Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1942SQL Injection - The File Upload Playground Unrestricted file upload SQL injection NA Jerry Shah (@Jerry) Bug Bounty2022-01-042023-06-13
1872Remote Code Execution in .tgz File Upload RCE Unrestricted file upload NA Nick Berrie (@machevalia) Bug Bounty2022-01-302023-06-13
1809Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN) RCE Unrestricted file upload OS command injection Cisco Quentin Kaiser (@QKaiser) Bug Bounty2022-02-172023-06-13
1735Achieving Remote Code Execution via Unrestricted File Upload Unrestricted file upload RCE NA Haroon Hameed (@HaroonHameed40) Bug Bounty2022-03-142023-06-13
1608Exploiting a File Upload Vulnerability — A Directory Traversal Attack Unrestricted file upload Path traversal NA Kwadwo Amoako Bug Bounty2022-04-202023-06-13
1582Hacking a Bank by Finding a 0day in DotCMS Directory traversal Unrestricted file upload RCE NA Shubham Shah (@infosec_au) Bug Bounty2022-05-032023-06-13
1567How I Paid For My Holiday With Bug Bounty XSS Broken Access Control IDOR Unrestricted file upload NA Tobydavenn Bug Bounty2022-05-082023-06-13
1566Can analyzing javascript files lead to remote code execution? Unrestricted file upload RCE NA Asem Eleraky (@melotover) Bug Bounty2022-05-082023-06-13
1286How I earned 500$ by uploading a file: write-up of one of my first bug bounty Unrestricted file upload Semrush Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-08-022023-06-13
1242File Upload Bypass to RCE == $$$$ Unrestricted file upload RCE NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-122023-06-13
1210RCE on Spip and Root-Me, v2! RCE SSTI DNS rebinding XSS Code injection Unrestricted file upload SPIP Laluka (@TheLaluka) Bug Bounty2022-08-162023-06-13
1100Riding The Inforail To Exploit Ivanti Avalanche Part 2 RCE Insecure deserialization Path traversal Authentication bypass Unrestricted file upload Arbitrary file write Arbitrary file read Ivanti Piotr Bazydło (@chudyPB) Bug Bounty2021-09-082023-06-13
1081How I abused the file upload function to get a high severity vulnerability in Bug Bounty Unrestricted file upload Information disclosure NA Omar Hashem (@OmarHashem666) Bug Bounty2022-09-142023-06-13
984Persistent PHP Payloads In PNGs: How To Inject PHP Code In An Image – And Keep It There ! Unrestricted file upload Code injection RCE NA Quentin Roland (@ROLANDQuentin2) Bug Bounty2022-10-102023-06-13
93023000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite JWT Authentication bypass Arbitrary file write Unrestricted file upload NA Souhaib Naceri (@h4x0r_dz) Bug Bounty2022-10-192023-06-13
868Case of Admin Bypass for RCE, XSS, and Information Disclosure RCE Unrestricted file upload Stored XSS Information disclosure NA Sam Paredes (@caffeinevulns) Bug Bounty2022-11-032023-06-13
867How I hacked into a Cambridge’s server and got appreciation letter. Unrestricted file upload RCE Cambridge Prathamrajgor Bug Bounty2022-11-042023-06-13
864PENTEST TALES: EXIF Data Manipulation Unrestricted file upload Stored XSS NA Armand Jasharaj Bug Bounty2022-11-052023-06-13
808Remote Command Execution in a Bank Server RCE Arbitrary file read Unrestricted file upload NA Bipin Jitiya (@win3zz) Bug Bounty2022-11-182023-06-13
755Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 Unrestricted file upload Security code review RCE Rocket Software Mehdi Elyassa Bug Bounty2022-11-302023-06-13
702Not usual CSP bypass case Unrestricted file upload XSS CSP bypass NA Karol Mazurek Bug Bounty2022-12-122023-06-13
648How I found multiple critical bugs in Red Bull Authentication bypass HTTP response manipulation Path traversal LFI XSS SQL injection RCE Unrestricted file upload RFI Security code review Red Bull Bartłomiej Bergier (@_bergee_) Bug Bounty2022-12-262023-06-13
609Uploading the Webshell using filename of Content-Disposition Header Story! Unrestricted file upload Arbitrary file write NA Yashar Mohagheghi Bug Bounty2023-01-092023-06-13
607Lexmark MC3224adwe RCE exploit RCE SSRF Printer hacking Unrestricted file upload Local Privilege Escalation Lexmark blasty (@bl4sty) Bug Bounty2023-01-092023-06-13
585CVE-2022-21587 (Oracle E-Business Suite Unauthenticated RCE) RCE Unrestricted file upload Zip Slip attack Oracle @vudq16 Bug Bounty2023-01-162023-06-13