Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1538Leaking Your GitHub Repositories With Snyk Code Path traversal Broken Access Control NA Ron Masas (@RonMasas) Bug Bounty2022-05-202023-06-13
1440We were vulnerable - how a security company could have vulns Broken Access Control Authorization flaw Information disclosure Volkis Soman Verma Bug Bounty2022-06-222023-06-13
1433An Out Of Scope domain Leads To a Critical Bug[$1500] Authorization flaw Broken Access Control NA Shakti Mohanty (@3ncryptSaan) Bug Bounty2022-06-242023-06-13
1420Access control worth $2000 (everyone missed this IDOR+Access control between two admins.) IDOR Broken Access Control NA dhakal_bibek (@dhakal__bibek) Bug Bounty2022-06-282023-06-13
1400We Hacked Larksuite For 1 month and Here is what we found XSS IDOR Privilege escalation Broken Access Control CSRF 40x bypass Lark Technologies Snap Sec (@snap_sec) Bug Bounty2022-07-042023-06-13
1351CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to Jellyfin Broken Access Control XSS jellyfin Dan Barros Bug Bounty2022-07-182023-06-13
1321Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505) Memory corruption DoS Broken Access Control Sensitive Information Sent Over an Unencrypted Channel Nuki Daniel Romero (@daniel_rome) Bug Bounty2022-07-252023-06-13
1058Securing Developer Tools: OneDev Remote Code Execution RCE SSRF Broken Access Control Container escape OneDev Paul Gerste Bug Bounty2022-09-202023-06-13
980[Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I] Broken Access Control Android NA Abdelhak Kharroubi Bug Bounty2022-10-102023-06-13
971Broken Access Control leads to full team takeover and privilege escalation Broken Access Control Privilege escalation NA Abdelhameed Ghazy (@El3Etraa1) Bug Bounty2022-10-122023-06-13
918Finding Multiple Security Issues on Agorapulse Log4shell RCE Information disclosure Broken Access Control Privilege escalation Agorapulse Snap Sec (@snap_sec) Bug Bounty2022-10-242023-06-13
917Atlassian Jira Align, Version 10.107.4 Advisory SSRF Broken Access Control Privilege escalation Atlassian Jacob Shafer (@fibbot) Bug Bounty2022-10-242023-06-13
876Improper Access Control — My Third Finding on Hackerone! HTML injection Broken Access Control NA mehedishakeel (@mehedishakeel) Bug Bounty2022-11-022023-06-13
769Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames IDOR Broken Access Control Android IoT Ourphoto Nick M (@1oopho1e) Bug Bounty2022-11-262023-06-13
763The Untold SendBird Misconfigurations Broken Access Control SendBird LTiDi (@dunglt140150) Bug Bounty2022-11-272023-06-13
761Broken access control + misconfiguration = Beautiful privilege escalation Broken Access Control Privilege escalation NA Hossam Mesbah (@m359ah) Bug Bounty2022-11-282023-06-13
699AWS ECR Public Vulnerability Cloud Privilege escalation Broken Access Control AWS Gafnit Amiga (@gafnitav) Bug Bounty2022-12-132023-06-13
695Privilege escalation leads to deleting other user’s account and company Workspace [Access Control] Privilege escalation Broken Access Control NA Pratik Gaikwad Bug Bounty2022-12-142023-06-13
605Full Team Takeover Broken Access Control Logic flaw NA Tuhin Bose (@tuhin1729_) Bug Bounty2023-01-092023-06-13
602Full Team Takeover Account takeover Broken Access Control NA Tuhin Bose (@tuhin1729_) Bug Bounty2023-01-092023-06-13
586Full Account Take Over by very simple trick. Account takeover Broken Access Control NA XeRox01 (@xerox0x1) Bug Bounty2023-01-162023-06-13
560Vulnerabilities in ManageEngine ADSelfService Plus 6.1 build 6117 RCE OS command injection Broken Access Control Zoho (ManageEngine) Antoine Cervoise (@acervoise) Bug Bounty2023-01-202023-06-13
467We Hacked GitHub for a Month: Here’s What We Found Pre-account takeover Broken Access Control Email verification bypass Logic flaw GitHub Shivam Kumar Singh (@MrRajputHacker) Bug Bounty2023-02-112023-06-13
432[1500$ Worth — Slack] vulnerability, bypass invite accept process Broken Access Control Logic flaw Slack Sirat Sami (@siratsami71) Bug Bounty2023-02-202023-06-13
430Exposing 185M+ Indians’ Personal Information and much more Broken Access Control IDOR Information disclosure Aadhaar CERT-In Robin Justin (@_robinjustin_) Bug Bounty2023-02-202023-06-13