Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
307Hacking the Docker Registry with Burp Suite Docker Registry NA H1Xploit (@H1Xploit) Bug Bounty2023-03-142023-06-13
306Your Browser is Not a Safe Space Local Privilege Escalation Lateral movement NA Corey Ham Bug Bounty2023-03-142023-06-13
305Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability Privilege escalation NTLM Microsoft (Outlook) Dominic Chell (@domchell) Bug Bounty2023-03-142023-06-13
304Vulnerabilities in the TPM 2.0 reference implementation code Memory corruption Out-of-bounds Read Out-of-bounds Write Microsoft VMware Google IBM Lenovo Qemu Nuvoton Trusted Computing Group STMicroelectronics Aruba Networks CERT/CC libtpms Francisco Falcon (@fdfalcon) Bug Bounty2023-03-142023-06-13
303Producing a POC for CVE-2022-42475 (Fortinet RCE) Memory corruption RCE Integer overflow Heap overflow Fortinet Alain Mowat (@plopz0r) Bug Bounty2023-03-142023-06-13
302CVE-2023–24625 / IDOR in Faveo Service Desk IDOR Faveo cupc4k3 Bug Bounty2023-03-142023-06-13
301Finding Hundreds of SSRF Vulnerabilities on AWS SSRF AWS Carlos Polop Bug Bounty2023-03-142023-06-13
300AD Security Research: Breaking Trust Transitivity Active Directory Privilege Escalation Microsoft (Windows) Charlie Clark (@exploitph) Bug Bounty2023-03-142023-06-13
299Backend Parameter Injection --> RCE RCE HTTP parameter pollution OS command injection NA Austin (@systemdumb) Bug Bounty2023-03-142023-06-13
298IP spoofing and SQL injection in Textcube SQL injection IP spoofing HTTP header attack Security code review Textcube Sjoerd Langkemper Bug Bounty2023-03-152023-06-13
297LFI - An Interesting Tweak LFI NA Jerry Shah (@Jerry) Bug Bounty2023-03-152023-06-13
296Emotional Rollercoaster: A Unique Case Study of Bypassing Antivirus and Firewall by Abusing PostgreSQL RCE Old components with known vulnerabilities NA Yousef Amery (@YousefAmery) Bug Bounty2023-03-152023-06-13
295Bypassing Character Limit - XSS Using Spanned Payload XSS Account takeover NA SMHTahsin33 (@SMHTahsin33) Bug Bounty2023-03-152023-06-13
294OAuth 2.0 Authentication Misconfiguration OAuth Account takeover Open redirect Token leak NA Mohamed Lakhdar Metidji (@minometidjii) Bug Bounty2023-03-162023-06-13
293CHECKMATE Websockets Logic flaw Chess.com Oded Vaanunu Bug Bounty2023-03-162023-06-13
292Facebook Creator Studio Misconfiguration $$$$ Session expiration issue Meta / Facebook Abdul Rehman Parkar Bug Bounty2023-03-162023-06-13
291SSRF Cross Protocol Redirect Bypass SSRF NA Szymon Drosdzol Bug Bounty2023-03-162023-06-13
290How I chained multiple High-impact vulnerabilities to create a critical one. Account takeover IDOR OTP bypass HTTP response manipulation NA Vinay Jagetiya (@princej_76) Bug Bounty2023-03-172023-06-13
289Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain Reflected XSS Microsoft Sawrav Chowdhury Bug Bounty2023-03-172023-06-13
288Directory Traversal and LFI worth $400 Path traversal NA Hritik Thapa Bug Bounty2023-03-172023-06-13
287Bypassing PPL in Userland (again) Kernel hacking PPL bypass Microsoft (Windows) Clément Labro (@itm4n) Bug Bounty2023-03-172023-06-13
286Remote code execution in BIRT Viewer ≤ 4.12.0 (CVE-2023-0100) RCE RFI URL validation bypass Security code review Eclipse Foundation Louis Wolfers (@TG91aXMK) Bug Bounty2023-03-172023-06-13
285Account Takeover with rate limit bypass Rate limiting bypass Account takeover NA Shamim Ahamed (@itm4n) Bug Bounty2023-03-182023-06-13
284Easy $$$ via API params manipulation leading to bypassing the email verification block Mass assignment Email verification bypass NA Fares Walid (@SirBagoza) Bug Bounty2023-03-182023-06-13
283Exploiting aCropalypse: Recovering Truncated PNGs Privacy issue Information disclosure Android Google David Buchanan (@David3141593) Bug Bounty2023-03-182023-06-13