Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
207SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620) Authentication bypass SecurePoint Julien Ahrens (@MrTuxracer) Bug Bounty2023-04-112023-06-13
206Java Exploitation Restrictions in Modern JDK Times Insecure deserialization NA Florian Hauser (@frycos) Bug Bounty2023-04-112023-06-13
205Losing control over Schneider%27s EcoStruxure Control Expert RCE Path traversal Security code review Schneider Electric Ruben Santamarta (@reversemode) Bug Bounty2023-04-112023-06-13
204How ChatGPT helped me find a bug XSS File upload NA Abhishekgk Bug Bounty2023-04-112023-06-13
203SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897) Memory leak SecurePoint Julien Ahrens (@MrTuxracer) Bug Bounty2023-04-122023-06-13
202CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd Local Privilege Escalation shadow-utils Tom Neaves Bug Bounty2023-04-122023-06-13
201Rooting A Common-criteria Certified Printer To Improve Opsec Printer hacking Canon RedTeam Pentesting (@RedTeamPT) Bug Bounty2023-04-122023-06-13
200TOPdesk vulnerable to XML Signature Wrapping Attacks XML Signature Wrapping SAML SSO TOPdesk Paulo A. Silva (@pauloasilva_com) Bug Bounty2023-04-122023-06-13
199How I got RCE in + 10 websites… RCE Security misconfiguration NA m4cddr (@m4cddr) Bug Bounty2023-04-132023-06-13
198Remote Code Execution Vulnerability in Google They Are Not Willing To Fix Dependency confusion RCE Google Giraffe Security Bug Bounty2023-04-142023-06-13
197User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264) OAuth OpenID Connect Privilege escalation Authentication flaw Keycloack Jordi Zayuelas i Muñoz Bug Bounty2023-04-142023-06-13
196From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR Debug mode enabled IDOR Information disclosure JWT Broken Access Control Exposed registration page NA Aayush Vishnoi (@AayushVishnoi10) Bug Bounty2023-04-142023-06-13
195How do I get cross site scripting(“xss”) in “Nokia” XSS Nokia EL Sayed Mohammed (@ElsayedMo77amed) Bug Bounty2023-04-162023-06-13
194From payload to 300$ bounty: A story of CRLF injection and responsible disclosure on HackerOne CRLF injection NA Karthikeyan.V (@karthithehacker) Bug Bounty2023-04-162023-06-13
193Bypassing the 2FA /MFA — An Easy win MFA bypass MathWorks Shobhit Mehta Bug Bounty2023-04-162023-06-13
192(CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension SSTI RCE Security code review Shopware Ngo Wei Lin (@Creastery) Bug Bounty2023-04-172023-06-13
191A Big company Admin Panel takeover $4500 Authentication bypass 40x bypass Account takeover NA nanwn Bug Bounty2023-04-172023-06-13
190Multiple Critical Vulnerabilities In Strapi Versions <=4.7.1 Authentication bypass SSTI RCE Amazon cognito misconfiguration Information disclosure Strapi GhostCcamm (@GhostCcamm) Bug Bounty2023-04-172023-06-13
189Identifying vulnerabilities in GitHub Actions & AWS OIDC Configurations CI/CD OpenID Connect AWS Rojan Rijal (@uraniumhacker) Bug Bounty2023-04-182023-06-13
188[Responsible Disclosure] How we could have deleted any Linkedin post IDOR LinkedIn Anand Prakash (@anandpraka_sh) Bug Bounty2023-04-182023-06-13
187Break the Logic: Playing with product ratings on a shopping site(600$) Logic flaw Parameter tampering NA Fırat Bug Bounty2023-04-182023-06-13
186Impersonating Other Players with UDP Spoofing in Mirror Game hacking UDP spoofing Reverse engineering Unity (Mirror) IncludeSec (@IncludeSecurity) Bug Bounty2023-04-182023-06-13
185Popping Tags: Exploiting Template Injections in PRTG Network Monitor Reflected XSS CSTI Paessler Peter Szot Bug Bounty2023-04-182023-06-13
184My First Case of SSRF Using Dirsearch SSRF NA Mba-oji Chiagoziem (@g0ziem) Bug Bounty2023-04-182023-06-13
183How Material Security Uncovered a Vulnerability in the Gmail API Broken Access Control Authorization flaw Google Chris Long (@Centurion) Bug Bounty2023-04-182023-06-13