Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1103How I was able to see likes count even though is hidden by victim | YouTube Information disclosure Logic flaw Google R ando (@Rando02355205) Bug Bounty2022-09-082023-06-13
1093Contentful Access Token Disclosure in Android APK Information disclosure Android NA Cyberali Bug Bounty2022-09-122023-06-13
1081How I abused the file upload function to get a high severity vulnerability in Bug Bounty Unrestricted file upload Information disclosure NA Omar Hashem (@OmarHashem666) Bug Bounty2022-09-142023-06-13
1069Bug Bounty { How I found an Sensitive Information Disclosure( Reconnaissance ) } Information disclosure NA S Rahul (@7srambo) Bug Bounty2022-09-182023-06-13
1068Turning Your Computer Into a GPS Tracker With Apple Maps Privacy issue Information disclosure Apple Ron Masas (@RonMasas) Bug Bounty2022-09-182023-06-13
1067Android Application Forgot Password Token Leakage Leading to Account Takeover Information disclosure Password reset Account takeover Android NA Cyberali Bug Bounty2022-09-192023-06-13
1037Blind XSS on Admin Portal Leads to Information Disclosure Blind XSS NA Rohit Kumar (Rohit_443) Bug Bounty2022-09-242023-06-13
1029“Hey Siri, follow that car!” - How traffic cameras expose your location through parking apps. Information disclosure Session hijacking NA Inti De Ceukelaire (@securinti) Bug Bounty2022-09-262023-06-13
1009Tale of Easy P1 Bugs in Wild Forced browsing 403 bypass Information disclosure NA Harsh Tandel Bug Bounty2022-10-012023-06-13
1004My First And Second Bugs Are — 2FA Bypass MFA bypass HTTP response manipulation Information disclosure NA Jai Niresh J Bug Bounty2022-10-032023-06-13
1000How I Found A P1 Bug Authentication bypass Information disclosure NA Amith Bug Bounty2022-10-052023-06-13
990Full Company Building Takeover Information disclosure NA Omar Hashem (@OmarHashem666) Bug Bounty2022-10-062023-06-13
985The easiest bug to get a Hall of fame from a Billion dollar company. GraphQL Information disclosure GeHealthcare Ravaan Bug Bounty2022-10-102023-06-13
939Vulnerabilities in Tenda%27s W15Ev2 AC1200 Router OS command injection Buffer Overflow Memory corruption Stored XSS Authorization flaw Information disclosure Tenda Olivier Laflamme (@olivier_boschko) Bug Bounty2022-10-192023-06-13
920How I Found Three Credentials Leak on One Google Dork on Bugcrowd program Information disclosure Cengage Ittipatjitrada (@IttipatJitrada) Bug Bounty2022-10-242023-06-13
918Finding Multiple Security Issues on Agorapulse Log4shell RCE Information disclosure Broken Access Control Privilege escalation Agorapulse Snap Sec (@snap_sec) Bug Bounty2022-10-242023-06-13
906GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown OS command injection Arbitrary file read Information disclosure Account takeover Stored XSS Lack of rate limiting Weak credentials Password policy bypass GL.iNet Olivier Laflamme (@olivier_boschko) Bug Bounty2022-10-262023-06-13
897Misconfigured AWS S3 Bucket (Information Disclosure & Subdomain Takeover) AWS misconfiguration NA Gokhan Guzelkokar (@gkhck_) Bug Bounty2022-10-272023-06-13
8852FA Bypass due to information disclosure & Improper access control. DoS MFA bypass NA Akash Hamal (@AkashHamal0x01) Bug Bounty2022-10-312023-06-13
880urlscan.io%27s SOAR spot: Chatty security tools leaking private data Information disclosure NA Fabian Bräunlein Bug Bounty2022-11-012023-06-13
878How I Get 5x Swag From Sony DOM XSS Directory listing Default credentials Information disclosure Sony Naeem Ahmed Sayed (@0xNaeem) Bug Bounty2022-11-022023-06-13
868Case of Admin Bypass for RCE, XSS, and Information Disclosure RCE Unrestricted file upload Stored XSS Information disclosure NA Sam Paredes (@caffeinevulns) Bug Bounty2022-11-032023-06-13
818Information Exposure — My Fourth Finding on Hackerone! Directory listing Information disclosure NA mehedishakeel (@mehedishakeel) Bug Bounty2022-11-172023-06-13
792CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You RCE DNS rebinding Information disclosure Tailscale Jamie McClymont (@JJJollyjim) Bug Bounty2022-11-222023-06-13
762Improper error handling leads to exposing internal tokens Information disclosure NA Agnieszka Pietruczuk Bug Bounty2022-11-282023-06-13