Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1608Exploiting a File Upload Vulnerability — A Directory Traversal Attack Unrestricted file upload Path traversal NA Kwadwo Amoako Bug Bounty2022-04-202023-06-13
1594Bypassing WAF for $2222 WAF bypass Path traversal NA Divyansh Sharma Bug Bounty2022-04-272023-06-13
1538Leaking Your GitHub Repositories With Snyk Code Path traversal Broken Access Control NA Ron Masas (@RonMasas) Bug Bounty2022-05-202023-06-13
1528Breaking Reverse Proxy Parser Logic Path traversal NA Blake Jacobs (@z0idsec) Bug Bounty2022-05-222023-06-13
1511External Authentication bypass in ingress-nginx Path traversal Authentication bypass Kubernetes Niemiec Marcin (@xvnpw) Bug Bounty2022-05-292023-06-13
1417Unrar Path Traversal Vulnerability affects Zimbra Mail Path traversal Arbitrary file write RCE Zimbra Sonar (@SonarSource) Bug Bounty2022-06-282023-06-13
1416Pwning ManageEngine — From PoC to Exploit: A deep dive into CVE-2020–11531 and CVE-2020–11532 Path traversal RCE Authentication bypass Zoho Erik Wynter (@WynterErik) Bug Bounty2022-06-282023-06-13
1339Write-up: BlogEngine .NET - 0day Discovery Path traversal XXE BlogEngine .NET Jake McCallum (@0xLanks) Bug Bounty2022-07-192023-06-13
1297Arris / Arris-variant DSL/Fiber router critical vulnerability exposure Path traversal Memory corruption ARRIS Derek Abdine (@dabdine) Bug Bounty2022-07-292023-06-13
1284(ZOHO) Manage Engine Desktop Central – SQL Injection / Arbitrary File Write SQL injection Arbitrary file write Path traversal Zoho Tom Ellson (@tde_sec) Bug Bounty2022-08-022023-06-13
1256How I earned a $6000 bug bounty from Cloudflare Path traversal Cloudflare ANDRI Bug Bounty2022-08-102023-06-13
1251Mining Node.js Vulnerabilities via Object Dependence Graph and Query RCE OS command injection Prototype pollution Path traversal NA Song Li Bug Bounty2022-08-102023-06-13
1219We discovered major vulnerabilities in Control Web Panel. Here’s how we found them. Path traversal RCE Weak crypto Password reset Account takeover Centos Web Panel (CWP) Immersive Labs (@immersivelabs) Bug Bounty2022-08-152023-06-13
1191Useless path traversals in Zyxel admin interface (CVE-2022-2030) Path traversal Zyxel Maurizio Agazzini (@0x696e6f6465) Bug Bounty2022-08-222023-06-13
1183Oracle SBC: Multiple Security Vulnerabilities Leading to Unauthorized Access and Denial of Service IDOR Path traversal DoS Oracle Harold Zang Bug Bounty2022-08-232023-06-13
1105QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031) RCE Path traversal Quest Tom Ellson (@tde_sec) Bug Bounty2022-09-082023-06-13
1100Riding The Inforail To Exploit Ivanti Avalanche Part 2 RCE Insecure deserialization Path traversal Authentication bypass Unrestricted file upload Arbitrary file write Arbitrary file read Ivanti Piotr Bazydło (@chudyPB) Bug Bounty2021-09-082023-06-13
1053Tarfile: Exploiting the World With a 15-Year-Old Vulnerability Path traversal Python Kasimir Schulz (@Abraxus7331) Bug Bounty2022-09-212023-06-13
1050Tarfile: Exploiting the World With a 15-Year-Old Vulnerability Path traversal Python Kasimir Schulz (@Abraxus7331) Bug Bounty2022-09-212023-06-13
1021The forgotten IPFS vulnerabilities Web3 hacking Path traversal CORS misconfiguration HTML injection Filecoin Security tintinweb Bug Bounty2022-09-282023-06-13
974Breaking Parser Logic: Gain Access To NGINX Plus API — Read/Write Upstreams. Path traversal NA Cyberlix (@cyberlixio) Bug Bounty2022-10-122023-06-13
960It’s the Little Things : Breaking an AI Path traversal NA Debangshu Kundu (@debangshu_kundu) Bug Bounty2022-10-132023-06-13
950Toner Deaf – Printing your next persistence (Hexacon 2022) Path traversal Arbitrary file write RCE Printer hacking Lexmark Alex Plaskett (@alexjplaskett) Bug Bounty2022-10-172023-06-13
941Remote Code Execution in Melis Platform RCE Path traversal Insecure deserialization Security code review Melis Platform Karim El Ouerghemmi Bug Bounty2022-10-182023-06-13
890CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities RCE Phar deserialization Reflected XSS XPATH injection Path traversal LFI Juniper Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-10-282023-06-13