Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2982Story of the best vulnerability I’ve found so far… Self-XSS Blind XSS Account takeover NA Vedant Tekale (@_justYnot) Bug Bounty2020-12-072023-06-13
2981"Important, Spoofing" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams RCE Stored XSS CSP bypass CSTI Microsoft Oskars Vegeris Bug Bounty2020-12-072023-06-13
2977Hacking — Tamper with the URL Parameters, especially if they modify the page HTTP parameter pollution NA Jack Bug Bounty2020-12-092023-06-13
2976Content-Security-Policy Bypass to perform XSS using MIME sniffing XSS CSP bypass NA Kleiton Kurti (@kleiton0x7e) Bug Bounty2020-12-102023-06-13
2973Exploiting new-era of Request forgery on mobile applications CSRF Account takeover Pinterest Sayed Abdelhafiz (@dPhoeniixx) Bug Bounty2020-12-112023-06-13
2972How I dumped PII information of customers in an ecommerce site? AWS misconfiguration NA Rikesh Baniya / NotRickyy (@rikeshbaniya) Bug Bounty2020-12-112023-06-13
2971How i got my First Bug Bounty in Intersting Target (LFI to SXSS) LFI Stored XSS NA Ph.Hitachi Bug Bounty2020-12-112023-06-13
2969Security Study of Service Worker Cross-Site Scripting. XSS Service worker based XSS NA Phakpoom Chinprutthiwong Bug Bounty2020-12-112023-06-13
2967Disclosing the members of private Facebook Group as a non-member. Authorization flaw Logic flaw Meta / Facebook Baibhav Anand (@SpongeBhav) Bug Bounty2020-12-152023-06-13
2966Download Filename Manipulation due to improper rendering of RTLO characters RTLO NA Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2020-12-152023-06-13
2964JavaScript analysis leading to Admin portal access Authorization flaw Broken Access Control NA Rikesh Baniya / NotRickyy (@rikeshbaniya) Bug Bounty2020-12-162023-06-13
2962D-Link: Multiple Security Vulnerabilities Leading to RCE RCE Authentication bypass Information disclosure D-Link Harold Zang Bug Bounty2020-12-172023-06-13
2960My Bug Bounty Journey and My First Critical Bug — Time Based Blind SQL Injection SQL injection NA Marx Chryz Bug Bounty2020-12-172023-06-13
2959Misconfigured s3 bucket leads to Sensitive Data exposure(No super controls ) AWS misconfiguration NA Virdoexhunter Bug Bounty2020-12-182023-06-13
2956Worth $1,500 IDOR (Access Unauthorize Data) IDOR NA Muhammad Asim Shahzad (@protector47) Bug Bounty2020-12-202023-06-13
2955Facebook bug Bounty -Finding the hidden members of the private events. Information disclosure Logic flaw Meta / Facebook Vivek ps (@vivekps143) Bug Bounty2020-12-202023-06-13
2952Hack crypto secrets from heap memory to exploit Android application Cryptographic issues NA secureITmania (@secureitmania) Bug Bounty2020-12-222023-06-13
2951Cookie Tossing to RCE on Google Cloud JupyterLab Self-XSS DoS CSRF RCE Google s1r1us (@s1r1u5_) Bug Bounty2020-12-232023-06-13
2950Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge Prototype pollution Node.js third-party modules Eugene Lim (@spaceraccoonsec) Bug Bounty2020-12-232023-06-13
2948EN | Account Takeover via Web Cache Poisoning based Reflected XSS Reflected XSS Web cache poisoning Account takeover NA Lütfü Mert Ceylan (@lutfumertceylan) Bug Bounty2020-12-262023-06-13
2945Chaining CORS by Reflected xss to Account takeover #My first Blog CORS misconfiguration Reflected XSS Account takeover NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2020-12-262023-06-13
2944Regular expression injection, a code review low hanging fruit ReDoS NA Dominic (@dee__see) Bug Bounty2020-12-272023-06-13
2940Sensitive data leak using IDOR in integration service IDOR NA Ronak Patel (@ronak_9889) Bug Bounty2020-12-292023-06-13
2939Cache-Key Normalization - What could go wrong? Web cache poisoning DoS NA Youstin (@iustinBB) Bug Bounty2020-12-292023-06-13
2935Cross Domain Referrer Leakage Cross-Domain Referrer Leakage NA Mohsinalibukc Bug Bounty2020-12-312023-06-13