Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
243Unveiling the Secrets: My Journey of Hacking Google’s OSS CSRF Self-XSS Google 7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) Bug Bounty2023-03-312023-06-13
238Let’s Hack Citizens Bank XSS Citizens Bank Arman (@M7arm4n) Bug Bounty2023-04-032023-06-13
234Blind XSS via SMS Support Chat — $1100 Bug Bounty! Blind XSS Chatbot NA Chevon Phillip (@ChevonPhillip) Bug Bounty2023-04-032023-06-13
225Exploiting insecure exception logging Blind XSS NA Bogdan Calin Bug Bounty2023-04-052023-06-13
220A web security story from 2008: silently securing JSON.parse Parsing issue XSS Arbitrary Code Execution JSON.parse Mike Samuel (@mvsamuel) Bug Bounty2023-04-062023-06-13
218Stored Cross-Site Scripting (XSS) in Zimbra version 8.8.15_GA_4059 CVE-2022-41348 Stored XSS Zimbra Guillaume Jacques Bug Bounty2023-04-072023-06-13
214A successful prototype pollution chained to a DOM XSS Prototype pollution DOM XSS NA Allam Rachid (@blank_cold) Bug Bounty2023-04-102023-06-13
211CVE-2023-1767 - Stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score Stored XSS Markdown XSS Supply chain attack Snyk Gal Weizman (@WeizmanGal) Bug Bounty2023-04-102023-06-13
204How ChatGPT helped me find a bug XSS File upload NA Abhishekgk Bug Bounty2023-04-112023-06-13
195How do I get cross site scripting(“xss”) in “Nokia” XSS Nokia EL Sayed Mohammed (@ElsayedMo77amed) Bug Bounty2023-04-162023-06-13
185Popping Tags: Exploiting Template Injections in PRTG Network Monitor Reflected XSS CSTI Paessler Peter Szot Bug Bounty2023-04-182023-06-13
175Uncovering a Critical Vulnerability: My Journey of Discovering CVE-2021–31589, a Reflected XSS in LinkedIn Components with known vulnerabilities Reflected XSS LinkedIn Karthikeyan.V (@karthithehacker) Bug Bounty2023-04-202023-06-13
174Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 Bounty Components with known vulnerabilities XSS NA Karthikeyan.V (@karthithehacker) Bug Bounty2023-04-202023-06-13
170Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 Bounty Components with known vulnerabilities XSS NA Karthikeyan.V (@karthithehacker) Bug Bounty2023-04-202023-06-13
159Odoo: Get your Content Type right, or else! XSS Security code review Odoo Dennis Brinkrolf (@DBrinkrolf) Bug Bounty2023-04-242023-06-13
153Finding XSS in a million websites (cPanel CVE-2023-29489) Reflected XSS Security code review cPanel Shubham Shah (@infosec_au) Bug Bounty2023-04-262023-06-13
141Bug Bounty Writeup: Stored XSS Vulnerability WAF Bypass Stored XSS WAF bypass NA Rafael Silva "lopseg" Bug Bounty2023-05-012023-06-13
122A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… postMessage JSONP DOM XSS CORS misconfiguration CSRF WAF bypass NA Julien Cretel (@jub0bs) Bug Bounty2023-05-052023-06-13
116Size matters! When capital letters introduce vulnerabilities XSS Microsoft Mario Stathakopoulos Bug Bounty2023-05-062023-06-13
115How I discovered XSS via triple URL encode XSS WAF bypass NA Muhammed Mubarak Bug Bounty2023-05-072023-06-13
114How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain RCE Unrestricted file upload Stored XSS Information disclosure Directory listing NA Aayush Vishnoi (@AayushVishnoi10) Bug Bounty2023-05-072023-06-13
108Discovery of an XSS on Opera XSS Opera Arman (@M7arm4n) Bug Bounty2023-05-102023-06-13
91Triple Threat: Breaking Teltonika Routers Three Ways IoT RCE OS command injection SSRF XSS Teltonika Roni Gavrilov Bug Bounty2023-05-152023-06-13
73Official extension spoofing attacks: when trusted add-ons are not so trusted Extension spoofing Account takeover XSS NA Yesenia Trejo (@Yess_2021xD) Bug Bounty2023-05-192023-06-13
57how I found a tricky XSS XSS NA Ziad Ali Bug Bounty2023-05-242023-06-13