Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2858OTP Bypass Account Takeover to Admin Panel — Ft. Header Injection OTP bypass Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2021-01-282023-06-13
2779Account Takeover via Response Manipulation worth 1800$.. Authentication bypass OTP bypass Account takeover NA Ashutosh mishra (@ashutoshmish_ra) Bug Bounty2021-02-202023-06-13
2778Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli Race condition Lack of rate limiting OTP bypass SQL injection NA Yasser Mohammed (@boomneroli) Bug Bounty2021-02-202023-06-13
2699OTP brute-force via rate limit bypass Bruteforce Lack of rate limiting OTP bypass NA Bilal Muqeet (@blmqt) Bug Bounty2021-03-212023-06-13
2636Lets Learn English - Hacking 10M+ Users AWS misconfiguration Insecure Firebase database OTP bypass Account takeover Logic flaw NA Aseem Shrey (@AseemShrey) Bug Bounty2021-04-172023-06-13
2535How I turned 0000 into $600: Phone Verification Bypass OTP bypass NA Shrirang Diwakar Bug Bounty2021-05-212023-06-13
2502403 Forbidden Bypass OTP bypass Exposed registration page XSS NA th3.d1p4k (@DipakPanchal05) Bug Bounty2021-06-042023-06-13
2248How I can take over any user’s account with their mobile number Account takeover OTP bypass Authentication bypass NA Sushmitha Katikitala Bug Bounty2021-09-062023-06-13
2190Improper phone number validation to account takeover Logic flaw OTP bypass Account takeover NA shesha sai_c (@Cyb3r_4ss4s1n) Bug Bounty2021-09-272023-06-13
2181How I found bug on Google Cloud OTP bypass Google Anuragbhoir11 Bug Bounty2021-09-302023-06-13
2148500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻 OTP bypass Account takeover Password reset NA Gowtham_Naidu (@NaiduPonnana) Bug Bounty2021-10-132023-06-13
2029Bypassing Box’s Time-based One-Time Password MFA OTP bypass MFA bypass Box Tal Peleg Bug Bounty2021-12-022023-06-13
2024How I managed to hack User accounts of a billion-dollar sport platform OTP bypass Bruteforce Lack of rate limiting NA Vishnuraj Bug Bounty2021-12-042023-06-13
1910Mixed Messages: Busting Box’s MFA Methods OTP bypass MFA bypass Box Tal Peleg Bug Bounty2022-01-182023-06-13
1871Missing rate-limiting. How I was able to add any unowned phone number to my Facebook account? (Bounty: 5000 USD) OTP bruteforce Lack of rate limiting Meta / Facebook Shubham Bhamare (@theshubh77) Bug Bounty2022-01-312023-06-13
1863No Rate Limiting on OTP sending Bruteforce Lack of rate limiting NA nOOb_mAsTeR Bug Bounty2022-02-022023-06-13
1778Hacking Subscription Plans for free service. Payment bypass OTP bypass NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2022-02-272023-06-13
1569Its all about 2fa bypass, or Account Takeover Password reset Account takeover OTP bypass NA anjaneyulu kanakatla Bug Bounty2022-05-082023-06-13
1565Account verification code bypass lead to a $4000 bounty OTP bypass NA Mohsin Khan (@tabaahi_) Bug Bounty2022-05-082023-06-13
1460Amazon Linux "log4j hotpatch" <1.3-5 local privilege escalation to root (race condition) Local Privilege Escalation Amazon Justin Steven (@justinsteven) Bug Bounty2022-06-152023-06-13
1448Account Takeover by OTP bypass Information disclosure Client-side enforcement of server-side security OTP bypass Account takeover NA Vaibhav Kumar Srivastava Bug Bounty2022-06-192023-06-13
1398Exposing Millions of Voter ID card users’ details. IDOR OTP bypass Account takeover Logic flaw CERT-In Aziz Al Aman (@nxtexploit) Bug Bounty2022-07-062023-06-13
1003Bugcrowd — Tale of multiple misconfigurations!! ❌ Account takeover OAuth OTP bypass Password reset NA Vaibhav Lakhani Bug Bounty2022-10-042023-06-13
728OTP Leaking Through Cookie Leads to Account Takeover Information disclosure Account takeover NA ag3n7 Bug Bounty2022-12-052023-06-13
429Bypassing SSO Authentication from the Login Without Password Feature Lead to Account Takeover Account takeover SSO OTP Authentication bypass NA Aidil Arief Bug Bounty2023-02-202023-06-13