Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
366Traveling with OAuth - Account Takeover on Booking.com OAuth Account takeover Authentication bypass Open redirect Booking.com KAYAK Aviad Carmel (@AviadCarmel) Bug Bounty2023-03-022023-06-13
336[Account Takeover] Don’t Send a Message to anyone Before Reading This [External Audit] HTTP response manipulation Authentication bypass Account takeover NA Vipul Sahu Bug Bounty2023-03-072023-06-13
335Unauthorized access to Codespace secrets in GitHub Logic flaw Broken Access Control Account takeover GitHub Ophion Security (@OphionSecurity) Bug Bounty2023-03-072023-06-13
333The story of becoming a Super Admin Hardcoded credentials Account takeover Information disclosure NA Ömer Kepenek (@omer_kepenek) Bug Bounty2023-03-082023-06-13
324Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover Authorization bypass JWT Account takeover Microsoft (ClipChamp) Vikas Anil Sharma (@vikzsharma) Bug Bounty2023-03-102023-06-13
318CVE-2022-36413 Unauthorized Reset Password of Zoho ManageEngine ADSelfService Plus Password reset OTP bruteforce Account takeover Authentication bypass Zoho (ManageEngine) Sky Bug Bounty2023-03-102023-06-13
317Account Takeover: An Epic Bug Bounty Story Account takeover Self-XSS Pre-account takeover NA Jaydev Ahire Bug Bounty2023-03-112023-06-13
311How I Leak Other’s Access Token by Exploiting Evil Deeplink Flaw Insecure deeplink Android Account takeover NA Crisdeo Nuel Siahaan Bug Bounty2023-03-132023-06-13
295Bypassing Character Limit - XSS Using Spanned Payload XSS Account takeover NA SMHTahsin33 (@SMHTahsin33) Bug Bounty2023-03-152023-06-13
294OAuth 2.0 Authentication Misconfiguration OAuth Account takeover Open redirect Token leak NA Mohamed Lakhdar Metidji (@minometidjii) Bug Bounty2023-03-162023-06-13
290How I chained multiple High-impact vulnerabilities to create a critical one. Account takeover IDOR OTP bypass HTTP response manipulation NA Vinay Jagetiya (@princej_76) Bug Bounty2023-03-172023-06-13
285Account Takeover with rate limit bypass Rate limiting bypass Account takeover NA Shamim Ahamed (@itm4n) Bug Bounty2023-03-182023-06-13
272Story of a Beautiful Account Takeover. Account takeover OTP bypass NA Ambush Neupane (@N_ambush) Bug Bounty2023-03-232023-06-13
255BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained Account takeover Azure AD Cloud XSS Privilege escalation Microsoft (Bing) Hillai Ben-Sasson (@hillai) Bug Bounty2023-03-292023-06-13
253Hacking Admin Panel & Getting free subscription Exposed registration API Privilege escalation Account takeover NA Zeeshan Mustafa (@by6153) Bug Bounty2023-03-292023-06-13
235Simple Bugs 0x01: Password Changing to Account Takeover! Account takeover CSRF NA Vitor Falcao (@egl_falcao) Bug Bounty2023-04-032023-06-13
229Post Account Takeover? Account Takeover of Internal Tesla Accounts Account takeover SSO Tesla Evan Connelly (@Evan_Connelly) Bug Bounty2023-04-042023-06-13
216Steal authentication token with one-click on misconfigured WebView. Android Webview Account takeover NA Kerolos A. Saber (@0xWise) Bug Bounty2023-04-082023-06-13
215How I was able to change password of any corporate user Account takeover Password reset Authentication bypass NA CH3TAN Bug Bounty2023-04-092023-06-13
213Account Take Over (Via an API) Account takeover Information disclosure Broken Access Control Cryptographic issues NA Thabiso Mokoena Bug Bounty2023-04-102023-06-13
191A Big company Admin Panel takeover $4500 Authentication bypass 40x bypass Account takeover NA nanwn Bug Bounty2023-04-172023-06-13
177How I hacked hackers in Voorivex Hunt Event Cloudflare bypass WAF bypass Account takeover NA snoopy (@snoopy101101) Bug Bounty2023-04-192023-06-13
163How careless default credentials impact to massive account takeover Authentication bypass Account takeover Weak credentials NA M Maulana Abdullah Bug Bounty2023-04-222023-06-13
124Privilege Escalations through Integrations Privilege escalation Amazon cognito misconfiguration JWT Account takeover NA Colin McQueen Bug Bounty2023-05-042023-06-13
85From GitHub To Account Takeover: Misconfigured Actions Place GCP & AWS Accounts At Risk Account takeover Cloud OpenID Connect CI/CD NA Rezonate Bug Bounty2023-05-162023-06-13