Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
131Exploiting misconfigured Google Cloud Service Accounts from GitHub Actions OpenID Connect Cloud CI/CD NA Revblock (@revbl0ck) Bug Bounty2023-05-022023-06-13
130When you%27re so bored, you start debugging someone else%27s code: bug hunting in a random Cloud-Native project SSTI RCE Foreman ONSEC.io Research Team Bug Bounty2023-05-032023-06-13
129Automating SQL Injection On Encrypted Request SQL injection Client-side encryption bypass NA Janirudransh Bug Bounty2023-05-032023-06-13
128Accessing Admin Dashboard in 5 seconds: Hall of Fame. Default credentials NA Sumedh Dawadi Bug Bounty2023-05-032023-06-13
127The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component Out-of-bounds Read Memory corruption Microsoft (Windows) Bing Sun Bug Bounty2023-05-032023-06-13
126CVE-2023-25394 - VideoStream Local Privilege Escalation Local Privilege Escalation Videostream Dan Revah (@danrevah) Bug Bounty2023-05-032023-06-13
125OpenAI Allowed “Unlimited” Credit on New Accounts Logic flaw Normalization OpenAI David Sopas (@dsopas) Bug Bounty2023-05-042023-06-13
124Privilege Escalations through Integrations Privilege escalation Amazon cognito misconfiguration JWT Account takeover NA Colin McQueen Bug Bounty2023-05-042023-06-13
123When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities SSRF Unrestricted file upload Path traversal Cloud Microsoft (Azure) Liv Matan (@terminatorLM) Bug Bounty2023-05-042023-06-13
122A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… postMessage JSONP DOM XSS CORS misconfiguration CSRF WAF bypass NA Julien Cretel (@jub0bs) Bug Bounty2023-05-052023-06-13
121Cookie Bugs - Smuggling & Injection Cookie smuggling Cookie injection Eclipse Foundation (Jetty) Ankur Sundara (@ankursundara) Bug Bounty2023-05-052023-06-13
120Bullied by Bugcrowd over Kape CyberGhost disclosure Local Privilege Escalation OS command injection Security code review Kape (CyberGhost) Ceri Coburn (@_ethicalchaos_) Bug Bounty2023-05-052023-06-13
119Mass Assignment leads to the victim’s account being inaccessible forever Mass assignment Logic flaw NA Arman (@M7arm4n) Bug Bounty2023-05-052023-06-13
118CSS Injection via PostMessages to stealing Credit Card Info postMessage CSS injection NA Castilho (@castilho101) Bug Bounty2023-05-052023-06-13
117Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot Dependency confusion GitHub Giraffe Security Bug Bounty2023-05-062023-06-13
116Size matters! When capital letters introduce vulnerabilities XSS Microsoft Mario Stathakopoulos Bug Bounty2023-05-062023-06-13
115How I discovered XSS via triple URL encode XSS WAF bypass NA Muhammed Mubarak Bug Bounty2023-05-072023-06-13
114How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain RCE Unrestricted file upload Stored XSS Information disclosure Directory listing NA Aayush Vishnoi (@AayushVishnoi10) Bug Bounty2023-05-072023-06-13
113IPv6 DNS Takeover via mitm6 (Write Up) MiTM IPv6 DNS takeover Misconfigured LDAP server Internal pentest NA Evan Ricafort (@evanricafort) Bug Bounty2023-05-082023-06-13
112Sorting Your Way to Stolen Passwords Bruteforce Cryptographic issues NA Nightbane (@Nightbanes) Bug Bounty2023-05-082023-06-13
111Escaping Parallels Desktop with Plist Injection Local Privilege Escalation Plist injection TOCTOU Parallels kn32 Bug Bounty2023-05-082023-06-13
110A deep-dive on Pluck CMS vulnerability CVE-2023-25828 Unrestricted file upload RCE Security code review Pluck CMS Matthew Hogg Bug Bounty2023-05-082023-06-13
109PwnAssistant - Controlling /home%27s Via A Home Assistant RCE Authentication bypass RCE Security code review IoT Home Assistant elttam (@elttam) Bug Bounty2023-05-092023-06-13
108Discovery of an XSS on Opera XSS Opera Arman (@M7arm4n) Bug Bounty2023-05-102023-06-13
107Testing a new encrypted messaging app%27s extraordinary claims Android Firebase Cryptographic issues Privacy issue Information disclosure Converso Crnković Bug Bounty2023-05-102023-06-13