Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4416#BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account” OAuth Authentication bypass Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2018-12-132023-06-13
4403Exploiting Two Endpoints to get Account Takeover Authorization flaw Privilege escalation NA Hritik Sharma Bug Bounty2018-12-192023-06-13
4395Tokopedia Account Takeover Bug Worth 8 Million IDR Password reset Account takeover Tokopedia Mukul Lohar (@ironfisto) Bug Bounty2018-12-242023-06-13
4390How I Was Able To Takeover All User Account And Admin Panel IDOR Account takeover NA Dipak kumar Das (@d1pakdas) Bug Bounty2018-12-282023-06-13
4389How I Takeover Wordpress Admin fiiipay.my Account takeover CMS default files FiiiPay Syahrul Akbar Rohmani (@sahruldotid) Bug Bounty2018-12-282023-06-13
4377How I could have taken over any Pinterest account CSRF Account takeover Pinterest Arnold Anthony (@armold9anthony) Bug Bounty2019-01-052023-06-13
4359Oauth Misconfiguration lead to complete account takeover CSRF OAuth Account takeover NA Jackson kv (@Jacksonkv22) Bug Bounty2019-01-202023-06-13
4262Account Takeover Using Cross-Site WebSocket Hijacking (CSWH) Cross-Site WebSocket Hijacking (CSWH) Account takeover NA Sharan Panegav (@PanegavSharan) Bug Bounty2019-03-092023-06-13
4250User Account Takeover [Password Change]— Nice Catch! Account takeover Password reset NA Rohit kumar (@rohitcoder) Bug Bounty2019-03-142023-06-13
4214Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice SSRF Path traversal Account takeover Uber Ron Chan (@ngalongc) Bug Bounty2019-04-072023-06-13
4207Account Takeover by chaining two vulnerabilities. CSRF Open redirect Account takeover NA Sheraz Khalid Bug Bounty2019-04-102023-06-13
4206Unauthenticated Account Takeover Through HTTP Leak HTML injection HTTP Leak Account takeover NA Nikhil (niks) (@niksthehacker) Bug Bounty2019-04-112023-06-13
4179Stealing local storage data through XSS Stored XSS Account takeover NA Harshad Gaikwad (@h4rsh4d) Bug Bounty2019-04-252023-06-13
4169From Reflected XSS to Account Takeover — Showing XSS Impact Reflected XSS Account takeover NA A Bug’z Life (@abugzlife1) Bug Bounty2019-04-302023-06-13
4164Why You Shouldn%27t Use a Password Manager For Your Linode Account Account takeover Information disclosure Linode Utku Şen (@utkusen) Bug Bounty2019-05-022023-06-13
41584x CSRFs Chained For Company Account Takeover CSRF Account takeover NA A Bug’z Life (@abugzlife1) Bug Bounty2019-05-082023-06-13
4146Open-redirect to Account Takeover. Open redirect Account takeover NA Rishabh (@____cypher____) Bug Bounty2019-05-192023-06-13
4129My First CSRF to Account Takeover worth $750 CSRF Account takeover NA Nishant Saurav (@inishantsinha) Bug Bounty2019-05-302023-06-13
4115Account takeover using IDOR and the misleading case of error 403. IDOR NA Plenum (@plenumlab) Bug Bounty2019-06-112023-06-13
4109IDOR — Account Takeover IDOR NA Saad Ahmed (@XSaadAhmedX) Bug Bounty2019-06-142023-06-13
4101Account Takeover Worth $900 Account takeover CSRF NA Saad Ahmed (@XSaadAhmedX) Bug Bounty2019-06-162023-06-13
4091Account Takeover with Clickjacking Clickjacking NA Osama Avvan (@osamaavvan) Bug Bounty2019-06-192023-06-13
4089How a classical XSS can lead to persistent ATO Vulnerability? XSS Account takeover NA Milind Purswani (@MilindPurswani) Bug Bounty2019-06-192023-06-13
4080Password Reset Vulnerability — Full Account takeover (Insecure Direct Object Reference) Password reset IDOR Account takeover NA Muhammad Asim Shahzad (@protector47) Bug Bounty2019-06-222023-06-13
40731-Click Account Takeover in Virgool.io — a Nice Case Study Account takeover Open redirect NA Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2019-06-272023-06-13