Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2148500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻 OTP bypass Account takeover Password reset NA Gowtham_Naidu (@NaiduPonnana) Bug Bounty2021-10-132023-06-13
2086From URL dumps digging to IDOR , BAC, Massive Phishing in Udemy Broken Access Control Information disclosure IDOR HTML injection Udemy Mostafa Mamdoh Bug Bounty2021-11-122023-06-13
2083Privilege Escalation, worth of €300 Broken Access Control IDOR Privilege escalation NA Hemant Kumar Bug Bounty2021-11-122023-06-13
2082Never leave this tip while you hunting Broken Access Control Broken Access Control NA secureITmania (@secureitmania) Bug Bounty2021-11-132023-06-13
2016Privilege Escalation in Microsoft Teams Privilege escalation Broken Access Control Microsoft Vikas Anil Sharma (@vikzsharma) Bug Bounty2021-12-072023-06-13
1993Broken Access Control IDOR Microsoft Meareg Bug Bounty2021-12-162023-06-13
1956My first Google HOF Broken Access Control Google RV Sharma Bug Bounty2021-12-312023-06-13
1917120 Days of High Frequency Hunting SSRF LFI Information disclosure Broken Access Control Authentication bypass XSS SQL injection NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-01-152023-06-13
1916Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) SQL injection Broken Access Control Moodle 0xkasper (@0xkasper) Bug Bounty2022-01-152023-06-13
1914How i found “Broken Access Control Through out-of-sync setup” and got $1000 Broken Access Control Authorization flaw NA Mr Robert | Ahmed M Hassan (@Mr_Robert20) Bug Bounty2022-01-162023-06-13
1844How can I access the members-only video comment? | YouTube ($5,000) Broken Access Control Google R ando (@Rando02355205) Bug Bounty2022-02-072023-06-13
1746How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control) Broken Access Control NA can1337 (@canmustdie) Bug Bounty2022-03-112023-06-13
1744I can see the dislikes count even though is hidden by YouTube | YouTube ($500) Broken Access Control IDOR NA R ando (@Rando02355205) Bug Bounty2022-03-122023-06-13
1712Bug Bounty catches part -1 Authentication bypass Information disclosure Broken Access Control NA Bijan Murmu (@0xBijan) Bug Bounty2022-03-202023-06-13
1711Broken session control leads to access private videos using the shared link even after revoking the access for specific time!! — #GoogleVRP Broken Access Control Google Naveenroy Bug Bounty2022-03-202023-06-13
1695Broken Access Control - IDOR IDOR NA Nick Berrie (@machevalia) Bug Bounty2022-03-252023-06-13
1694Deleting account via support ticket IDOR Broken Access Control NA Bijan Murmu (@0xBijan) Bug Bounty2022-03-262023-06-13
1671View Friends List of any users using “View as” | Facebook Bug bounty Logic flaw Broken Access Control Meta / Facebook Ph.Hitachi Bug Bounty2022-04-022023-06-13
1660CloudKit Share Records leak the title of private iCloud files IDOR Broken Access Control Apple David Schütz (@xdavidhu) Bug Bounty2022-04-052023-06-13
1655CVE-2021-4119: [Bookstack] Email harvesting via SQL "LIKE" clause exploitation Broken Access Control SQL injection Bookstack Haxatron (@Haxatron1) Bug Bounty2022-04-052023-06-13
1645Securing Easy Appointments and earning CVE-2022-0482 Broken Access Control Easy!Appointments Francesco Carlucci (@francecarlucci) Bug Bounty2022-04-092023-06-13
1637Broken session control leads to access the admin panel even after revoking the access!! — #ZOHO Broken Access Control Zoho Naveenroy Bug Bounty2022-04-122023-06-13
1618How I was able to see likes and dislikes count even though is hidden by victim | YouTube #4 Broken Access Control Google R ando (@Rando02355205) Bug Bounty2022-04-152023-06-13
1567How I Paid For My Holiday With Bug Bounty XSS Broken Access Control IDOR Unrestricted file upload NA Tobydavenn Bug Bounty2022-05-082023-06-13
1548Kubernetes Privilege Escalation: Excessive Permissions in Popular Platforms Privilege escalation Broken Access Control Kubernetes Google AWS Microsoft Red Hat Yuval Avrahami (@yuval_avrahami) Bug Bounty2022-05-172023-06-13