Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2244SSRF in PDF export with PhantomJs SSRF XSS LFI NA أنس روبي (@xhzeem) Bug Bounty2021-09-072023-06-13
2156Exploiting HTML-to-PDF Converters through HTML Imports XSS LFI NA Mohammed Diaa (@mhmdiaa) Bug Bounty2021-10-102023-06-13
2038VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability LFI SSRF XSS Arbitrary file read VMware Khoa Dinh (@_l0gg) Bug Bounty2021-11-302023-06-13
1917120 Days of High Frequency Hunting SSRF LFI Information disclosure Broken Access Control Authentication bypass XSS SQL injection NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-01-152023-06-13
1901120 Days of Frequent Hacking SSRF LFI Information disclosure XSS SQL injection NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-01-212023-06-13
1899Path Traversal Paradise Path traversal LFI NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-01-232023-06-13
1788CVE-2021-45467: CWP CentOS Web Panel – preauth RCE RCE LFI Arbitrary file write Centos Web Panel (CWP) Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-01-222023-06-13
1780SSRF & LFI In Uploads Feature SSRF LFI HTML injection NA Raymond Lind Bug Bounty2022-02-262023-06-13
1776Pwning a Server using Markdown LFI RCE Hashnode Aditya Dixit (@zombie007o) Bug Bounty2022-02-282023-06-13
1709Targeting Visual Studio Code for macOS: File Discovery and a TCC bypass (kinda) Local Privilege Escalation TCC bypass MacoS Apple Microsoft Alfie Champion (@ajpc500) Bug Bounty2022-03-212023-06-13
1639AWS RDS Vulnerability Leads to AWS Internal Service Credentials LFI AWS Gafnit Amiga (@gafnitav) Bug Bounty2022-04-112023-06-13
1588Sensitive Data Exfiltration through XSS ($450) Token leak NA Zulfi Al-Farizi Bug Bounty2022-04-302023-06-13
1575Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) XSS CSRF Account takeover NA Zulfi Al-Farizi Bug Bounty2022-05-062023-06-13
1539Research: Auditing WordPress Plugins SQL injection LFI XSS RCE NA cy//ective (@cyllective) Bug Bounty2022-05-202023-06-13
1506From open redirect to RCE in one week Open redirect SSRF Insecure deserialization LFI RCE Mail.ru byq (@ByQwert) Bug Bounty2022-05-312023-06-13
1388Advisory | GLPI Service Management Software Multiple Vulnerabilities and Remote Code Execution SQL injection RCE LFI GLPI Nuri Çilengir (@ncilengir) Bug Bounty2022-07-082023-06-13
1340Local File Inclusion (interesting method) LFI NA Captain hook Bug Bounty2022-07-192023-06-13
1269Stored XSS in app.gitbook.com Stored XSS GitBook Mohammad Alfin Hidayatullah (@Alpinbrainsec) Bug Bounty2022-08-082023-06-13
1209Critical Local File Read in Electron Desktop App LFI Asana Renwa (@RenwaX23) Bug Bounty2022-08-172023-06-13
915SSRF & LFI In Uploads Feature SSRF LFI NA Raymond Lind Bug Bounty2022-10-242023-06-13
890CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities RCE Phar deserialization Reflected XSS XPATH injection Path traversal LFI Juniper Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-10-282023-06-13
841From Shodan Dork to Grafana 📊Local File Inclusion LFI Old components with known vulnerabilities NA Anurag__Verma Bug Bounty2022-11-112023-06-13
748Bypassing The Client Side Encryption To Read Internal Windows Server Files Client-side encryption bypass LFI Security code review NA Abhishek Morla (@abhishekmorla) Bug Bounty2022-12-012023-06-13
742Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway XSS CRLF injection SSRF LFI Local Privilege Escalation Arbitrary file read Proxmox JianTao Li (@cursered) Bug Bounty2022-12-022023-06-13
648How I found multiple critical bugs in Red Bull Authentication bypass HTTP response manipulation Path traversal LFI XSS SQL injection RCE Unrestricted file upload RFI Security code review Red Bull Bartłomiej Bergier (@_bergee_) Bug Bounty2022-12-262023-06-13