Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2148500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻 OTP bypass Account takeover Password reset NA Gowtham_Naidu (@NaiduPonnana) Bug Bounty2021-10-132023-06-13
2053Account Takeover in $Million Company? Account takeover Password reset Fastmail 0xGodson (@0xGodson_) Bug Bounty2021-11-242023-06-13
2000Zero Click To Account Takeover Account takeover Password reset NA M7.Arman (@ArmanSecurity) Bug Bounty2021-12-142023-06-13
1945P5 to P1: Interesting Account Takeover Account takeover Session expiration issue Password reset NA Tushar Sharma (@tusharSharma_0) Bug Bounty2022-01-032023-06-13
1941thisclosed_#1 - Full Account Takeover of ANY user via Insecure Direct Object Reference (IDOR) on reset password functionality IDOR Password reset Account takeover NA Samuele Gugliotta (@indevi0us) Bug Bounty2022-01-042023-06-13
1932Host Header Injection Lead To Account Takeovers Host header injection Password reset Account takeover NA M7.Arman (@ArmanSecurity) Bug Bounty2022-01-092023-06-13
1864IDOR vulnerability on invoice and weak password reset leads to account take over IDOR Password reset Account takeover Payment tampering Logic flaw NA Damaidec Bug Bounty2022-02-012023-06-13
1825A tale of 0-Click Account Takeover and 2FA Bypass. Account takeover Password reset MFA bypass NA Firas Fatnassi (@Fatnass1F1ras) Bug Bounty2022-02-122023-06-13
1774Password Reset to Admin Access Account takeover Authentication bypass Password reset NA Jesse Clark (@Hogarth45_) Bug Bounty2022-03-012023-06-13
1749Rate Limit Bypass at Readme.com Lack of rate limiting Password reset Readme.com Girishbo Bug Bounty2022-03-112023-06-13
1627Bypass Rate Limit — A blank space leads to this random encounter! Password reset Rate limiting bypass NA Roxst4r (@mveswar98) Bug Bounty2022-04-142023-06-13
1602How I Bypassed 2FA while Resetting Password MFA bypass Password reset NA Sufiyan Gouri (@gouri_sufyan) Bug Bounty2022-04-232023-06-13
1569Its all about 2fa bypass, or Account Takeover Password reset Account takeover OTP bypass NA anjaneyulu kanakatla Bug Bounty2022-05-082023-06-13
1540Gaining access through error-based SQLi using WebSockets SQL injection Websockets Password reset NA Bitcrack (@bitcrack_cyber) Bug Bounty2022-01-122023-06-13
1405Admin account takeover via weird Password Reset Functionality Account takeover Authentication bypass Password reset NA Mahmoud Youssef (@0xmahmoudjo0) Bug Bounty2022-07-022023-06-13
1402($$$) Origin ip to account takeover WAF bypass Password reset Host header injection Account takeover NA Hemant Kumar Bug Bounty2022-07-022023-06-13
1236UN United Nations Host Header Injection leads to any Full Account Takeover (ATO) Host header injection Password reset Account takeover United Nations Ahmed Hassan Bug Bounty2022-08-132023-06-13
1219We discovered major vulnerabilities in Control Web Panel. Here’s how we found them. Path traversal RCE Weak crypto Password reset Account takeover Centos Web Panel (CWP) Immersive Labs (@immersivelabs) Bug Bounty2022-08-152023-06-13
1199Account takeover worth $1000 Account takeover Authentication bypass Information disclosure Password reset NA Faique (@imfaiqu3) Bug Bounty2022-08-192023-06-13
1067Android Application Forgot Password Token Leakage Leading to Account Takeover Information disclosure Password reset Account takeover Android NA Cyberali Bug Bounty2022-09-192023-06-13
1003Bugcrowd — Tale of multiple misconfigurations!! ❌ Account takeover OAuth OTP bypass Password reset NA Vaibhav Lakhani Bug Bounty2022-10-042023-06-13
975In GUID We Trust IDOR Password reset Race condition Account takeover NA Daniel Thatcher (@_danielthatcher) Bug Bounty2022-10-112023-06-13
894AWS SSRF to Root on production instance — A bug worth 1.75Lacs SSRF RCE Password reset NA Avinash Jain (@logicbomb_1) Bug Bounty2022-10-272023-06-13
604“2022: A Year of Fascinating Discoveries” CSRF SSRF Blind XSS Password reset Hyperlink injection IDOR Weak credentials AWS misconfiguration NA dhakal_bibek (@dhakal__bibek) Bug Bounty2023-01-092023-06-13
540Ransacking your password reset tokens Account takeover Password reset Bruteforce Ransack library Lukas Euler Bug Bounty2023-01-262023-06-13