Write-ups
Check The Published Writeups
| WDB | Title | Tags | Programs | Authors | Type | Publication | Added |
|---|---|---|---|---|---|---|---|
| 73 | Official extension spoofing attacks: when trusted add-ons are not so trusted | Extension spoofing Account takeover XSS | NA | Yesenia Trejo (@Yess_2021xD) | Bug Bounty | 2023-05-19 | 2023-06-13 |
| 60 | Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services | OAuth Account takeover | Expo Codeacademy.com | Aviad Carmel (@AviadCarmel) | Bug Bounty | 2023-05-24 | 2023-06-13 |
| 45 | Hunting For Password Reset Tokens By Spraying And Using HTTP Pipelining | Password reset Account takeover | NA | Tom Neaves | Bug Bounty | 2023-05-30 | 2023-06-13 |
| 32 | Rate Limit Bypass Leads to 0 Click ATO | Rate limiting bypass Bruteforce Password reset Account takeover | NA | ZeroXUF (@ZeroXUF) | Bug Bounty | 2023-06-04 | 2023-06-13 |
| 29 | Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability | XSS Account takeover OAuth | TikTok | mrhavit | Bug Bounty | 2023-06-04 | 2023-06-13 |