Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3019Tale of 3 vulnerabilities to account takeover! SSRF Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2020-11-172023-06-13
3018Server Side Misconfigurartion - A Funny Fix Information disclosure Basecamp Jerry Shah (@Jerry) Bug Bounty2020-11-182023-06-13
3016Out of Band XXE in an E-commerce IOS app XXE NA Gaurang Bhatnagar (@0xgaurang) Bug Bounty2020-11-192023-06-13
3014Bypassing the Redirect filters with 7 ways Open redirect OAuth NA ElMahdi Mrhassel (@ElMrhassel) Bug Bounty2020-11-192023-06-13
3013Exploiting dynamic rendering engines to take control of web apps SSRF Open redirect NA Vasilii Ermilov (@ermil0v) Bug Bounty2020-11-192023-06-13
3012Turning Blind Error Based SQL Injection into Exploitable Boolean One SQL injection NA Ozgur Alp (@ozgur_bbh) Bug Bounty2020-11-212023-06-13
3010Weird (im)possible XSS on error page Reflected XSS NA Rody Shahnazarian (@Komradz86) Bug Bounty2020-11-212023-06-13
3009Escalating XSS to Account Takeover Reflected XSS Account takeover NA Aditya Verma (@0cirius0) Bug Bounty2020-11-222023-06-13
3007SD-PWN — Part 3 — Cisco vManage — Another Day, Another Network Takeover RCE SSRF Arbitrary file write Path traversal OS command injection Local Privilege Escalation Cisco Realmode Labs (@RealmodeLabs) Bug Bounty2020-11-232023-06-13
3006Reflected Cross Site Scripting on REDACTED Program (Bounty: 750$) Reflected XSS NA can1337 (@canmustdie) Bug Bounty2020-11-232023-06-13
3004SD-PWN Part 4 — VMware VeloCloud — The Last Takeover RCE Authentication bypass Default credentials SQL injection Path traversal LFI VMware Realmode Labs (@RealmodeLabs) Bug Bounty2020-11-262023-06-13
3003Pre-Account Takeover using OAuth Misconfiguration OAuth NA the_unluck_guy (@7he_unlucky_guy) Bug Bounty2020-11-262023-06-13
3002How i got easy $$$ for SQL Injection Bug SQL injection NA Rafi Andhika Galuh Bug Bounty2020-11-262023-06-13
3001The Story of my first critical bug SQL injection NA Shellbr3ak (@0xShellbr3ak) Bug Bounty2020-11-292023-06-13
3000Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB Information disclosure Account takeover NA DarkLotus (@darklotuskdb) Bug Bounty2020-11-292023-06-13
2999Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities Rate limiting bypass NA Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2020-11-292023-06-13
2998WonderCMS 3.1.3 - Authenticated RCE & Blind SSRF Vulnerability Blind SSRF RCE WonderCMS Mas Zet (@zetc0de) Bug Bounty2020-11-292023-06-13
2996Exploiting Blind Postgresql Injection And Exfiltrating Data In Psycopg2 SQL injection NA Shawar Khan (@ShawarkOFFICIAL) Bug Bounty2020-11-302023-06-13
2995Chaining vulnerabilities lead to account takeover Account takeover Password reset Open redirect Lack of rate limiting NA Ahmed (@ahzsec) Bug Bounty2020-12-012023-06-13
2994An iOS zero-click radio proximity exploit odyssey iOS Memory corruption Buffer Overflow Apple Ian Beer (@i41nbeer) Bug Bounty2020-12-012023-06-13
2992SSTI to Local File Read SSTI LFI NA Demon (@R29k_) Bug Bounty2020-12-022023-06-13
2989Cross Site Scripting (XSS) Reflected in one of the subdomains of “General Motors”(Bugbounty) Reflected XSS General Motors - Bug Bounty2020-12-032023-06-13
2988Leaking Credit card Activity in logs? Yes Sir! Information disclosure NA Rody Shahnazarian (@Komradz86) Bug Bounty2020-12-032023-06-13
2984RCE via LFI Log Poisoning - The Death Potion RCE LFI Log poisoning NA Jerry Shah (@Jerry) Bug Bounty2020-12-062023-06-13
2983[CVE-2019-17674 & CVE-2020-11025] Stored XSS through navigation menu item edited in Customizer in Wordpress (Write Up) Stored XSS WordPress Evan Ricafort (@evanricafort) Bug Bounty2020-12-062023-06-13