Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2186Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS) Stored XSS Apple Bobby Rauch / Bobbyr Bug Bounty2021-09-282023-06-13
2185"A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild Prototype pollution XSS Apple Atlassian Mozilla HubSpot Segment Analytics Sergey Bobrov (@black2fan) Bug Bounty2021-09-282023-06-13
2177Privilege Escalation to stored XSS Privilege escalation HTTP response manipulation Stored XSS NA Rohit Kumar (Rohit_443) Bug Bounty2021-10-012023-06-13
2168[EN] Stored XSS in the administrator’s panel due to misuse of MarkupSafe Stored XSS pass Culture Aethlios (@AethliosIK) Bug Bounty2021-10-062023-06-13
2166Hacking Netflix Eureka! SSRF XSS Netflix Maxim Tyukov (@maxtyukov) Bug Bounty2021-10-062023-06-13
2159Stumbling across a DOM XSS on google.com DOM XSS Google tkiela (@svennergr) Bug Bounty2021-10-102023-06-13
2156Exploiting HTML-to-PDF Converters through HTML Imports XSS LFI NA Mohammed Diaa (@mhmdiaa) Bug Bounty2021-10-102023-06-13
2133Moodle - Stored XSS and blind SSRF possible via feedback answer text Stored XSS SSRF Moodle rekter0 (@rekter0) Bug Bounty2021-10-222023-06-13
2114Write Up – XSS Stored In api.media.atlassian.com Via Doc File (iOS) Stored XSS Atlassian Omar Espino (@omespino) Bug Bounty2021-10-282023-06-13
2107How i made 500$ with XSS XSS Account takeover NA Nassim Chami (@nvccim) Bug Bounty2021-11-012023-06-13
2088Write Up – Google VRP Bug Bounty: /etc/environment Local Variables Exfiltrated On Linux Google Earth Pro Desktop App – $1,337 USD XSS Google Omar Espino (@omespino) Bug Bounty2021-11-112023-06-13
2073Diving into Open-source LMS Codebases Insecure file upload Insecure deserialization RCE CSRF SQL injection Reflected XSS Moodle Chamilo LMS Poh Jia Hao (@Chocologicall) Bug Bounty2021-11-162023-06-13
2070The tale of CVE-2021–34479 (VSCode XSS) XSS CSP bypass Microsoft Daniel Santos (@bananabr) Bug Bounty2021-11-172023-06-13
2063Exploiting OAuth: Journey to Account Takeover Account takeover OAuth XSS Weak CSP CSRF NA Aditya Dixit (@zombie007o) Bug Bounty2021-11-192023-06-13
2059[BugBounty] XSS with Markdown — Exploit & Fix on OpenSource XSS NA Lê Thành Phúc Bug Bounty2021-11-222023-06-13
2055Finding XSS on .apple.com and building a proof of concept to leak your PII information XSS Apple Zseano (@zseano) Bug Bounty2021-11-232023-06-13
2050How I Found My First XSS Bug XSS Atlassian Thedarkwayg (@shadow_CLAY) Bug Bounty2021-11-252023-06-13
2045SEC-596 Reflected XSS cPanel sh1yo (@sh1yo_) Bug Bounty2021-11-292023-06-13
2040NodeBB 1.18.4 - Remote Code Execution With One Shot RCE XSS Authentication bypass Arbitrary file read NodeBB Sonar (@SonarSource) Bug Bounty2021-11-302023-06-13
2038VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability LFI SSRF XSS Arbitrary file read VMware Khoa Dinh (@_l0gg) Bug Bounty2021-11-302023-06-13
2037HTTP Header Injection In Citrix ADC And Citrix Gateway (CVE-2020-8300, CVE-2021-22927) Host header injection XSS Citrix Systems Wolfgang Ettlinger Bug Bounty2021-11-302023-06-13
2030AWS SageMaker Jupyter Notebook Instance Takeover Self-XSS CSRF RCE AWS Gafnit Amiga (@gafnitav) Bug Bounty2021-12-022023-06-13
2027Write Up – XSS Stored In files.slack.com Via XML/SVG File (iOS) – $1,000 USD XSS Slack Omar Espino (@omespino) Bug Bounty2021-12-032023-06-13
2012Account Takeover via Stored XSS Account takeover Stored XSS NA Demon (@R29k_) Bug Bounty2021-12-092023-06-13
2001SVG based Stored XSS Stored XSS NA xaonan44 Bug Bounty2021-12-122023-06-13