Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3208Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties Hardcoded API keys Information disclosure Google Abss (@absshax) Bug Bounty2020-08-172023-06-13
3204How to contact Google SRE: Dropping a shell in cloud SQL SQL injection Privilege escalation Parameter injection RCE Google wtm@offensi.com (@wtm_offensi) Bug Bounty2020-08-182023-06-13
3189Auth bypass: Leaking Google Cloud service accounts and projects Authentication bypass Google Ezequiel Pereira (@epereiralopez) Bug Bounty2020-08-262023-06-13
3179Cloud firewall management API SNAFU put 500k SonicWall customers at risk IDOR SonicWall Vangelis Stykas (@evstykas) Bug Bounty2020-09-022023-06-13
3147Cross-tenant Cloud Function compromise via storage bucket squatting Cross-tenant vulnerability Google Anthony Weems Bug Bounty2020-09-202023-06-13
3128Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts GCP bucket misconfiguration Information disclosure Cloud Google Thomas Orlita (@ThomasOrlita) Bug Bounty2020-09-292023-06-13
3124Write Up – Google Bug Bounty: XSS To Cloud Shell Instance Takeover (Rce As Root) – $5,000 USD XSS RCE Google Omar Espino (@omespino) Bug Bounty2020-10-012023-06-13
3108Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure Privilege escalation RCE Cloud Microsoft Intezer Bug Bounty2020-10-082023-06-13
304331k$ SSRF in Google Cloud Monitoring led to metadata exposure SSRF Google David Nechuta (@david_nechuta) Bug Bounty2020-11-102023-06-13
3004SD-PWN Part 4 — VMware VeloCloud — The Last Takeover RCE Authentication bypass Default credentials SQL injection Path traversal LFI VMware Realmode Labs (@RealmodeLabs) Bug Bounty2020-11-262023-06-13
2951Cookie Tossing to RCE on Google Cloud JupyterLab Self-XSS DoS CSRF RCE Google s1r1us (@s1r1u5_) Bug Bounty2020-12-232023-06-13
2923Nick%27s infrequently updated blog WAF bypass IP spoofing Cloudflare Nick Booher Bug Bounty2021-01-062023-06-13
2902Making Clouds Rain :: Remote Code Execution in Microsoft Office 365 RCE Microsoft Steven Seeley (@steventseeley) Bug Bounty2021-01-122023-06-13
2860How We Escaped Docker in Azure Functions Privilege escalation Cloud Microsoft Intezer Bug Bounty2021-01-272023-06-13
2807Stored XSS in icloud.com — $5000 Stored XSS NA Vishal Bharad Bug Bounty2021-02-142023-06-13
2800I Own your Cloud Shell: Taking over “Azure Cloud Shell” Kubernetes Cluster Through Unsecured Kubelet API 30,000$ Bounty Privilege escalation RCE Microsoft Chen Cohen (@chencococococo) Bug Bounty2021-02-152023-06-13
2796Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story) Configuration file injection RCE Google Imre Rad (@ImreRad) Bug Bounty2021-02-162023-06-13
2730Write Up – Google VRP N/A: SSRF Bypass With Quadzero In Google Cloud Monitoring SSRF Google Omar Espino (@omespino) Bug Bounty2021-03-082023-06-13
2688How to bypass CloudFlare bot protection ? Logic flaw Cloudflare jychp (@jychp_fr) Bug Bounty2021-03-272023-06-13
2659Cloud Based Storage Misconfigurations -> Critical Bounties Cloud storage misconfiguration NA Mikey (@mikey96_bh) Bug Bounty2021-04-052023-06-13
2641How I got 9000 USD by hacking into iCloud XSS Apple Alexandre Fernandes (@fernale) Bug Bounty2021-04-152023-06-13
2640Allow arbitrary URLs, expect arbitrary code execution RCE Nextcloud Telegram VLC Fabian Bräunlein Bug Bounty2021-04-152023-06-13
2485[Google VRP] Privilege escalation on https://dialogflow.cloud.google.com Authorization flaw Logic flaw Google lalka (@0x01alka) Bug Bounty2021-06-132023-06-13
2483An exciting journey to find SSRF , Bypass Cloudflare , and extract AWS metadata ! SSRF NA hosein vita (@HoseinVita) Bug Bounty2021-06-132023-06-13
2461How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It Account takeover MFA bypass Rate limiting bypass Race condition Apple Laxman Muthiyah (@laxmanmuthiyah) Bug Bounty2021-06-192023-06-13