Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4585Persistent Cross-Site Scripting on redacted worth $2,000 Stored XSS NA Muhammad Asim Shahzad (@protector47) Bug Bounty2018-09-152023-06-13
4584IDOR User Account Takeover By Connecting My Facebook Account with victims Account IDOR Meta / Facebook Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-09-162023-06-13
4583User Account takeover in India’s largest digital business company Account takeover OTP bypass NA Minali Arora (@AroraMinali) Bug Bounty2018-09-162023-06-13
4582XSS Vulnerabilities in Multiple iFrame Busters Affecting Top Tier Sites XSS Google Randy Westergren (@RandyWestergren) Bug Bounty2018-09-172023-06-13
4581Reflected XSS at Philips.com Reflected XSS Philips Jonathan Bouman (@JonathanBouman) Bug Bounty2018-09-172023-06-13
4580Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution ) LFI Unrestricted file upload RCE NA Armaan Pathan (@armaancrockroax) Bug Bounty2018-09-182023-06-13
4579Facebook $750 Reward for a Simple Bug Authentication bypass Logic flaw Meta / Facebook Aman Shahid (@amansmughal) Bug Bounty2018-09-182023-06-13
4578How i bypassed AKAMAI KONA WAF , XSS in overstock.com ! XSS Overstock.com Oktavandi (@0ktavandi) Bug Bounty2018-09-182023-06-13
4577Bypassing Authentication Using Javascript Debugger. Authentication bypass NA Mohit Dabas (@mohitdabas08) Bug Bounty2018-09-182023-06-13
4576Local file inclusion at IKEA.com LFI Ikea Jonathan Bouman (@JonathanBouman) Bug Bounty2018-09-192023-06-13
4575Shopify Athena Bug Authorization flaw Information disclosure Shopify Rojan Rijal (@uraniumhacker) Bug Bounty2018-09-202023-06-13
4574Another XSS in Google Colaboratory XSS Google Michał Bentkowski (@SecurityMB) Bug Bounty2018-09-202023-06-13
4573Bypassing Firebase authorization to create custom goo.gl subdomains Logic flaw IDOR Google Thomas Orlita (@ThomasOrlita) Bug Bounty2018-09-212023-06-13
4572R-XSS -> CSRF bypass to account takeover/ Reflected XSS CSRF NA Nirmal Dahal (@TheNittam) Bug Bounty2018-09-212023-06-13
4571How I XSS’ed Uber and Bypassed CSP Reflected XSS Uber Efkan (@mefkansec) Bug Bounty2018-09-222023-06-13
4570Responsible disclosure: retrieving a user%27s private Facebook friends. Logic flaw Authorization flaw Information disclosure Meta / Facebook Riccardo Padovani (@rpadovani93) Bug Bounty2018-09-232023-06-13
4569Subdomain Takeover via Unsecured S3 Bucket Connected to the Website Subdomain takeover NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-09-242023-06-13
4568Weaponizing XSS Attacking Internal System Blind XSS NA Rahul R Bug Bounty2018-09-252023-06-13
4567[XSS] survey.dropbox.com XSS Dropbox Kumar Bug Bounty2018-09-252023-06-13
4566How I got $4000 from Visma for RCE RCE Visma Ratnadip Gajbhiye (@scspcommunity) Bug Bounty2018-09-252023-06-13
4565Arbitrary File Read in one of the largest CRMs LFI NA Richard Clifford (@MantisSTS) Bug Bounty2018-09-262023-06-13
4564Thick Client — Attacking databases the fun/easy way Thick client Credentials sent over unencrypted channel NA Richard Clifford (@MantisSTS) Bug Bounty2018-09-262023-06-13
4563#BugBounty — From finding Jenkins instance to Command Execution.Secure your Jenkins Instance! RCE Exposed Jenkins instance NA Avinash Jain (@logicbomb_1) Bug Bounty2018-09-272023-06-13
4562Just another tale of severe bugs on a private program. Open redirect SSRF IDOR Logic flaw NA Siva Krishna Samireddi (@le4rner) Bug Bounty2018-09-282023-06-13
4561IDOR, Content Spoofing and Url Redirection via unsubscribe email in Confluent IDOR Content spoofing Open redirect Confluent Divyanshu Shukla (@justm0rph3u5) Bug Bounty2018-09-282023-06-13