Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
257Attacking Android Antivirus Applications Android Improper Export of Android Application Components McAfee 2Dai (@mabenz68) Bug Bounty2023-03-292023-06-13
256I’d TAP That Pass Azure AD Cloud OAuth NA Daniel Heinsen (@hotnops) Bug Bounty2023-03-292023-06-13
255BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained Account takeover Azure AD Cloud XSS Privilege escalation Microsoft (Bing) Hillai Ben-Sasson (@hillai) Bug Bounty2023-03-292023-06-13
254It’s a (SNMP) Trap: Gaining Code Execution on LibreNMS RCE Stored XSS Security code review LibreNMS Stefan Schiller (@scryh_) Bug Bounty2023-03-292023-06-13
253Hacking Admin Panel & Getting free subscription Exposed registration API Privilege escalation Account takeover NA Zeeshan Mustafa (@by6153) Bug Bounty2023-03-292023-06-13
252CVE-2022-37734: graphql-java Denial-of-Service GraphQL DoS Security code review graphql-java Artem Logutov Bug Bounty2023-03-302023-06-13
251Riding the Azure Service Bus (Relay) into Power Platform RCE Cross-tenant vulnerability Cloud Insecure deserialization Microsoft (Azure) Nick Landers (@monoxgas) Bug Bounty2023-03-302023-06-13
250Found SSRF and LFI in Just 10 minutes of using burp! SSRF LFI NA Khaled Mohamed (@0xElkomy) Bug Bounty2023-03-302023-06-13
249Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack RCE CI/CD Supply chain attack Microsoft (Azure Pipelines) Nadav Noy Bug Bounty2023-03-302023-06-13
248Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) RCE XSS Cloud Microsoft (Azure) Lidor Ben Shitrit Bug Bounty2023-03-302023-06-13
247How to avoid the aCropalypse Privacy issue Information disclosure Android Google Microsoft Henrik Brodin Bug Bounty2023-03-302023-06-13
246Exploiting Hibernate Injection in "Order by" Clause (Oracle database) HQL injection NA Mannu Linux (@IndiShell1046) Bug Bounty2023-03-302023-06-13
245From an Innocent api-key to PII data Information disclosure Hardcoded API keys NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2023-03-302023-06-13
244Exposed Docker Registries Server as Critical Reminder on Container Security Docker Registry NA Emad Shawky Bug Bounty2023-03-312023-06-13
243Unveiling the Secrets: My Journey of Hacking Google’s OSS CSRF Self-XSS Google 7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) Bug Bounty2023-03-312023-06-13
242Protected Users: you thought you were safe uh? Active Directory Kerberos NTLM Internal pentest Microsoft (Windows) Aurélien CHALOT (@Defte_) Bug Bounty2023-03-312023-06-13
241Beware of Java%27s String.getBytes Hash collision Cryptographic issues Security code review Swiss E-Voting Ruben Santamarta (@reversemode) Bug Bounty2023-03-312023-06-13
240Finding RCE in NodeJS templating engine %27Eta%27 - CVE-2022-25967 RCE Server-side prototype pollution Security code review Eta Rayhan Ahmed Niloy (@Rayhan0x01) Bug Bounty2023-04-012023-06-13
239Bug Bounty: como encontrei o bug Unrestricted File Upload Unrestricted file upload NA Paulo Mota Bug Bounty2023-04-022023-06-13
238Let’s Hack Citizens Bank XSS Citizens Bank Arman (@M7arm4n) Bug Bounty2023-04-032023-06-13
237Lenovo database of root user credentials exposed .git folder disclosure Lenovo ASTUTE Bug Bounty2023-04-032023-06-13
236Two Minor Cross-Tenant Vulnerabilities in AWS App Runner Cross-tenant vulnerability Cloud AWS Nick Frichette (@frichette_n) Bug Bounty2023-04-032023-06-13
235Simple Bugs 0x01: Password Changing to Account Takeover! Account takeover CSRF NA Vitor Falcao (@egl_falcao) Bug Bounty2023-04-032023-06-13
234Blind XSS via SMS Support Chat — $1100 Bug Bounty! Blind XSS Chatbot NA Chevon Phillip (@ChevonPhillip) Bug Bounty2023-04-032023-06-13
233CyberGhostVPN - the story of finding MITM, RCE, LPE in the Linux client RCE MiTM Local Privilege Escalation CyberGhost mmmds Bug Bounty2023-04-032023-06-13