Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
616PandoraFMS - Pre-Auth Remote Code Execution RCE Path traversal Arbitrary file upload LFI Security code review PandoraFMS esj4y (@esj4y) Bug Bounty2023-01-062023-06-13
615I scanned every package on PyPi and found 57 live AWS keys Information disclosure Amazon Intel Stanford The Australian Government Tom Forbes Bug Bounty2023-01-062023-06-13
614Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability CORS misconfiguration Google Borna Nematzadeh (@LogicalHunter) Bug Bounty2023-01-062023-06-13
613Advanced CSRF Exploitation CSRF Stored XSS NA Sandro Einfeldt Bug Bounty2023-01-072023-06-13
612The Bug That Kept On Giving :: PaymentBypass :: QR CODE Payment bypass NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2023-01-072023-06-13
611The SSRF that Brought down a Server SSRF DoS NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2023-01-072023-06-13
610Bug hunting: Open access to S3 bucket AWS misconfiguration NA Raghul Raj Bug Bounty2023-01-092023-06-13
609Uploading the Webshell using filename of Content-Disposition Header Story! Unrestricted file upload Arbitrary file write NA Yashar Mohagheghi Bug Bounty2023-01-092023-06-13
608Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approval IDOR Authorization flaw Meta / Facebook Dzmitry Lukyanenka (@vulnano) Bug Bounty2023-01-092023-06-13
607Lexmark MC3224adwe RCE exploit RCE SSRF Printer hacking Unrestricted file upload Local Privilege Escalation Lexmark blasty (@bl4sty) Bug Bounty2023-01-092023-06-13
606Hacking Hackers for fun and profit Self-XSS Blind XSS NA Valeriy Shevchenko (@Krevetk0Valeriy) Bug Bounty2023-01-092023-06-13
605Full Team Takeover Broken Access Control Logic flaw NA Tuhin Bose (@tuhin1729_) Bug Bounty2023-01-092023-06-13
604“2022: A Year of Fascinating Discoveries” CSRF SSRF Blind XSS Password reset Hyperlink injection IDOR Weak credentials AWS misconfiguration NA dhakal_bibek (@dhakal__bibek) Bug Bounty2023-01-092023-06-13
603Practical Example Of Client Side Path Manipulation Client-side Path Traversal NA Antoine Roly (@aroly) Bug Bounty2023-01-092023-06-13
602Full Team Takeover Account takeover Broken Access Control NA Tuhin Bose (@tuhin1729_) Bug Bounty2023-01-092023-06-13
601How I Earned $1000 From Business Logic Vulnerability (account takeover) Logic flaw Account takeover NA andika Bug Bounty2023-01-102023-06-13
600SSD Advisory – MacOS Mozilla Firefox Download Protections Were Bypassed By .atloc / .ftploc Files Local Privilege Escalation Mozilla (Firefox) Dohyun Lee Bug Bounty2023-01-112023-06-13
599Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen Local Privilege Escalation Browser hacking Symbolic link following Google (Chrome & Chromium) Ron Masas (@RonMasas) Bug Bounty2023-01-112023-06-13
598Client-Side SSRF to Google Cloud Project Takeover [Google VRP] SSRF CSRF Open redirect Google Dohyun Lee Bug Bounty2023-01-122023-06-13
597DER Entitlements: The (Brief) Return of the Psychic Paper iOS MacOS Local Privilege Escalation Apple Ivan Fratric (@ifsecure) Bug Bounty2023-01-122023-06-13
596SSH key injection in Google Cloud Compute Engine [Google VRP] OS command injection RCE Google Sivanesh Ashok (@sivaneshashok) Bug Bounty2023-01-122023-06-13
595Bad things come in large packages: .pkg signature verification bypass on macOS Local Privilege Escalation GateKeeper bypass SIP bypass MacOS Apple Sector 7 (@sector7_nl) Bug Bounty2023-01-132023-06-13
594Bypassing authorization in Google Cloud Workstations [Google VRP] Account takeover OAuth URL validation bypass Google Sivanesh Ashok (@sivaneshashok) Bug Bounty2023-01-132023-06-13
593Exploiting Application Logic to Phish Internal Mailing Lists Phishing NA Tanner Emek (@itscachemoney) Bug Bounty2023-01-132023-06-13
592How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415) RCE Browser hacking Mozilla (Firefox) Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2023-01-142023-06-13