Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1648Meta%27s SparkAR RCE Via ZIP Path Traversal RCE Path traversal Meta / Facebook Fady Othman (@Fady_Othman) Bug Bounty2022-04-072023-06-13
1627Bypass Rate Limit — A blank space leads to this random encounter! Password reset Rate limiting bypass NA Roxst4r (@mveswar98) Bug Bounty2022-04-142023-06-13
1593Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) SSRF VMware Keiran Sampson (@hpy_downunder) Bug Bounty2022-04-272023-06-13
1445Hacking into the worldwide Jacuzzi SmartTub network SPA Android JWT Privilege escalation Mass assignment Jacuzzi Group SmartTub Eaton Z. (@XeEaton) Bug Bounty2022-06-202023-06-13
1381How we have pwned Root-Me in 2022 XSS CSRF RCE SPIP SpawnZii (@SpawnZii) Bug Bounty2022-07-122023-06-13
1364How I spammed a Google meet (But for good) DoS Google Shaunak (SHA25) Bug Bounty2022-07-152023-06-13
1286How I earned 500$ by uploading a file: write-up of one of my first bug bounty Unrestricted file upload Semrush Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-08-022023-06-13
1277CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE Local Privilege Escalation VMware Spencer McIntyre (@zeroSteiner) Bug Bounty2022-08-052023-06-13
1265Dancing on the architecture of VMware Workspace ONE Access (ENG) Authentication bypass SQL injection RCE VMware Petrus Viet (@VietPetrus) Bug Bounty2022-08-092023-06-13
1245IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit Authentication bypass Information disclosure CSRF RCE Local Privilege Escalation VMware Steven Seeley (@steventseeley) Bug Bounty2022-08-112023-06-13
1207You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications XSS SMTP injection VMware Synology Apple Microsoft Google NextCloud Eugene Lim (@spaceraccoonsec) Bug Bounty2022-08-182023-06-13
1169Improper Input Validation Leads To Email Spamming Email content injection NA Akshay Ravi (@AKSHAYC09YC47) Bug Bounty2022-08-272023-06-13
1158Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl Authorization flaw Signature validation bypass Amazon Eugene Lim (@spaceraccoonsec) Bug Bounty2022-08-302023-06-13
1143Azure Synapse: Local Privilege Escalation Vulnerability in Spark Race condition Local Privilege Escalation Cloud Microsoft Tzah Pahima (@TzahPahima) Bug Bounty2022-09-012023-06-13
1024Two RCEs are better than one: write-up of an interesting lateral movement Local Privilege Escalation RCE NA Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-09-282023-06-13
999Appsmith Patches Full-Read SSRF Vulnerabilities Reported by CloudSEK SSRF Appsmith Sparsh Kulshrestha (@d0tdotslash) Bug Bounty2022-10-052023-06-13
913Remote Code Execution by Abusing Apache Spark SQL SQL injection RCE NA Colin McQueen Bug Bounty2022-10-242023-06-13
712Automate Cross-Site Scripting (XSS) exploitation with unusal events and Burp Intruder XSS WAF bypass NA Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-12-102023-06-13
695Privilege escalation leads to deleting other user’s account and company Workspace [Access Control] Privilege escalation Broken Access Control NA Pratik Gaikwad Bug Bounty2022-12-142023-06-13
682I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS Stored XSS Self-XSS Zoom Eugene Lim (@spaceraccoonsec) Bug Bounty2022-12-172023-06-13
383VMware Workspace One Access RCE Java Beans Security code review VMware Steven Seeley (@steventseeley) Bug Bounty2023-02-272023-06-13
370Introducing Aladdin Insecure deserialization Microsoft (Windows) Lefteris Panos (@lefterispan) Bug Bounty2023-03-012023-06-13
335Unauthorized access to Codespace secrets in GitHub Logic flaw Broken Access Control Account takeover GitHub Ophion Security (@OphionSecurity) Bug Bounty2023-03-072023-06-13
306Your Browser is Not a Safe Space Local Privilege Escalation Lateral movement NA Corey Ham Bug Bounty2023-03-142023-06-13
295Bypassing Character Limit - XSS Using Spanned Payload XSS Account takeover NA SMHTahsin33 (@SMHTahsin33) Bug Bounty2023-03-152023-06-13