Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5153Messenger.com Site-Wide CSRF CSRF Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2016-07-262023-06-13
5152CSV Injection -> Meterpreter on Pornhub CSV injection PornHub Andy Gill (@ZephrFish) Bug Bounty2016-07-292023-06-13
5145Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded XSS Uber - Bug Bounty2016-08-292023-06-13
5140Decoding a $😱,000.00 htpasswd bounty .htpasswd misconfiguration NA Patrik Fehrenbach (@ITSecurityguard) Bug Bounty2016-09-082023-06-13
5138Bug Bounty : Account Takeover Vulnerability POC OAuth Account takeover XSS NA Rakesh Mane (@RakeshMane10) Bug Bounty2016-09-162023-06-13
5136Vine Re-auth Bypass [Twitter Bug Bounty] Authentication flaw Twitter Abdullah Hussam (@Abdulahhusam) Bug Bounty2016-09-212023-06-13
5132gif it time it%27ll come to you - Finding More Holes in The Hub XSS PornHub Andy Gill (@ZephrFish) Bug Bounty2016-10-012023-06-13
5131Command Injection Without Spaces OS command injection NA Fyoorer (@ƒyoorer) Bug Bounty2016-10-022023-06-13
5128Exploiting CORS misconfigurations for Bitcoins and bounties CORS misconfiguration NA James Kettle (@albinowax) Bug Bounty2016-10-122023-06-13
5127Hacking JasperReports – The Hidden Shell Feature RCE NA Steve Breen (@breenmachine) Bug Bounty2016-10-142023-06-13
5124Backslash Powered Scanning: hunting unknown vulnerability classes - NA James Kettle (@albinowax) Bug Bounty2016-11-042023-06-13
5120Authentication bypass on Ubiquity’s Single Sign-On via subdomain takeover Subdomain takeover Authentication bypass Ubiquity Networks Arne Swinnen (@ArneSwinnen) Bug Bounty2016-11-292023-06-13
5116Cross-site-scripting on one of the largest Dutch franchisors DOM XSS Hema Tijme Gommers (@tijme) Bug Bounty2016-12-202023-06-13
51130day writeup: XXE in uber.com XXE Uber - Bug Bounty2017-01-242023-06-13
5112How I could have compromised any account on one of the biggest startup based in California Account takeover IDOR Password reset NA Prateek Tiwari (@prateek_0490) Bug Bounty2017-01-282023-06-13
5111I got emails - G Suite Vulnerability Logic flaw Authorization flaw Google Meta / Facebook Yelp Rojan Rijal (@uraniumhacker) Bug Bounty2017-02-022023-06-13
5110Spring Boot RCE RCE SpEL injection Spring Boot NA Tushar (@0xdeadpool) Bug Bounty2017-02-022023-06-13
5107Type Juggling and PHP Object Injection, and SQLi, Oh My! Type juggling PHP Object Injection Insecure deserialization SQL injection NA Justin Kennedy (@jstnkndy) Bug Bounty2017-02-072023-06-13
5102SQL injection in an UPDATE query - a bug bounty story! SQL injection NA Mahmoud Gamal (@Zombiehelp54) Bug Bounty2017-02-172023-06-13
5098Practical Exploitation of Error Based Sql Injection SQL injection NA Eslam Salem (@net_code) Bug Bounty2017-02-202023-06-13
5096One company: 262 bugs, 100% acceptance, 2.57 priority, millions of user details saved. Stored XSS Blind XSS CSRF Account takeover IDOR NA Zseano (@zseano) Bug Bounty2017-02-252023-06-13
5095Time-based Blind SQLi on news.starbucks.com Blind SQL injection Starbucks toctou Bug Bounty2017-02-262023-06-13
5094Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token postMessage Violation of secure design principles Slack Frans Rosén (@fransrosen) Bug Bounty2017-02-282023-06-13
5091Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat Open redirect SSRF Path traversal Airbnb Brett Buerhaus (@bbuerhaus) Bug Bounty2017-03-092023-06-13
5083Hundreds of hundreds sub-secdomains hack3d! (including Hacker0ne) Subdomain takeover HackerOne Ak1T4 (@akita_zen) Bug Bounty2017-03-282023-06-13