Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
444Technical Advisory – Azure B2C – Crypto Misuse and Account Compromise Cryptographic issues JWT Account takeover Authentication bypass Microsoft (Azure) John Novak Bug Bounty2023-02-152023-06-13
357GitHub Security Lab audited DataHub: Here’s what they found SSRF Insecure deserialization Cypher injection Authentication bypass Authorization bypass XSS Open redirect JWT JSON injection Cryptographic issues Session expiration issue Security code review DataHub Alvaro Muñoz (@pwntester) Bug Bounty2023-03-032023-06-13
324Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover Authorization bypass JWT Account takeover Microsoft (ClipChamp) Vikas Anil Sharma (@vikzsharma) Bug Bounty2023-03-102023-06-13
196From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR Debug mode enabled IDOR Information disclosure JWT Broken Access Control Exposed registration page NA Aayush Vishnoi (@AayushVishnoi10) Bug Bounty2023-04-142023-06-13
124Privilege Escalations through Integrations Privilege escalation Amazon cognito misconfiguration JWT Account takeover NA Colin McQueen Bug Bounty2023-05-042023-06-13
103What is kong & why we’re relying on it RCE Sandbox escape Authentication bypass Hardcoded credentials Broken Access Control Privilege escalation JWT Konga Laluka (@TheLaluka) Bug Bounty2023-05-102023-06-13