Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3882Whitehat test accounts can act as Hidden Admin with Business manager / Ad Accounts. Authorization flaw Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2019-10-122023-06-13
3816Disable Any Unconfirmed Account in Facebook Bruteforce Meta / Facebook Lokesh Kumar (@lokeshdlk77) Bug Bounty2019-11-212023-06-13
3771#BugBounty — How Snapdeal (India’s Popular E-commerce Website) Kept their Users Data at Risk! Insecure storage of sensitive information Snapdeal Nanda Kumar (@nk00_nk) Bug Bounty2019-12-192023-06-13
3761Airbnb : Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method (IDOR) IDOR Airbnb Vijay Kumar (@IndoAppSec) Bug Bounty2019-12-242023-06-13
3713Facebook Vulnerability: Hidden “Community Manager” in Pages due to “Invitation Accept” logic Logic flaw Meta / Facebook Ritish Kumar Singh Bug Bounty2020-01-222023-06-13
3577OTP Bruteforce- Account Takeover OTP bruteforce Account takeover NA Ranjit Kumar Bug Bounty2020-03-292023-06-13
3544OTP Verification Bypass OTP bypass NA Kanhaiya Kumar Singh Bug Bounty2020-04-172023-06-13
3535Exploiting a Race Condition Vulnerability Race condition NA Vivek Kumar Singh (@v7nc3nz) Bug Bounty2020-04-222023-06-13
3506Private Dashboards were accessible by other Admins in Analytics Dashboard Authorization flaw Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2020-05-022023-06-13
3493$20000 Facebook DOM XSS DOM XSS Meta / Facebook Vinoth Kumar (@vinodsparrow) Bug Bounty2020-05-072023-06-13
3421[IDOR] Delete saved credit cards from any Business Manager Account — Facebook Bug Bounty IDOR Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2020-06-052023-06-13
3182Page shops with a hidden Product in “Featured product section” which could be controlled by attacker (Ex Editor). Logic flaw Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2020-08-312023-06-13
3136PII Leakage via IDOR + Weak PasswordReset = Full Account Takeover IDOR Information disclosure NA Pradeep Kumar (@Killer007p) Bug Bounty2020-09-252023-06-13
3063How i got 7000$ in Bug-Bounty for my Critical Finding. Information disclosure NA Kishan Kumar / Noobie BoY (@hst_kishan) Bug Bounty2020-10-312023-06-13
3058Reveal the page admin that uploaded a video on the page in comment section Information disclosure Logic flaw Meta / Facebook Lokesh Kumar (@lokeshdlk77) Bug Bounty2020-11-022023-06-13
3055Delete Any Photos In Facebook Authorization flaw Logic flaw Meta / Facebook Lokesh Kumar (@lokeshdlk77) Bug Bounty2020-11-042023-06-13
2945Chaining CORS by Reflected xss to Account takeover #My first Blog CORS misconfiguration Reflected XSS Account takeover NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2020-12-262023-06-13
2888Strange Admin Panel Bypass Story | | Bug Bounty Authentication bypass Account takeover NA Ranjeet Kumar Singh (@geekboyranjeet) Bug Bounty2021-01-172023-06-13
2865Finding SSRF BY Full Automation SSRF NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-01-272023-06-13
2851Android apk leaks access token to takeover the whole infrastructure Information disclosure Hardcoded credentials Android NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-01-302023-06-13
2727Finding Basic Authtoken in JAVASCRIPT file BY Full Automation Information disclosure NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-03-102023-06-13
2656Chaining an Blind SSRF bug to Get an RCE Blind SSRF RCE NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-04-072023-06-13
2628Unauthorized access to admin setpassword page BY bypassing 403 Forbidden Authorization flaw NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-04-182023-06-13
2612AWS internal metadata accessed through SSRF by Chaining an Open Redirect bug SSRF Open redirect NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-04-242023-06-13
2587Chaining CSRF with XSS to deactivate Mass user accounts by single click CSRF XSS NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-05-022023-06-13