Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1389stored XSS and stored HTML Injection in United Nations Website XSS HTML injection United Nations Ahmed Hassan Bug Bounty2022-07-082023-06-13
1387Flash XSS in ajax.googleapis.com XSS Google R ando (@Rando02355205) Bug Bounty2022-07-082023-06-13
1381How we have pwned Root-Me in 2022 XSS CSRF RCE SPIP SpawnZii (@SpawnZii) Bug Bounty2022-07-122023-06-13
1375Leveraging the SQL Injection to Execute the XSS by Evading CSP CSP bypass SQL injection XSS NA Nirmal Dahal (@TheNittam) Bug Bounty2022-07-122023-06-13
1370Microsoft Teams — Cross Site Scripting (XSS) Bypass CSP XSS CSP bypass HTML injection Microsoft Numan Turle (@numanturle) Bug Bounty2022-07-132023-06-13
1369From Open Redirect to Reflected XSS manually Open redirect Reflected XSS NA Rodric Bug Bounty2022-07-142023-06-13
1366Tableau Server Leaks Sensitive Information From Reflected XSS Reflected XSS Salesforce Simon Bouchard (@SimTwisted) Bug Bounty2022-07-142023-06-13
1355CRLF to Account takeover (chaining bugs) CRLF injection XSS Account takeover NA MoSec (@moe1n1) Bug Bounty2022-07-162023-06-13
1354Going beyond Alert with XSS XSS Account takeover NA pipsh Bug Bounty2022-07-162023-06-13
1351CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to Jellyfin Broken Access Control XSS jellyfin Dan Barros Bug Bounty2022-07-182023-06-13
1328WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security SQL injection XSS Account takeover WordPress Julien Ahrens (@MrTuxracer) Bug Bounty2022-07-222023-06-13
1306Google XSS XSS Google NDevTK (@ndevtk) Bug Bounty2022-07-262023-06-13
1300Researching Open Source apps for XSS to RCE flaws XSS RCE NA Aleksey Solovev Bug Bounty2022-07-282023-06-13
1295Discord Desktop - Remote Code Execution RCE XSS Sandbox bypass CSP bypass Discord s1r1us (@s1r1u5_) Bug Bounty2022-07-292023-06-13
1291How I get Full Account Takeover via stealing action’s login form | XSS XSS Account takeover NA Mohamed Tarek (@timooon107) Bug Bounty2022-08-012023-06-13
1288Stored XSS to Account Takeover : Going beyond document.cookie | Stealing Session Data from IndexedDB Stored XSS Account takeover NA Syed Mushfik Hasan Tahsin (@SMHTahsin33) Bug Bounty2022-08-022023-06-13
1283XSS in Gmail%27s Amp4Email XSS Google Adi "Adico" Cohen (@wir3less2) Bug Bounty2022-08-022023-06-13
1280Came looking for SSRF and found XSS XSS WAF bypass NA Ibrahim Radi (@ibraradi9) Bug Bounty2022-08-042023-06-13
1269Stored XSS in app.gitbook.com Stored XSS GitBook Mohammad Alfin Hidayatullah (@Alpinbrainsec) Bug Bounty2022-08-082023-06-13
1266Bypassed Cloudflare’s Web Application Firewall (WAF) XSS HTML injection WAF bypass NA Ansh Vaid (@anshvaid4) Bug Bounty2022-08-092023-06-13
1259Defeat the HttpOnly flag to achieve Account Takeover | RXSS Reflected XSS Account takeover NA Mohamed Tarek (@timooon107) Bug Bounty2022-08-102023-06-13
1248My Experience on Hacking the Dutch Government XSS Open redirect CSRF Account takeover Dutch Government Jefferson Gonzales (@gonzxph) Bug Bounty2022-08-112023-06-13
1239How I found an XSS vulnerability via using emojis XSS Swisscom Patrik Fabian Bug Bounty2022-08-122023-06-13
1237DOM Cross-Site Scripting Via postMessage in AnnounceKit DOM XSS Announcekit Lorenzo Stella (@lorenzostella) Bug Bounty2022-08-122023-06-13
1233Escalating Open Redirect to XSS Open redirect XSS NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-132023-06-13