsche Toyota Jaguar Land Rover SiriusXM Sam Curry (@samwcyo) Bug Bounty2023-01-032023-06-13
620Cacti: Unauthenticated Remote Code Execution RCE Authentication bypass OS command injection Security code review Cacti Stefan Schiller (@scryh_) Bug Bounty2023-01-032023-06-13
619CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise Authentication bypass SSRF Rocket Software Tom Wedgbury Bug Bounty2023-01-042023-06-13
618Prototype Pollution in Python Prototype pollution DoS NA Abdulraheem Khaled (@Abdulrah33mK) Bug Bounty2023-01-042023-06-13
617Blind XSS in Email Field; 1000$ bounty Blind XSS NA Yaseen Zubair Bug Bounty2023-01-052023-06-13