Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1201Amazon Quickly Fixed A Vulnerability In Ring Android App That Could Expose Users’ Camera Recordings XSS iOS Android Amazon David Sopas (@dsopas) Bug Bounty2022-08-182023-06-13
1177Chaining Telegram bugs to steal session-related files. Arbitrary file read Android Telegram Sayed Abdelhafiz (@dPhoeniixx) Bug Bounty2022-08-252023-06-13
1149Vulnerability in TikTok Android app could lead to one-click account hijacking Insecure deeplink Android TikTok Microsoft 365 Defender Research Team Bug Bounty2022-08-312023-06-13
1093Contentful Access Token Disclosure in Android APK Information disclosure Android NA Cyberali Bug Bounty2022-09-122023-06-13
1083Attacking the Android kernel using the Qualcomm TrustZone Memory corruption Qalcomm Google Tamir Zahavi-Brunner (@tamir_zb) Bug Bounty2022-09-142023-06-13
1067Android Application Forgot Password Token Leakage Leading to Account Takeover Information disclosure Password reset Account takeover Android NA Cyberali Bug Bounty2022-09-192023-06-13
1043Arbitrary File Corruption: End - to - End Encrypted Messaging Application Insecure intent Android NA Neil Mark Ochea (@nmochea) Bug Bounty2022-09-232023-06-13
1034Shopping App Deeplink Arbitrary URLs Insecure deeplink Android NA Neil Mark Ochea (@nmochea) Bug Bounty2022-09-252023-06-13
1026From nothing to AWS credentials SSRF NA (@darkandroider) Bug Bounty2022-09-272023-06-13
983Gcash Vulnerability Walkthrough Android Insecure deeplink Insecure intent Gcash Neil Mark Ochea (@nmochea) Bug Bounty2022-10-102023-06-13
980[Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I] Broken Access Control Android NA Abdelhak Kharroubi Bug Bounty2022-10-102023-06-13
937Scan QR Code and Got Hacked (CVE-2021–43530 : UXSS on Firefox Android Version) Universal XSS Android Mozilla hafiizh Bug Bounty2022-10-192023-06-13
846Accidental $70k Google Pixel Lock Screen Bypass Lock screen bypass Authentication bypass Android Google David Schütz (@xdavidhu) Bug Bounty2022-11-102023-06-13
843Discovering vendor-specific vulnerabilities in Android Android Samsung Google Oversecured (@OversecuredInc) Bug Bounty2022-11-102023-06-13
801Hacking Smartwatches for Spear Phishing IoT Phishing Android NA Cybervelia (@cybervelia) Bug Bounty2022-11-202023-06-13
787Account Takeover in KAYAK Account takeover Android Insecure deeplink KAYAK Carlos Bello Bug Bounty2022-11-232023-06-13
773WebView XSS, account takeover Webview XSS Android Account takeover Improper Export of Android Application Components NA shafou Bug Bounty2022-11-262023-06-13
771[Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application Android Hardcoded credentials IDOR NA Abdelhak Kharroubi Bug Bounty2022-11-262023-06-13
769Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames IDOR Broken Access Control Android IoT Ourphoto Nick M (@1oopho1e) Bug Bounty2022-11-262023-06-13
764Multiple Vulnerabilities found in Airtel Android Application Arbitrary Code Execution URL validation bypass Symlink attack XSS Android Webview Airtel Google Gaurang Bhatnagar (@hax0rgb) Bug Bounty2022-11-272023-06-13
734Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys Android Hardcoded credentials Client-side encryption bypass NA Aditya Dixit (@zombie007o) Bug Bounty2022-12-032023-06-13
713Public Report – VPN by Google One Security Assessment Android iOS DoS Windows MacoS Local Privilege Escalation Google Daniel Romero (@daniel_rome) Bug Bounty2022-12-092023-06-13
6640 click Facebook Account Takeover and Two-Factor Authentication Bypass Authentication bypass GraphQL Account takeover Android MFA bypass Meta / Facebook abdellah yaala (@yaalaab) Bug Bounty2022-12-212023-06-13
563Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434) Android Insecure intent Insecure deeplink URL validation bypass Samsung Ken Gannon (@Yogehi) Bug Bounty2023-01-202023-06-13
539How I Found My First Bug in Android App Android Authentication bypass Insecure intent NA Barath Stalin Bug Bounty2023-01-262023-06-13