Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
513An IDOR vulnerability often hides many others IDOR GraphQL NA Allam Rachid (@blank_cold) Bug Bounty2023-02-012023-06-13
512ImageMagick: The hidden vulnerability behind your online images Application-level DoS Arbitrary file read Security code review ImageMagick Bryan Gonzalez Bug Bounty2023-02-012023-06-13
511CentreStack Disclosure Authentication bypass Password reset Unrestricted file upload RCE Gladinet (CentreStack) Michael Rand Bug Bounty2023-02-022023-06-13
510Vulnerability Causing Deletion of All Users in CrushFTP Admin Area Application-level DoS CrushFTP Jean Calvin Mugabo Bug Bounty2023-02-022023-06-13
509Exploits Explained: Java JMX’s Exploitation Problems and Resolutions RCE NA Nicolas Krassas (@Dinosn) Bug Bounty2023-02-022023-06-13
508Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails RCE Security code review Missing authentication Insecure deserialization IBM Maxwell Garrett (@TheGrandPew) Bug Bounty2023-02-022023-06-13
507WEEKEND DESTROYER - RCE in Western Digital PR4100 NAS RCE Hardcoded credentials Privilege escalation Western Digital Pedro Ribeiro (@pedrib1337) Bug Bounty2023-02-022023-06-13
506Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1 Local Privilege Escalation Windows Thick client Docker Eviatar Gerzi Bug Bounty2023-02-022023-06-13
505IDOR - Inside the Session Storage IDOR NA Jerry Shah (@Jerry) Bug Bounty2023-02-022023-06-13
504Host Header Injection to Complete Organization takeover SSRF Host header injection Privilege escalation NA Muhammad Umer Adeem Bug Bounty2023-02-022023-06-13
503Discovering 5 XSS Vulnerabilities In a Simple Way With Xssor.go Reflected XSS NA Fares Walid (@SirBagoza) Bug Bounty2023-02-022023-06-13
502WEEKEND DESTROYER - RCE in Western Digital PR4100 NAS RCE Hardcoded credentials Privilege escalation Cryptographic issues Security code review Western Digital Pedro Ribeiro (@pedrib1337) Bug Bounty2023-02-022023-06-13
501Azure security — Internal recon leveraging lack of access control Azure AD Cloud Security misconfiguration Privilege escalation Microsoft (Azure) Molx32 Bug Bounty2023-02-022023-06-13
500Play with Google, Twitter, Apple, Dell XSS HTML injection IDOR Information disclosure Google Twitter Apple Dell rezaduty (@rezaduty) Bug Bounty2023-02-032023-06-13
499Authentication Bypass in Izanami Docker image 1.10.22 CVE-2023-22495 Authentication bypass JWT Security code review Container security Izanami Raphaël Lob Bug Bounty2023-02-032023-06-13
498postMessage DOM XSS vulnerability in Gartner Peer Insights widget postMessage DOM XSS Gartner Gradle LogRhythm SentinelOne Synopsys Veeam Vodafone Black Kite ReversingLabs Tata Communications Justin Steven (@justinsteven) Bug Bounty2023-02-042023-06-13
497SSO Gadgets: Escalate (Self-)XSS to ATO SSO OAuth Account takeover Self-XSS Login CSRF NA Lauritz Holtmann (@_lauritz_) Bug Bounty2023-02-042023-06-13
496I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35 Logic flaw Google (Youtube) R ando (@Rando02355205) Bug Bounty2023-02-052023-06-13
495Easy Account Takeover on dell subdomain Password reset Account takeover Dell Mohamed Fares (@_2os5) Bug Bounty2023-02-052023-06-13
494How we made $120k bug bounty in a year with good automation XSS Security misconfiguration Log4shell Debug mode enabled NA Dawid Moczadło (@kannthu1) Bug Bounty2023-02-062023-06-13
493GoAnywhere MFT - A Forgotten Bug Insecure deserialization Security code review Fortra (GoAnywhere) Florian Hauser (@frycos) Bug Bounty2023-02-062023-06-13
492Apache SCXML Remote Code Execution RCE Security code review Apache SCXML pyn3rd (@pyn3rd) Bug Bounty2023-02-062023-06-13
491Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console Rate limiting bypass Bruteforce AWS Christophe Tafani-Dereeper (@christophetd) Bug Bounty2023-02-062023-06-13
490Hacking into Toyota’s global supplier management network Authentication bypass Backdoor Toyota Eaton Z. (@XeEaton) Bug Bounty2023-02-062023-06-13
489A zero day for the government’s “demo servers” and internal networks XSS NA fopwn Bug Bounty2023-02-062023-06-13