Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
488The Linux Kernel and the Cursed Driver Kernel hacking NULL pointer dereference Linux Kernel Organization Alon Zahavi (@Alon_Z4) Bug Bounty2023-02-072023-06-13
487Post-Exploitation: Abusing the KeePass Plugin Cache Local Privilege escalation Windows KeePass Kevin Minacori Bug Bounty2023-02-072023-06-13
486Code Injection via Python Sandbox Escape — how I got a shell inside a network. Code injection RCE NA Viktor Mares Bug Bounty2023-02-072023-06-13
485[CVE-2023-22855] Kardex MLOG - Insecure path join to RCE via SSTI RCE SSTI Security code review NA Patrick Hener (@C1sc01) Bug Bounty2023-02-072023-06-13
484How I Got +1000$ by Clickjacking Clickjacking NA W13DOM Bug Bounty2023-02-072023-06-13
483Bypassing API Restrictions for Fun and Profit Payment bypass Logic flaw NA Arnav Tripathy Bug Bounty2023-02-072023-06-13
481Reflected XSS on Target with tough WAF ( WAF Bypass ) Reflected XSS WAF bypass NA Eagle_92 Bug Bounty2023-02-082023-06-13
480Chaining Bugs to get my First Bug Bounty CSRF Open redirect Clickjacking Account takeover NA ag3n7 (@ag3n7apk) Bug Bounty2023-02-082023-06-13
479Pwn2Owning Two Hosts At The Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization Insecure deserialization RCE Security code review Inductive Automation Ignition Piotr Bazydło (@chudyPB) Bug Bounty2023-02-082023-06-13
478Exploit Development – A Sincere Form of Flattery MS-RPC RCE NA moth Bug Bounty2023-02-092023-06-13
477Exploits Explained: Default Credentials Still a Problem Today Default credentials NA Popeax Bug Bounty2023-02-092023-06-13
476Azure Ad Kerberos Tickets: Pivoting To The Cloud Active Directory Cloud Lateral movement NA Edwin David Bug Bounty2023-02-092023-06-13
475How I got $$$$ Bounty within 5 mins RCE Components with known vulnerabilities NA Hashir Khan (@P4n7h3Rx) Bug Bounty2023-02-092023-06-13
474Cracking The Odd Case Of Randomness In Java Cryptographic issues NA Joseph (@josep68_) Bug Bounty2023-02-092023-06-13
472Elevation of privileges from Everyone through Avast Sandbox to System AmPPL (CVE-2021-45335, CVE-2021-45336 and CVE-2021-45337) Local Privilege Escalation Avast Denis Skvortcov (@Denis_Skvortcov) Bug Bounty2023-02-092023-06-13
471Information disclosure or GDPR breach? A Google tale… Privacy issue Information disclosure Missing authentication Google Luke Berner Bug Bounty2023-02-102023-06-13
470LocalPotato - When Swapping The Context Leads You To SYSTEM Windows NTLM Local Privilege Escalation Microsoft Andrea Pierini (@decoder_it) Bug Bounty2023-02-102023-06-13
469Disabling js for the win Unrestricted file upload RCE NA Vuk Ivanovic Bug Bounty2023-02-102023-06-13
468HubSpot Full Account Takeover in Bug Bounty Account takeover Hyperlink injection Password reset HubSpot Omar Hashem (@OmarHashem666) Bug Bounty2023-02-112023-06-13
467We Hacked GitHub for a Month: Here’s What We Found Pre-account takeover Broken Access Control Email verification bypass Logic flaw GitHub Shivam Kumar Singh (@MrRajputHacker) Bug Bounty2023-02-112023-06-13
466A tale of a full Business Takeover — Red Team Diaries MITM Credential stuffing Password spraying NA Dhanesh Dodia - HeyDanny (@Dhanesh_Dodia) Bug Bounty2023-02-112023-06-13
465Vulnerabilities due to XML files processing: XXE in C# applications in theory and in practice XXE BlogEngine.NET Sergey Vasiliev (@_SergVasiliev_) Bug Bounty2023-02-112023-06-13
464IDOR Leads to MASS Account Takeover IDOR Account takeover NA Yaseen Zubair Bug Bounty2023-02-122023-06-13
463XXE with Auto-Update in install4j XXE Security code review Prosys OPC Florian Hauser (@frycos) Bug Bounty2023-02-122023-06-13
462SSRF That Allowed Us to Access Whole Infra Web Services and Many More SSRF NA Basavaraj Banakar (@basu_banakar) Bug Bounty2023-02-122023-06-13