Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4427Change Anyone’s profile picture-Exploiting IDOR IDOR NA Rupika Luhach (@Rup_Ki_Rani) Bug Bounty2018-12-092023-06-13
4426My first bug bounty writeup XSS HTML injection Indeed Sampanna Chimoriya Bug Bounty2018-12-102023-06-13
4425Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over Account takeover Privilege escalation Bruteforce NA Plenum (@plenumlab) Bug Bounty2018-12-102023-06-13
4424How I was able to generate Access Tokens for any Facebook user. IDOR Information disclosure Meta / Facebook Youssef Sammouda (@samm0uda) Bug Bounty2018-12-112023-06-13
4423How I could have stolen your photos from Google Parameter tampering Authorization flaw IDOR Google Gergő Turcsányi (@GergoTurcsanyi) Bug Bounty2018-12-112023-06-13
4422Microsoft Account Takeover Vulnerability Affecting 400 Million Users Subdomain takeover OAuth Meta / Facebook Aviva Zacks Bug Bounty2018-12-112023-06-13
4421How i was able to pwned application by Bypassing Cloudflare WAF WAF bypass NA gujjuboy10x00 (@vis_hacker) Bug Bounty2018-12-122023-06-13
4419Second bite on GitLab, and some interesting Ruby functions/features RCE GitLab Nyangawa Bug Bounty2018-12-122023-06-13
4418[Open redirect] Developers are lazy(or maybe busy) Open redirect NA KatsuragiCSL (@ZuuitterE) Bug Bounty2018-12-122023-06-13
4417Exploiting XXE with local DTD files XXE NA Arseniy Sharoglazov (@_mohemiv) Bug Bounty2018-12-132023-06-13
4416#BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account” OAuth Authentication bypass Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2018-12-132023-06-13
4415Chaining Two Vulnerabilities to Break Facebook Appointment Times For the Second Time Logic flaw Application-level DoS Meta / Facebook Max Pasqua Bug Bounty2018-12-142023-06-13
4414Unremovable Tags In Facebook Page Reviews Logic flaw Meta / Facebook Max Pasqua Bug Bounty2018-12-142023-06-13
4413$3k Bug Bounty - Twitter%27s OAuth Mistakes OAuth Twitter Terence Eden (@edent) Bug Bounty2018-12-142023-06-13
4412XSSing Google Code-in thanks to improperly escaped JSON data XSS Google Thomas Orlita (@ThomasOrlita) Bug Bounty2018-12-142023-06-13
4411Remote Code Execution on a Facebook server LFI RCE CSRF phpMyAdmin Daniel Le Gall (@Blaklis_) Bug Bounty2018-12-142023-06-13
4410CVE-2018-20139 - Daikin Emura Series - Arbitrary Remote Control via DNS Rebinding DNS rebinding Daikin Europe void (@voidz0r) Bug Bounty2018-12-142023-06-13
4409Self XSS to Interesting Stored XSS Stored XSS NA Rohan aggarwal (@nahoragg) Bug Bounty2018-12-152023-06-13
4408Accessing VoIP Internal service via Port 8009: Routing traffic through local Apache proxy Information disclosure NA Ahmed A. Sherif Bug Bounty2018-12-162023-06-13
4407Reading ASP secrets for $17,000 Local file disclosure (LFD) NA Sam Curry (@samwcyo) Bug Bounty2018-12-162023-06-13
4406Subdomain Takeover — New Level Subdomain takeover NA Valeriy Shevchenko (@Krevetk0Valeriy) Bug Bounty2018-12-172023-06-13
4405WordPress Privilege Escalation through Post Types Privilege escalation Stored XSS Object injection WordPress Simon Scannell (@scannell_simon) Bug Bounty2018-12-172023-06-13
4404Asus’S Admin Panel Auth Bypass Authentication bypass Asus Mustafa Khan (@by6153) Bug Bounty2018-12-182023-06-13
4403Exploiting Two Endpoints to get Account Takeover Authorization flaw Privilege escalation NA Hritik Sharma Bug Bounty2018-12-192023-06-13
4402Story of my two (but actually three) RCEs in SharePoint in 2018 RCE Microsoft Soroush Dalili (@irsdl) Bug Bounty2018-12-192023-06-13