Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3064Abusing %27Report Abuse%27 Logic flaw Authorization flaw NA Aseem Shrey (@AseemShrey) Bug Bounty2020-10-312023-06-13
3063How i got 7000$ in Bug-Bounty for my Critical Finding. Information disclosure NA Kishan Kumar / Noobie BoY (@hst_kishan) Bug Bounty2020-10-312023-06-13
3062An often overlooked Oauth misconfiguration. OAuth NA VipItHunter (@VipItHunter1) Bug Bounty2020-11-012023-06-13
3061Leaked .git folder leads to RCE .git folder disclosure RCE NA James Clee (@jtcsec) Bug Bounty2020-11-012023-06-13
3060Subdomain Takeover in Azure: making a PoC Subdomain takeover NA Diego Bernal Adelantado (@secfaults) Bug Bounty2020-11-012023-06-13
3059CVE-2020-13294 Authentication flaw OpenID Connect OAuth GitLab Lauritz Holtmann (@_lauritz_) Bug Bounty2020-11-012023-06-13
3057Forcing for a bounty$$ Authorization flaw NA Rafi Ahamed (Leonidas D. Ace) Bug Bounty2020-11-032023-06-13
3056From a 500 error to Django admin takeover Authorization bypass Account takeover NA Shashank (@cyberboyIndia) Bug Bounty2020-11-032023-06-13
3054How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day Information disclosure Brave Software sickcodes (@sickcodes) Bug Bounty2020-11-052023-06-13
3052Story of a Pre-Account Takeover Account takeover OAuth NA Kushal Dhakal (@dhakal0kushal) Bug Bounty2020-11-062023-06-13
3046Firefox for Android: LAN-Based Intent Triggering Insecure intent Android Mozilla initstring (@init_string) Bug Bounty2020-11-102023-06-13
3045Chaining password reset link poisoning, IDOR, and information leakage to achieve account takeover at api.redacted.com HTTP header injection NA Jadek Mark (@mase289) Bug Bounty2020-11-102023-06-13
3040Evernote: Universal-XSS, theft of all cookies from all sites, and more Universal XSS Evernote Oversecured (@OversecuredInc) Bug Bounty2020-11-122023-06-13
3039Evading Filters to perform the Arbitrary URL Redirection Attack Open redirect NA Harsh Bothra (@harshbothra_) Bug Bounty2020-11-122023-06-13
3036Interesting case of SQLi SQL injection NA Nikhil (niks) (@niksthehacker) Bug Bounty2020-11-132023-06-13
3034Smuggling an (Un)exploitable XSS HTTP Request Smuggling XSS NA Julien Ahrens (@MrTuxracer) Bug Bounty2020-11-132023-06-13
3032Theoretically Possible To Practical Account Takeover IDOR Account takeover NA Mukul Lohar (@ironfisto) Bug Bounty2020-11-142023-06-13
3031Account takeover through password reset Account takeover Password reset NA Omar Hamdy (@seaman00o) Bug Bounty2020-11-142023-06-13
3030SD-PWN Part 2 — Citrix SD-WAN Center — Another Network Takeover RCE Authentication bypass Path traversal OS command injection Local Privilege Escalation Citrix Systems Realmode Labs (@RealmodeLabs) Bug Bounty2020-11-152023-06-13
3029Exploiting API with AuthToken Token leak Information disclosure NA Rafi Ahamed (Leonidas D. Ace) Bug Bounty2020-11-152023-06-13
3028Weak Cryptography to Account Takeover’s Cryptographic issues Account takeover IDOR NA letmeslidein (@VasuYadaav) Bug Bounty2020-11-152023-06-13
3026Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data Information disclosure Broken access control IDOR SQL injection NA YoKo Kho (@YokoAcc) Bug Bounty2020-11-152023-06-13
3025RCE via Server-Side Template Injection SSTI RCE NA Gaurav Mishra (@gmishra010) Bug Bounty2020-11-152023-06-13
3024Pentest-Story: Empirum password decryption Weak crypto Reverse engineering Matrix42 evait security GmbH (@evait_security) Bug Bounty2020-11-162023-06-13
3023Stealing User’s PII info by visiting API endpoint directly Information disclosure Logic flaw NA Kunal pandey (@kunalp94) Bug Bounty2020-11-162023-06-13