Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3147Cross-tenant Cloud Function compromise via storage bucket squatting Cross-tenant vulnerability Google Anthony Weems Bug Bounty2020-09-202023-06-13
3146How I By-pass the login page and 2FA authentication….. Authentication bypass OTP bypass MFA bypass NA Harsh Bug Bounty2020-09-202023-06-13
3144How I earned $500 from Google - Flaw in Authentication Authentication flaw Google Hemant Patidar (@HemantSolo) Bug Bounty2020-09-202023-06-13
3143Unauthenticated File upload Vulnerability on Synology Sub-domain Unrestricted file upload Synology Touhid Shaikh Bug Bounty2020-09-202023-06-13
3142suPHP - The vulnerable ghost in your shell Local Privilege Escalation NA Maxime (@punkeel) Bug Bounty2020-09-212023-06-13
3141suPHP - The vulnerable ghost in your shell🎯Business Logic Flaw in Google Acquisition! (Hall Of Fame)🎯 Logic flaw Google Ritesh Gohil (@RiteshG37659480) Bug Bounty2020-09-212023-06-13
3140Fun with Header and Forget Password HTTP header injection NA Vuk Ivanovic Bug Bounty2020-09-222023-06-13
3139#Bugbounty- “How I was able to see other users Payments in a travel application” — IDOR #800$ IDOR Information disclosure NA ganiganesh (@ganiganeshss79) Bug Bounty2020-09-222023-06-13
3137Dangling DNS: AWS EC2 Dangling DNS records Subdomain takeover NA Mohamed Elbadry (@_melbadry9) Bug Bounty2020-09-242023-06-13
3136PII Leakage via IDOR + Weak PasswordReset = Full Account Takeover IDOR Information disclosure NA Pradeep Kumar (@Killer007p) Bug Bounty2020-09-252023-06-13
3134Parameter Tampering ₹→$ Parameter tampering NA SuneetSingh Bug Bounty2020-09-262023-06-13
3133Hacking the Medium partner program Logic flaw Medium Mohammad-Ali Bandzar Bug Bounty2020-09-262023-06-13
3132Chains on Chains: Chaining multiple low-level vulns into a Critical. Blind XSS CSP bypass Lack of rate limiting Exposed JWT generation endpoint JWT NA Daniel Marte (@Masonhck3571) Bug Bounty2020-09-262023-06-13
31315 Ways to do Account Takeover in a Single Website Account takeover Lack of rate limiting OTP bypass IDOR OAuth JWT NA letmeslidein (@VasuYadaav) Bug Bounty2020-09-272023-06-13
3130P1: Critical - Discovering and Foiling a Threat Actor Information disclosure NA Jackson Henry (@JacksonHHax) Bug Bounty2020-09-272023-06-13
3129Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call Account takeover NA Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2020-09-282023-06-13
3126RCE on Spip and Root-Me RCE SQL injection XSS Open redirect Reflected file download SPIP Laluka (@TheLaluka) Bug Bounty2020-09-292023-06-13
3123The Powerful HTTP Request Smuggling 💪 HTTP Request Smuggling NA Ricardo Iramar dos Santos (@ricardo_iramar) Bug Bounty2020-10-012023-06-13
3120Exploiting Payment Gateways Payment tampering NA letmeslidein (@VasuYadaav) Bug Bounty2020-10-032023-06-13
3119Spend more time doing recon, you’ll find more BUGS. Reflected XSS Information disclosure NA Vedant Tekale (@_justYnot) Bug Bounty2020-10-032023-06-13
3118Leveraging LFI to RCE in a website with +20000 users LFI RCE NA Kleiton Kurti (@kleiton0x7e) Bug Bounty2020-10-042023-06-13
3116Watch your requests! Open redirect to a complete account takeover Path traversal Open redirect SSRF Account takeover NA Suraj Disoja (@ninetyn1ne_) Bug Bounty2020-10-052023-06-13
3107ATO via Host Header Poisoning Host header injection Account takeover Password reset NA Shivam Kamboj Dattana (@sechunt3r) Bug Bounty2020-10-082023-06-13
3106Exploiting Admin Panel Like a Boss Authorization bypass Weak credentials NA Shivam Kamboj Dattana (@sechunt3r) Bug Bounty2020-10-082023-06-13
3105CVE-2018–5230 | JIRA Cross Site Scripting Reflected XSS NA Paras Arora (@parasarora06) Bug Bounty2020-10-092023-06-13