Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2363From Hobby to Hacking Unrestricted file upload RCE Missing authentication NA Muhammad Syahrul Haniawan (@b0x_in) Bug Bounty2021-07-312023-06-13
2252Bypassed! and uploaded a sweet reverse shell Unrestricted file upload NA Ajay Sharma (@security_donut) Bug Bounty2021-09-052023-06-13
2142Independently Secure, Together Not So Much – A Story Of 2 WP Plugins RCE Race condition Unrestricted file upload Security code review NA Adrian Tiron (@Adrian__T) Bug Bounty2021-10-172023-06-13
2089Unrestricted File Upload Leads to SSRF and RCE ImageTragick Unrestricted file upload SSRF RCE NA Muhammad Adel (@ItsFadinG_) Bug Bounty2021-11-112023-06-13
2073Diving into Open-source LMS Codebases Insecure file upload Insecure deserialization RCE CSRF SQL injection Reflected XSS Moodle Chamilo LMS Poh Jia Hao (@Chocologicall) Bug Bounty2021-11-162023-06-13
2009File Upload to RCE Unrestricted file upload NA Ahmed Magdy (@8Ahmed88Magdy8) Bug Bounty2021-12-092023-06-13
1988Stored XSS by bypassing signature XSS Unrestricted file upload NA Abdulrahman Makki (@AMakki1337) Bug Bounty2021-12-202023-06-13
1969XSS via file upload XSS Unrestricted file upload NA Jay Sharma Bug Bounty2021-12-272023-06-13
1942SQL Injection - The File Upload Playground Unrestricted file upload SQL injection NA Jerry Shah (@Jerry) Bug Bounty2022-01-042023-06-13
1872Remote Code Execution in .tgz File Upload RCE Unrestricted file upload NA Nick Berrie (@machevalia) Bug Bounty2022-01-302023-06-13
1809Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN) RCE Unrestricted file upload OS command injection Cisco Quentin Kaiser (@QKaiser) Bug Bounty2022-02-172023-06-13
1735Achieving Remote Code Execution via Unrestricted File Upload Unrestricted file upload RCE NA Haroon Hameed (@HaroonHameed40) Bug Bounty2022-03-142023-06-13
1644XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain XSS HTML injection Huawei Ahmed Hassan Bug Bounty2022-04-102023-06-13
1608Exploiting a File Upload Vulnerability — A Directory Traversal Attack Unrestricted file upload Path traversal NA Kwadwo Amoako Bug Bounty2022-04-202023-06-13
1582Hacking a Bank by Finding a 0day in DotCMS Directory traversal Unrestricted file upload RCE NA Shubham Shah (@infosec_au) Bug Bounty2022-05-032023-06-13
1575Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) XSS CSRF Account takeover NA Zulfi Al-Farizi Bug Bounty2022-05-062023-06-13
1567How I Paid For My Holiday With Bug Bounty XSS Broken Access Control IDOR Unrestricted file upload NA Tobydavenn Bug Bounty2022-05-082023-06-13
1566Can analyzing javascript files lead to remote code execution? Unrestricted file upload RCE NA Asem Eleraky (@melotover) Bug Bounty2022-05-082023-06-13
1286How I earned 500$ by uploading a file: write-up of one of my first bug bounty Unrestricted file upload Semrush Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-08-022023-06-13
1242File Upload Bypass to RCE == $$$$ Unrestricted file upload RCE NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-122023-06-13
1210RCE on Spip and Root-Me, v2! RCE SSTI DNS rebinding XSS Code injection Unrestricted file upload SPIP Laluka (@TheLaluka) Bug Bounty2022-08-162023-06-13
1100Riding The Inforail To Exploit Ivanti Avalanche Part 2 RCE Insecure deserialization Path traversal Authentication bypass Unrestricted file upload Arbitrary file write Arbitrary file read Ivanti Piotr Bazydło (@chudyPB) Bug Bounty2021-09-082023-06-13
1081How I abused the file upload function to get a high severity vulnerability in Bug Bounty Unrestricted file upload Information disclosure NA Omar Hashem (@OmarHashem666) Bug Bounty2022-09-142023-06-13
984Persistent PHP Payloads In PNGs: How To Inject PHP Code In An Image – And Keep It There ! Unrestricted file upload Code injection RCE NA Quentin Roland (@ROLANDQuentin2) Bug Bounty2022-10-102023-06-13
93023000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite JWT Authentication bypass Arbitrary file write Unrestricted file upload NA Souhaib Naceri (@h4x0r_dz) Bug Bounty2022-10-192023-06-13