Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
868Case of Admin Bypass for RCE, XSS, and Information Disclosure RCE Unrestricted file upload Stored XSS Information disclosure NA Sam Paredes (@caffeinevulns) Bug Bounty2022-11-032023-06-13
867How I hacked into a Cambridge’s server and got appreciation letter. Unrestricted file upload RCE Cambridge Prathamrajgor Bug Bounty2022-11-042023-06-13
864PENTEST TALES: EXIF Data Manipulation Unrestricted file upload Stored XSS NA Armand Jasharaj Bug Bounty2022-11-052023-06-13
808Remote Command Execution in a Bank Server RCE Arbitrary file read Unrestricted file upload NA Bipin Jitiya (@win3zz) Bug Bounty2022-11-182023-06-13
755Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 Unrestricted file upload Security code review RCE Rocket Software Mehdi Elyassa Bug Bounty2022-11-302023-06-13
702Not usual CSP bypass case Unrestricted file upload XSS CSP bypass NA Karol Mazurek Bug Bounty2022-12-122023-06-13
648How I found multiple critical bugs in Red Bull Authentication bypass HTTP response manipulation Path traversal LFI XSS SQL injection RCE Unrestricted file upload RFI Security code review Red Bull Bartłomiej Bergier (@_bergee_) Bug Bounty2022-12-262023-06-13
616PandoraFMS - Pre-Auth Remote Code Execution RCE Path traversal Arbitrary file upload LFI Security code review PandoraFMS esj4y (@esj4y) Bug Bounty2023-01-062023-06-13
609Uploading the Webshell using filename of Content-Disposition Header Story! Unrestricted file upload Arbitrary file write NA Yashar Mohagheghi Bug Bounty2023-01-092023-06-13
607Lexmark MC3224adwe RCE exploit RCE SSRF Printer hacking Unrestricted file upload Local Privilege Escalation Lexmark blasty (@bl4sty) Bug Bounty2023-01-092023-06-13
585CVE-2022-21587 (Oracle E-Business Suite Unauthenticated RCE) RCE Unrestricted file upload Zip Slip attack Oracle @vudq16 Bug Bounty2023-01-162023-06-13
511CentreStack Disclosure Authentication bypass Password reset Unrestricted file upload RCE Gladinet (CentreStack) Michael Rand Bug Bounty2023-02-022023-06-13
469Disabling js for the win Unrestricted file upload RCE NA Vuk Ivanovic Bug Bounty2023-02-102023-06-13
461Zip bomb attack Zip bomb DoS Unrestricted file upload NA Ramkumar Nadar Bug Bounty2023-02-122023-06-13
390The Tale of a Command Injection by Changing the Logo RCE OS command injection Unrestricted file upload Directory listing HTTP response manipulation NA 0xrz (@omidxrz) Bug Bounty2023-02-262023-06-13
239Bug Bounty: como encontrei o bug Unrestricted File Upload Unrestricted file upload NA Paulo Mota Bug Bounty2023-04-022023-06-13
217SQL Wildcard DoS - Hang Till Death DoS File upload NA Jerry Shah (@Jerry) Bug Bounty2023-04-082023-06-13
204How ChatGPT helped me find a bug XSS File upload NA Abhishekgk Bug Bounty2023-04-112023-06-13
160Vocera Report Server Pwnage RCE Arbitrary file upload Path traversal Zip Slip attack Stryker b0yd (@rwincey) Bug Bounty2023-04-242023-06-13
143Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera RCE Unrestricted file upload Path traversal Security code review Oracle (Opera) Shubham Shah (@infosec_au) Bug Bounty2023-04-302023-06-13
138Apache Solr 8.3.1 RCE from exposed administration interface RCE Unrestricted file upload XSLT injection Path traversal Apache Solr Nicolas Brunner Bug Bounty2023-05-012023-06-13
123When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities SSRF Unrestricted file upload Path traversal Cloud Microsoft (Azure) Liv Matan (@terminatorLM) Bug Bounty2023-05-042023-06-13
114How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain RCE Unrestricted file upload Stored XSS Information disclosure Directory listing NA Aayush Vishnoi (@AayushVishnoi10) Bug Bounty2023-05-072023-06-13
110A deep-dive on Pluck CMS vulnerability CVE-2023-25828 Unrestricted file upload RCE Security code review Pluck CMS Matthew Hogg Bug Bounty2023-05-082023-06-13
40Kramer VIA GO² – Multiple issues RCE SQL injection Arbitrary file upload Arbitrary file read Kramer Jim Rush (@JimSRush) Bug Bounty2023-05-312023-06-13