Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4509#BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites! .git folder disclosure Source code disclosure NA Avinash Jain (@logicbomb_1) Bug Bounty2018-10-272023-06-13
4508Journey through Google referer leakage bugs. Information disclosure Referer leakage Google KL Sreeram (@kl_sree) Bug Bounty2018-10-282023-06-13
4507Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable CSRF Clickjacking NA Zseano (@zseano) Bug Bounty2018-10-292023-06-13
4506CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services Memory corruption Google Tamir Zahavi-Brunner (@tamir_zb) Bug Bounty2018-10-302023-06-13
4505IDOR in JWT and the shortest token you will ever see {}.{“uid”: “1234567890”} IDOR NA Plenum (@plenumlab) Bug Bounty2018-10-302023-06-13
4504CSRF %27protection%27 bypass on xvideos CSRF xvideos Zseano (@zseano) Bug Bounty2018-10-302023-06-13
4503It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive knowledge about the program Information disclosure Authentication bypass Account takeover NA Zseano (@zseano) Bug Bounty2018-10-302023-06-13
4502Bypass HackerOne 2FA requirement and reporter blacklist Logic flaw MFA bypass Authentication flaw HackerOne Japz Divino (@japzdivino) Bug Bounty2018-10-312023-06-13
4501Stored XSS in Bug Bounty Stored XSS NA KatsuragiCSL (@ZuuitterE) Bug Bounty2018-11-012023-06-13
4500P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC Information disclosure NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2018-11-012023-06-13
4499Finding hidden gems vol. 3: quick win with .sh file Information disclosure NA Mateusz Olejarka (@molejarka) Bug Bounty2018-11-012023-06-13
4498CVE-2018-11759 – Apache mod_jk access control bypass Path traversal Apache HTTP Server Raphaël Arrouas Bug Bounty2018-11-012023-06-13
4497Imagemagick GIF coder vulnerability leads to memory disclosure (Hackerone) Memory leak Outdated component with a known vulnerability HackerOne Kunal pandey (@kunalp94) Bug Bounty2018-11-022023-06-13
4496How Outdated JIRA Instances suffers from multiple security vulnerabilities? XSS SSRF Visma Yeasir Arafat Bug Bounty2018-11-132023-06-13
4495Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining) Open redirect Token leak Account takeover NA Muhammad Asim Shahzad (@protector47) Bug Bounty2018-11-032023-06-13
4494Unauthenticated RSFTP to Command Injection Path traversal RCE NA Nicodemo Gawronski Bug Bounty2018-11-032023-06-13
4493Duplicate but still cool IDOR Account takeover NA Plenum (@plenumlab) Bug Bounty2018-11-052023-06-13
4492Evernote For Windows Read Local File and Command Execute Vulnerabilities Stored XSS LFI RCE Evernote TongQing Zhu Bug Bounty2018-11-052023-06-13
4491XSS in Dynamics 365 XSS Microsoft Tim Kent (@__timk) Bug Bounty2018-11-062023-06-13
4490WordPress Design Flaw Leads to WooCommerce RCE RCE Automattic (WooCommerce) Simon Scannell (@scannell_simon) Bug Bounty2018-11-062023-06-13
4489Vine User’s Private information disclosure IDOR Information disclosure Vine Prial Islam Khan (@prial261) Bug Bounty2018-11-072023-06-13
4488How I earned 5040$ from Twitter by showing a way to Harvest other users IP address Information disclosure Twitter Prial Islam Khan (@prial261) Bug Bounty2018-11-072023-06-13
4487Object name Exposure — ING Bank Responsible Disclosure Program Information disclosure ING Bank Rohit kumar (@rohitcoder) Bug Bounty2018-11-082023-06-13
4486#bugbounty How I Takeover Microsoft Store. Subdomain takeover Microsoft Sadiq West Bug Bounty2018-11-082023-06-13
4485CVE-2018-9539: Use-after-free vulnerability in privileged Android service Memory corruption Use-After-Free Google Tamir Zahavi-Brunner (@tamir_zb) Bug Bounty2018-11-092023-06-13