Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
541OpenEMR - Remote Code Execution in your Healthcare System RCE XSS LFI Arbitrary file read Security code review OpenEMR Dennis Brinkrolf (@DBrinkrolf) Bug Bounty2023-01-262023-06-13
540Ransacking your password reset tokens Account takeover Password reset Bruteforce Ransack library Lukas Euler Bug Bounty2023-01-262023-06-13
539How I Found My First Bug in Android App Android Authentication bypass Insecure intent NA Barath Stalin Bug Bounty2023-01-262023-06-13
538Bypassing OGNL sandboxes for fun and charities OGNL injection Atlassian Apache Struts Alvaro Muñoz (@pwntester) Bug Bounty2023-01-272023-06-13
537Disclosing Facebook page admins by playing a game Logic flaw Information disclosure Meta / Facebook Sudip Shah Bug Bounty2023-01-282023-06-13
536PHP Development Server <= 7.4.21 - Remote Source Disclosure Source code disclosure Information disclosure Security code review PHP Rahul Maini (@iamnoooob) Bug Bounty2023-01-282023-06-13
535CVE-2022-44789 Memory corruption Use-After-Free RCE Security code review Artifex MuJS Alvin Ng (@alngpwn) Bug Bounty2023-01-282023-06-13
534Adobe Acrobat Reader - resetForm - CAgg UaF - RCE Exploit - CVE-2023-21608 Memory corruption Use-After-Free RCE Adobe Ashfaq Ansari (@HackSysTeam) Bug Bounty2023-01-282023-06-13
533Bypassing account lockout through password reset functionality Rate limiting bypass NA Akash c Bug Bounty2023-01-282023-06-13
532Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315) RCE Arbitrary file write SSTI Security code review Froxlor Askar (@mohammadaskar2) Bug Bounty2023-01-292023-06-13
528Blind XSS To SSRF Blind XSS SSRF NA Akash c Bug Bounty2023-01-292023-06-13
527How I was able to find 4 Cross-site scripting (XSS) on vulnerability disclosure program ? XSS NA DrakenKun Bug Bounty2023-01-292023-06-13
526The 100+ Million Person Data Disclosure IDOR NA Jason Haddix (@Jhaddix) Bug Bounty2023-01-292023-06-13
525Discovered a Critical IDOR and Earned $900 for My First P1 Vulnerability! IDOR NA Abhisek R (@abh1sek_r) Bug Bounty2023-01-292023-06-13
524How I Found an Insecure Direct Object Reference in TikTok IDOR TikTok mrhavit Bug Bounty2023-01-292023-06-13
523How i hacked all Zendesk sites 265,000 site by one line Web cache poisoning Zendesk Ahmed Salah Abdalhfaz (@Elsfa7-110) Bug Bounty2023-01-302023-06-13
522How I bypassed the registration validation and logged-in with the company email Email verification bypass NA Khaledyassen Bug Bounty2023-01-302023-06-13
521Unserializable, But Unreachable: Remote Code Execution On vBulletin RCE Insecure deserialization Security code review vBulletin Charles Fol (@cfreal_) Bug Bounty2023-01-312023-06-13
520Can%27t Wait to Shut You Down — Remote DoS Using Wininit.exe DoS MS-RPC Windows Microsoft Stiv Kupchik (@kupsul) Bug Bounty2023-01-312023-06-13
519Remote Command Execution in binwalk RCE Path traversal Security code review ReFirm Labs (binwalk) ubi_reader jefferson yaffshiv Quentin Kaiser (@QKaiser) Bug Bounty2023-01-312023-06-13
518Reversing UK mobile rail tickets Reverse engineering Android NA Zeeshan Mustafa (@by6153) Bug Bounty2023-01-312023-06-13
517Mass Account takeover by bypassing 2 FA MFA bypass IDOR Account takeover NA Zeeshan Mustafa (@by6153) Bug Bounty2023-01-312023-06-13
516Broken Function Level Authorization leads to disclosing PII Information of all company users Broken Function Level Authorization Information disclosure NA Mirza Muhammad Fauzan Bug Bounty2023-01-312023-06-13
515CVE-2023-22374: F5 BIG-IP Format String Vulnerability Format string vulnerability Memory corruption F5 Ron Bowes (@iagox86) Bug Bounty2023-02-012023-06-13
514RCE in Avaya Aura Device Services RCE Security code review XSS WebDAV Avaya Dylan Pindur Bug Bounty2023-02-012023-06-13