Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3303The 3 Day Account Takeover Logic flaw Password reset Account takeover Bruteforce Lack of rate limiting NA Mr. Beast (@__mr_beast__) Bug Bounty2020-07-172023-06-13
3280How I bypassed 2fa in a 3 years old private program! MFA bypass Bruteforce Lack of rate limiting NA Shivangx01b (@shivangx01b) Bug Bounty2020-07-262023-06-13
2922Finding bugs on Chess.com Lack of rate limiting Bruteforce CSRF Chess.com Seqrity (@seqrity9) Bug Bounty2021-01-072023-06-13
2889My first and last crit of 2020 on Hackerone Lack of rate limiting Bruteforce IDOR Password reset Account takeover NA Takester (@dhiraj_ramteke) Bug Bounty2021-01-162023-06-13
2866BMW Bug Bounty – Account Verification Bypass writeup OTP bypass Bruteforce Lack of rate limiting BMW Pethuraj (@Pethuraj) Bug Bounty2021-01-262023-06-13
2849An unexpected bug Bruteforce NA Nitin yadav (@Nitinydv14) Bug Bounty2021-01-312023-06-13
2745How I Might Have Hacked Any Microsoft Account Account takeover Password reset Bruteforce MFA bypass Microsoft Laxman Muthiyah (@laxmanmuthiyah) Bug Bounty2021-03-022023-06-13
2699OTP brute-force via rate limit bypass Bruteforce Lack of rate limiting OTP bypass NA Bilal Muqeet (@blmqt) Bug Bounty2021-03-212023-06-13
2591Password reset code brute-force vulnerability in AWS Cognito Password reset Bruteforce Rate limiting bypass Account takeover AWS Pentagrid (@pentagridsec) Bug Bounty2021-04-302023-06-13
2424Facebook Email/phone disclosure using Binary search Password reset Information disclosure Bruteforce Meta / Facebook Rikesh Baniya / NotRickyy (@rikeshbaniya) Bug Bounty2021-07-092023-06-13
222510 golden minutes for taking over a Chess.com account Lack of rate limiting Bruteforce Session expiration issue Chess.com Seqrity (@seqrity9) Bug Bounty2021-09-142023-06-13
2127How I was able to revoke your Instagram 2FA Bruteforce Rate limiting bypass Meta / Facebook Dhiyaneshwaran (@DhiyaneshDK) Bug Bounty2021-10-232023-06-13
2024How I managed to hack User accounts of a billion-dollar sport platform OTP bypass Bruteforce Lack of rate limiting NA Vishnuraj Bug Bounty2021-12-042023-06-13
1966Bounty Evaluation GitHub = $15,000 US Dollars | Rate Limit Bruteforce Email verification bypass Account takeover GitHub Taniya Agarwal Bug Bounty2021-12-282023-06-13
1894How I was able to take over accounts in websites deal with Github as an SSO provider Bruteforce Lack of rate limiting SSO Email verification bypass Account takeover NA Khaled Mohamed Bug Bounty2022-01-252023-06-13
1871Missing rate-limiting. How I was able to add any unowned phone number to my Facebook account? (Bounty: 5000 USD) OTP bruteforce Lack of rate limiting Meta / Facebook Shubham Bhamare (@theshubh77) Bug Bounty2022-01-312023-06-13
1863No Rate Limiting on OTP sending Bruteforce Lack of rate limiting NA nOOb_mAsTeR Bug Bounty2022-02-022023-06-13
1789Write Up – Android Application Screen Lock Bypass Via ADB Brute Forcing Android Bruteforce Authentication bypass NA Omar Espino (@omespino) Bug Bounty2022-02-222023-06-13
1442Exploiting vulnerabilities in iOS Application IDOR Bruteforce Lack of rate limiting Account takeover iOS NA Raj Singh Chauhan (@raj_singh_ch) Bug Bounty2022-06-222023-06-13
1391PII Disclosure of Apple Users ($10k) IDOR Lack of rate limiting Bruteforce Information disclosure Apple Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2022-07-072023-06-13
1365Exploiting Arbitrary Object Instantiations in PHP without Custom Classes RCE Arbitrary Object Instantiation Bruteforce LDAP injection NA Arseniy Sharoglazov (@_mohemiv) Bug Bounty2022-07-142023-06-13
1234An Unusual Tale of Email Verification Bypass Email verification bypass Bruteforce Rate limiting bypass NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-132023-06-13
1028Discovering The Less-known Vulnerability In Oracle Peoplesoft TockenChpoken Privilege escalation Bruteforce Cookie manipulation NA RE:HACK (@rehackxyz) Bug Bounty2022-09-262023-06-13
800My Account Takeover Writeup: $5000 Lack of rate limiting Bruteforce NA MRD7 (@_mrd7_) Bug Bounty2022-11-212023-06-13
540Ransacking your password reset tokens Account takeover Password reset Bruteforce Ransack library Lukas Euler Bug Bounty2023-01-262023-06-13