Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2138Exploiting Request forgery on Mobile Applications. CSRF Account takeover Android iOS Pinterest Sayed Abdelhafiz (@dPhoeniixx) Bug Bounty2021-10-192023-06-13
2071Keybase App Vulnerability: Incomplete Cleanup of Messages In Keybase for Android/iOS, CVE-2021-34421 Information disclosure Keybase Olivia O’Hara (@oliviaohara) Bug Bounty2021-11-172023-06-13
1959WhatsApp for Android Retains Deleted Contacts Locally Privacy issue Meta / Facebook Nightwatch Cybersecurity (@nightwatchcyber) Bug Bounty2021-12-302023-06-13
1921Xiaomi Execute Arbitrary JavaScript XSS HTML injection Android Xiaomi Neil Mark Ochea (@nmochea) Bug Bounty2022-01-132023-06-13
1918RCE In Adobe Acrobat Reader For Android(CVE-2021-40724) RCE Path traversal Android Google Adobe sunny (@hulkvision) Bug Bounty2022-01-142023-06-13
1912Write Up – Private Bug Bounty: Firebase Database Exposed By Misconfiguration – $2,000 USD Android Insecure Firebase database NA Omar Espino (@omespino) Bug Bounty2022-01-172023-06-13
1902Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s meeting. Insecure deeplink Android NA Quel (@RootIntrud3r) Bug Bounty2022-01-212023-06-13
1859Abusing Facebooks `Call To Action` To Launch Internal Deeplinks CSRF Android iOS Meta / Facebook Ashley King (@AshleyKingUK) Bug Bounty2022-02-022023-06-13
1847Auth Bypass in com.google.android.googlequicksearchbox Authentication bypass Google David Schütz (@xdavidhu) Bug Bounty2022-02-062023-06-13
1789Write Up – Android Application Screen Lock Bypass Via ADB Brute Forcing Android Bruteforce Authentication bypass NA Omar Espino (@omespino) Bug Bounty2022-02-222023-06-13
1703When Equal is Not, Another WebView Takeover Story Android NA Dimitrios Valsamaras (@Ch0pin) Bug Bounty2022-03-222023-06-13
1674Write Up – Finapi (Open Banking API) Oauth Credentials Exposed In Plain Text In Android App Hardcoded credentials Android NA Omar Espino (@omespino) Bug Bounty2022-04-012023-06-13
1577Samsung Flow - Any App Can Read The External Storage Android Insecure intent Samsung Ken Gannon (@Yogehi) Bug Bounty2022-05-042023-06-13
1576Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store Android Insecure intent Samsung Ken Gannon (@Yogehi) Bug Bounty2022-05-042023-06-13
1555From android app to access admin dashboard Exposed registration page Account takeover NA Oday Alhalabi (@OdayAlhalabi) Bug Bounty2022-05-132023-06-13
1552Impact of an Insecure DeepLink Insecure deeplink Android CafeBazaar Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2022-05-162023-06-13
1457XSS Blind Stored at Asset Domain Android Apps TikTok Stored XSS TikTok Aidil Arief Bug Bounty2022-06-162023-06-13
1456The Android kernel mitigations obstacle race Memory corruption Android Qualcomm Man Yue Mo (@mmolgtm) Bug Bounty2022-06-162023-06-13
1445Hacking into the worldwide Jacuzzi SmartTub network SPA Android JWT Privilege escalation Mass assignment Jacuzzi Group SmartTub Eaton Z. (@XeEaton) Bug Bounty2022-06-202023-06-13
1437Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006) Authentication bypass Lock screen bypass Google Joshua Nearchos Bug Bounty2022-06-232023-06-13
1337React debug.keystore key was trusted by Meta(Facebook) which caused to Instagram account takeover by malicious apps. Account takeover Android Meta / Facebook Dzmitry Lukyanenka (@vulnano) Bug Bounty2022-07-192023-06-13
1261The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) Memory corruption Race condition Local Privilege Escalation Android Linux Kernel Organization Google Samsung Xingyu Jin Bug Bounty2022-08-102023-06-13
1250Identity Confusion in WebView-based Mobile App-in-app Ecosystems Android iOS Alipay Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang & Min Yang Bug Bounty2022-08-112023-06-13
1240Researching Xiaomi’s TEE to get to Chinese money Payment bypass Android Memory corruption Xiaomi Slava Makkaveev Bug Bounty2022-08-122023-06-13
1232How I earned a $7000 bug bounty from Grab (RCE Unique Bugs) RCE Android Grab ANDRI Bug Bounty2022-08-132023-06-13