Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2888Strange Admin Panel Bypass Story | | Bug Bounty Authentication bypass Account takeover NA Ranjeet Kumar Singh (@geekboyranjeet) Bug Bounty2021-01-172023-06-13
2887ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792 Insecure deeplink Information disclosure Android Google Apple Ashley King (@AshleyKingUK) Bug Bounty2021-01-172023-06-13
2886Let’s know How I have explored the buried secrets in React Native application Information disclosure Hardcoded credentials NA secureITmania (@secureitmania) Bug Bounty2021-01-182023-06-13
2885How I was rewarded a $1000 bounty after abusing File Upload functionality to Stored XSS Vulnerability leading to credential theft of a vistor in a website. Unrestricted file upload Stored XSS NA Kunal Khubchandani (@iamkun4l) Bug Bounty2021-01-182023-06-13
2883Simple & Sweet: Bypass email update restriction to change emails of team members Logic flaw Authorization flaw NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-01-192023-06-13
2882Open-redirect [in email] Open redirect NA Akhil Bug Bounty2021-01-192023-06-13
2881[Bug Bounty] 600$ Info Disclosure: obtain any user’s backup data Information disclosure IDOR NA Tommaso De Ponti Bug Bounty2021-01-192023-06-13
2880SSRF Exploitation in Libreoffice Spreadsheet File Converter SSRF NA R4id3n (@R4id3n__) Bug Bounty2021-01-212023-06-13
2879Story Behind Sweet SSRF. SSRF XSS NA Rohit Soni (@streetofhacker) Bug Bounty2021-01-212023-06-13
2878KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card RCE Amazon Yogev Bar-On Bug Bounty2021-01-212023-06-13
2877Staff Information Disclosure on Support Ticketing System ($x,xxx) Information disclosure NA Ph.Hitachi Bug Bounty2021-01-222023-06-13
2874The Secret Parameter, LFR, and Potential RCE in NodeJS Apps Local File Read RCE NA CaptainFreak (@0xCaptainFreak) Bug Bounty2021-01-232023-06-13
2872Sql Injection via hidden parameter SQL injection NA Rutvik Hajare (@HajareRutvik) Bug Bounty2021-01-242023-06-13
2871Bypassing WAF with incorrect proxy settings for Hunting Bugs. URL validation bypass NA Shaurya Sharma (@ShauryaSharma05) Bug Bounty2021-01-252023-06-13
2870IDOR Revealing Images CDN Links IDOR NA susan wagle Bug Bounty2021-01-252023-06-13
2869Chaining a self XSS to Account Takeover Self-XSS Reflected XSS Account takeover NA Arman Sameer (@ArmanSameer95) Bug Bounty2021-01-252023-06-13
2868Get paid by smuggling, the legal way HTTP Request Smuggling NA James Ling (@James_puppykok) Bug Bounty2021-01-252023-06-13
2867Leaking issues from linked Jira – Atlassian Confluence Server XS-Search Atlassian yeuchimse (@yeuchimse) Bug Bounty2021-01-252023-06-13
2865Finding SSRF BY Full Automation SSRF NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-01-272023-06-13
2864$500 For No Rate Limit On Forgot Password Page Lack of rate limiting Password reset NA BBHC (@community_bug) Bug Bounty2021-01-272023-06-13
2862Bragging Rights(Part 1): Short story of a bug wave IDOR Stored XSS SSRF Subdomain takeover Hardcoded credentials NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-01-272023-06-13
2861Weird functionality leads to Account Takeover (Millions of Users affected) Account takeover Authentication flaw NA Sahil Mehra (@nullr3x) Bug Bounty2021-01-272023-06-13
2859Business Logic Error Methodology (easy way) + PoC-s Logic flaw NA Vuk Ivanovic Bug Bounty2021-01-282023-06-13
2858OTP Bypass Account Takeover to Admin Panel — Ft. Header Injection OTP bypass Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2021-01-282023-06-13
2857Remote Code Execution – LimeSurvey (CVE-2018-7556) RCE NA yeuchimse (@yeuchimse) Bug Bounty2021-01-282023-06-13