Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4687Oracle WebLogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933) SAML Authentication bypass Oracle (WebLogic) Denis Andzakovic Bug Bounty2018-07-182023-06-13
4686How I was able to delete 13k+ Microsoft Translator projects CSRF IDOR Microsoft Haider Mahmood (@haiderinfosec) Bug Bounty2018-07-192023-06-13
4685RCE on Yahoo Luminate RCE Yahoo! / Verizon Media Rojan Rijal (@uraniumhacker) Bug Bounty2018-07-192023-06-13
4684The call is coming from inside the house — DNS rebinding in EOSIO keosd wallet DNS rebinding EOSIO François Proulx (@francoisproulx) Bug Bounty2018-07-192023-06-13
4683Into the Borg – SSRF inside Google production network SSRF Google Enguerran Gillier (@opnsec) Bug Bounty2018-07-202023-06-13
4682RCE due to ShowExceptions RCE Information disclosure Debugging enabled NA Harsh Jaiswal (@rootxharsh) Bug Bounty2018-07-202023-06-13
4681Google Assistant Bug Worth $3133.7 ! Reflected XSS Google Circle Ninja (@circleninja) Bug Bounty2018-07-212023-06-13
4680Unclaimed Medium Publication takeover in WeTransfer Medium publication takeover Broken link hijacking WeTransfer Prial Islam Khan (@prial261) Bug Bounty2018-07-212023-06-13
4679IDOR FACEBOOK: malicious person add people to the "Top Fans" IDOR Meta / Facebook Jafar Abo Nada (@Jafar_Abo_Nada) Bug Bounty2018-07-212023-06-13
4678Finding hidden gems vol. 1: forging OAuth tokens using discovered client id and client secret Information disclosure NA Mateusz Olejarka (@molejarka) Bug Bounty2018-07-232023-06-13
4677Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirect great again Open redirect RCE Google Michał Bentkowski (@SecurityMB) Bug Bounty2018-07-242023-06-13
4676Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716] SSTI SEOmatic CMS plugin Sebastian (ha.cker.info) Bug Bounty2018-07-242023-06-13
4675SQL Injection and A silly WAF SQL injection NA Mahmoud Gamal (@Zombiehelp54) Bug Bounty2018-07-252023-06-13
4674Exfiltration via CSS Injection CSS injection NA d0nut (@d0nutptr) Bug Bounty2018-07-252023-06-13
4673How I found XSS on Amazon? XSS Amazon (CloudFront) Coding_Karma (@karma_coded) Bug Bounty2018-07-262023-06-13
4672Binary.com ClickJacking Vulnerability — Exploiting HTML5 Security Features Clickjacking Binary.com Ameer Assadi (@AmeerAssadi) Bug Bounty2018-07-282023-06-13
4671Making a Blind SQL Injection a Little Less Blind SQL injection NA TomNomNom (@tomnomnom) Bug Bounty2018-07-282023-06-13
4670Microsoft Office 365 Stored XSS Stored XSS Microsoft Pethuraj (@Pethuraj) Bug Bounty2018-07-292023-06-13
4669Yahoo — Two XSSi vulnerabilities chained to steal user information. ($750 Bounty) XSSI Yahoo! / Verizon Media Brian Hyde (@0xHyde) Bug Bounty2018-07-292023-06-13
4668Hacking Imgur for Fun and Profit Outdated component with a known vulnerability Information disclosure Imgur Nathan (@NathOnSecurity) Bug Bounty2018-07-292023-06-13
4667How I could access your internal servers, steal and modify your image repository RCE NA thehackerish (@thehackerish) Bug Bounty2018-07-312023-06-13
4666CRLF Injection Into PHP’s cURL Options CRLF injection NA TomNomNom (@tomnomnom) Bug Bounty2018-08-012023-06-13
4665Shipt Subdomain TakeOver via HeroKu ( test.shipt.com ) Subdomain takeover Shipt Mohamed Haron (@m7mdharon) Bug Bounty2018-08-012023-06-13
4664Exploiting a Microsoft Edge Vulnerability to Steal Files SOP bypass Microsoft Ziyahan Albeniz (@ziyaxanalbeniz) Bug Bounty2018-08-012023-06-13
4663Discovering and Exploiting a Vulnerability in Android’s Personal Dictionary (CVE-2018-9375) Privilege escalation Android Google Daniel Kachakil (@Kachakil) Bug Bounty2018-08-012023-06-13