Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
332PwnAgent: A One-Click WAN-side RCE in Netgear RAX Routers with CVE-2023-24749 RCE OS command injection Security code review Netgear Zion Basque (@mahal0z) Bug Bounty2023-03-082023-06-13
331How I got Owned A Multi-Billion Dollar Retailer’s MySQL Databases Using Simple SQL Injection SQL injection NA nav1n (@nav1n0x) Bug Bounty2023-03-082023-06-13
330CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE RCE XSS Security code review Jenkins Ilay Goldman (@GoldmanIlay) Bug Bounty2023-03-082023-06-13
329Self XSS To Stored Through IDOR/ IDOR Self-XSS Stored XSS NA Arben Shala (@arbennsh) Bug Bounty2023-03-082023-06-13
328The Silent Spy Among Us: Modern Attacks Against Smart Intercoms IoT OS command injection Missing authentication MiTM SIP Akuvox Claroty%27s Team82 (@Claroty) Bug Bounty2023-03-092023-06-13
327EJS - Server Side Prototype Pollution gadgets to RCE Server-side prototype pollution RCE Security code review Node.js third-party modules (EJS) Mizu (@kevin_mizu) Bug Bounty2023-03-092023-06-13
326Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation) Local Privilege Escalation IoT NA Sean Pesce (@SeanPesce) Bug Bounty2023-03-092023-06-13
325Wait Time Bypass for fun and Profit Rate limiting bypass Automattic the_unluck_guy (@7he_unlucky_guy) Bug Bounty2023-03-102023-06-13
324Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover Authorization bypass JWT Account takeover Microsoft (ClipChamp) Vikas Anil Sharma (@vikzsharma) Bug Bounty2023-03-102023-06-13
323I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability. SQL injection GraphQL NA nav1n (@nav1n0x) Bug Bounty2023-03-102023-06-13
322Rxss inside href attribute - Bypassing lots of weird checks to takeover accounts! Reflected XSS WAF bypass NA Ashutosh Dutta (@maniacmarvel_) Bug Bounty2023-03-102023-06-13
321Default Credentials on Sony- Swag Time Hardcoded credentials Information disclosure Sony Arman (@M7arm4n) Bug Bounty2023-03-102023-06-13
320Improper Authentication in Android App Logic flaw Authentication flaw HTTP response manipulation NA oXnoOneXo Bug Bounty2023-03-102023-06-13
319Bugging Out: My Experience of Earning $300 for Reporting an Unexpected Bug Subdomain takeover NA Charlie : The Hacker Bug Bounty2023-03-102023-06-13
318CVE-2022-36413 Unauthorized Reset Password of Zoho ManageEngine ADSelfService Plus Password reset OTP bruteforce Account takeover Authentication bypass Zoho (ManageEngine) Sky Bug Bounty2023-03-102023-06-13
317Account Takeover: An Epic Bug Bounty Story Account takeover Self-XSS Pre-account takeover NA Jaydev Ahire Bug Bounty2023-03-112023-06-13
316[Netflix][Smart TV] — Chaining Self-XSS with Session poisoning. Self-XSS Cookie injection Session management issue Netflix Lyubomir Tsirkov (@lyubo_tsirkov) Bug Bounty2023-03-112023-06-13
315CCAI XSS Google NDevTK (@ndevtk) Bug Bounty2023-03-112023-06-13
314The story of how I was able to chain SSRF with Command Injection Vulnerability SSRF OS command injection RCE NA Raj Qureshi (@RajQureshi9) Bug Bounty2023-03-122023-06-13
313P1 Vulnerability by Bypassing the membership payment page Payment bypass NA Viktor Mares Bug Bounty2023-03-122023-06-13
312Dolibarr : unauthenticated contacts database theft SQL injection Security code review Dolibarr Vladimir Bug Bounty2023-03-132023-06-13
311How I Leak Other’s Access Token by Exploiting Evil Deeplink Flaw Insecure deeplink Android Account takeover NA Crisdeo Nuel Siahaan Bug Bounty2023-03-132023-06-13
310The Time I Hacked Google’s Manual Actions Database Broken Access Control Authorization flaw Google Tom Anthony (@TomAnthonySEO) Bug Bounty2023-03-132023-06-13
309Veeam Backup and Replication CVE-2023-27532 Deep Dive Local Privilege Escalation Veeam James Horseman (@JamesHorseman2) Bug Bounty2023-03-132023-06-13
308Microsoft Defender for Cloud Management Port Exposure Confusion Cloud Security misconfiguration Microsoft Aaron Sawitsky Bug Bounty2023-03-142023-06-13