Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
409The code that wasn’t there: Reading memory on an Android device by accident Kernel hacking Android Memory leak Memory corruption Qualcomm Man Yue Mo (@mmolgtm) Bug Bounty2023-02-232023-06-13
408Exploit Airlines that use T-Mobile for Free WiFi Wifi Payment bypass MAC address spoofing Missing authentication T-Mobile cylect.io (@cylect_io) Bug Bounty2023-02-232023-06-13
407LogicalDOC Vulnerability Disclosure XXE RCE Command injection Privilege escalation LogicalDOC Brett DeWall (@xbadbiddyx) Bug Bounty2023-02-232023-06-13
406How do I take over another user subdomain name worth $$$$ Subdomain takeover NA Parkerzanta (@parkerzanta) Bug Bounty2023-02-232023-06-13
405How I found DOM-Based XSS on Microsoft MSRC and How they fixed it DOM XSS Microsoft Supakiad S. (@Supakiad_Mee) Bug Bounty2023-02-232023-06-13
404How I Used JS files inspection and Fuzzing to do admins/supports stuff Broken Access Control NA Fares Walid (@SirBagoza) Bug Bounty2023-02-232023-06-13
403Escaping well-configured VSCode extensions (for profit) Electron Webview Path traversal Microsoft Vasco Franco Bug Bounty2023-02-232023-06-13
402Blind XSS fired on Admin panel worth $2000 Blind XSS NA Feri Susanto (@feribytex) Bug Bounty2023-02-242023-06-13
401Little bug, Big impact. 25k bounty Hardcoded API keys NA Nightbane (@Nightbanes) Bug Bounty2023-02-242023-06-13
400Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer Account takeover DOM XSS Microsoft (Azure) Ngo Wei Lin (@Creastery) Bug Bounty2023-02-242023-06-13
399Exploits Explained: Using APIs to Execute a Server-Side Request Forgery SSRF NA @cor3min3r Bug Bounty2023-02-242023-06-13
398draw.io CVEs SSRF OAuth Open redirect Token leak Security code review draw.io @caioluders Bug Bounty2023-02-242023-06-13
397Authenticated XXE vulnerability in IBM Tivoli Workload Scheduler CVE-2022-38389 XXE IBM Geoffrey Bertoli (@YofBalibump) Bug Bounty2023-02-242023-06-13
396From CVE-2022-33679 to Unauthenticated Kerberoasting Kerberos MiTM Local Privilege Escalation Downgrade attack Microsoft (Windows) Trampas Howe (@trampashowe) Bug Bounty2023-02-252023-06-13
395My P1 — Account Takeover Account takeover IDOR Password reset NA Kullai (@Kullai12) Bug Bounty2023-02-252023-06-13
394Give me a browser, I’ll give you a Shell Local Privilege Escalation Kiosk hacking NA Rend Bug Bounty2023-02-252023-06-13
393Unauthenticated GraphQL Introspection and API calls GraphQL Missing authentication NA Osama Avvan (@osamaavvan) Bug Bounty2023-02-262023-06-13
392How I got a $2000 bounty with RXSS Reflected XSS NA Hashir Sami Khan (@P4n7h3Rx) Bug Bounty2023-02-262023-06-13
391Account Takeover worth of $5 OAuth Account takeover NA Jefferson Gonzales (@gonzxph) Bug Bounty2023-02-262023-06-13
390The Tale of a Command Injection by Changing the Logo RCE OS command injection Unrestricted file upload Directory listing HTTP response manipulation NA 0xrz (@omidxrz) Bug Bounty2023-02-262023-06-13
389Using efficient tooling to hunt GraphQL security issues GraphQL NA Nishant Jain (@realArcherL) Bug Bounty2023-02-262023-06-13
388How did I found RCE on SHAREit which rewarded $$$ bounty Log4shell RCE SHAREit Suprit Pandurangi Bug Bounty2023-02-262023-06-13
387Interesting Stored XSS in sandboxed environment to Full Account Takeover Stored XSS Account takeover NA Anurag__Verma Bug Bounty2023-02-272023-06-13
386Grand Theft Auto - A peek of BLE relay attack Bluetooth BLE Car hacking NA @Kevin2600 Bug Bounty2023-02-272023-06-13
385$10.000 bounty for exposed .git to RCE .git folder disclosure RCE OS command injection NA Lev Shmelev Bug Bounty2023-02-272023-06-13