Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2896Insertion Of Malicious Links For Execution In Profile Picture - Unvalidated User Input In MS Sharepoint 2019 (CVE-2020-1456) XSS Microsoft David (@slashcrypto) Bug Bounty2021-01-152023-06-13
2885How I was rewarded a $1000 bounty after abusing File Upload functionality to Stored XSS Vulnerability leading to credential theft of a vistor in a website. Unrestricted file upload Stored XSS NA Kunal Khubchandani (@iamkun4l) Bug Bounty2021-01-182023-06-13
2879Story Behind Sweet SSRF. SSRF XSS NA Rohit Soni (@streetofhacker) Bug Bounty2021-01-212023-06-13
2869Chaining a self XSS to Account Takeover Self-XSS Reflected XSS Account takeover NA Arman Sameer (@ArmanSameer95) Bug Bounty2021-01-252023-06-13
2862Bragging Rights(Part 1): Short story of a bug wave IDOR Stored XSS SSRF Subdomain takeover Hardcoded credentials NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-01-272023-06-13
2854Destroying Armies and Villages through Cross-Site Scripting - Bug Bounty Write-up Stored XSS InnoGames Fábio Freitas (@0xfabiof) Bug Bounty2021-01-292023-06-13
2853Broken Access Control & Stored XSS - Easy Hunt Stored XSS IDOR NA Kabeer (@iTheKabeer) Bug Bounty2021-01-292023-06-13
2840How I was able to Turn a XSS into a Account Takeover Web cache poisoning Stored XSS Account takeover OAuth Logic flaw NA Josh Fam (@Pullerze) Bug Bounty2021-02-032023-06-13
2836Redwood Report2Web XSS and Frame injection Reflected XSS Frame injection NA vict0ni (@vict0ni) Bug Bounty2021-02-042023-06-13
2830Reflected XSS on a Public Program Reflected XSS NA Naveen J (@thevillagehackr) Bug Bounty2021-02-082023-06-13
2825Self-XSS to rXSS via Uploaded File Name Self-XSS Reflected XSS NA P4nda (@InfoSecP4nda) Bug Bounty2021-02-092023-06-13
2820An Accidental XSS on uu.nl XSS Utrecht University Santosh Bobade (@Santosh88267387) Bug Bounty2021-02-112023-06-13
2818Hacking Chess.com and Accessing 50 Million Customer Records Reflected XSS Information disclosure Account takeover Chess.com Sam Curry (@samwcyo) Bug Bounty2021-02-112023-06-13
2808My first bounty (stored-xss) Stored XSS NA Karan sharma (@karansh491) Bug Bounty2021-02-142023-06-13
2807Stored XSS in icloud.com — $5000 Stored XSS NA Vishal Bharad Bug Bounty2021-02-142023-06-13
2794Story of a very lethal IDOR. XSS IDOR Account takeover NA Vedant Tekale (@_justYnot) Bug Bounty2021-02-172023-06-13
2781Build Pipeline Security RCE AWS xssfox (@xssfox) Bug Bounty2021-02-182023-06-13
2772Security and Privacy of Social Logins (II): PostMessage Security in Single Sign-On DOM XSS postMessage DOM XSS SAP The New York Times CNET Louis Jannett (@iphoneintosh) Bug Bounty2021-02-222023-06-13
2769Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough Web cache poisoning Stored XSS NA Gal Nagli (@naglinagli) Bug Bounty2021-02-252023-06-13
2755Bragging Rights: Killing File Uploads softly Unrestricted file upload Stored XSS NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-02-282023-06-13
2742Stored XSS at Trello.com Stored XSS Trello Maor Dayan (@mord1234) Bug Bounty2021-03-042023-06-13
2740Leveraging Template injection to takeover an account. CSTI XSS NA Akash Methani (@0xAkash) Bug Bounty2021-03-042023-06-13
2734Stored XSS in Google Ads Android Application— $3133.70 Stored XSS HTML injection Google Ashish Dhone (@ashketchum_16) Bug Bounty2021-03-072023-06-13
2729Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover HTTP request smuggling XSS NA Kleiton Kurti (@kleiton0x7e) Bug Bounty2021-03-092023-06-13
2726Chain of Low Level Bugs and Misconfigurations Leads to Account Takeover Reflected XSS Clickjacking Account takeover NA pleorqy (@pleorqy) Bug Bounty2021-03-102023-06-13