Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1013Security vs Compliance-Cloudflare Password Policy Restriction Bypass Client-side enforcement of server-side security Cloudflare Lohith Gowda M (@lohigowda_in) Bug Bounty2022-09-292023-06-13
999Appsmith Patches Full-Read SSRF Vulnerabilities Reported by CloudSEK SSRF Appsmith Sparsh Kulshrestha (@d0tdotslash) Bug Bounty2022-10-052023-06-13
942The Danger of Falling to System Role in AWS SDK Client Cloud Privilege escalation Security misconfiguration NA Fracensco Lacerenza (@lacerenza_fra) Bug Bounty2022-10-182023-06-13
815MEGA’s Unlimited Cloud Storage Vulnerability Logic flaw Privilege escalation MEGA Nirmal Dahal (@TheNittam) Bug Bounty2022-11-172023-06-13
809SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover Account takeover Azure AD Cloud Microsoft Tomer Nahum (@TomerNahum1) Bug Bounty2022-11-182023-06-13
797A Confused Deputy Vulnerability in AWS AppSync Confused deputy Cloud Privilege escalation AWS Nick Frichette (@frichette_n) Bug Bounty2022-11-212023-06-13
749Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access Cloud SQL injection Privilege escalation Information disclosure IBM Ronen Shustin (@ronenshh) Bug Bounty2022-12-012023-06-13
717{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF WAF bypass SQL injection Palo Alto Networks AWS Cloudflare F5 Imperva Noam Moshe Bug Bounty2022-12-082023-06-13
699AWS ECR Public Vulnerability Cloud Privilege escalation Broken Access Control AWS Gafnit Amiga (@gafnitav) Bug Bounty2022-12-132023-06-13
663Passwordless Persistence and Privilege Escalation in Azure Privilege escalation Cloud Azure AD Microsoft Andy Robbins (@_wald0) Bug Bounty2022-12-212023-06-13
659ACSESSED: Cross-tenant network bypass in Azure Cognitive Search Cloud Cross-tenant vulnerability Privilege escalation Microsoft (Azure) Emilien Socchi (@emiliensocchi) Bug Bounty2022-12-222023-06-13
655CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF? CRLF injection NA Proviesec (@proviesec) Bug Bounty2022-12-242023-06-13
614Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability CORS misconfiguration Google Borna Nematzadeh (@LogicalHunter) Bug Bounty2023-01-062023-06-13
598Client-Side SSRF to Google Cloud Project Takeover [Google VRP] SSRF CSRF Open redirect Google Dohyun Lee Bug Bounty2023-01-122023-06-13
596SSH key injection in Google Cloud Compute Engine [Google VRP] OS command injection RCE Google Sivanesh Ashok (@sivaneshashok) Bug Bounty2023-01-122023-06-13
594Bypassing authorization in Google Cloud Workstations [Google VRP] Account takeover OAuth URL validation bypass Google Sivanesh Ashok (@sivaneshashok) Bug Bounty2023-01-132023-06-13
590XSS using postMessage in Google Cloud Theia notebooks [Google VRP] XSS postMessage Google Sreeram KL (@kl_sree) Bug Bounty2023-01-152023-06-13
582AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass Cloud Logic flaw CloudTrail bypass AWS Nick Frichette (@frichette_n) Bug Bounty2023-01-172023-06-13
580How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services SSRF Cloud Microsoft (Azure) Lidor Ben Shitrit Bug Bounty2023-01-172023-06-13
569EmojiDeploy: Smile! Your Azure web service just got RCE’d ._. RCE Cloud CSRF CORS misconfiguration Microsoft (Azure) Liv Matan (@terminatorLM) Bug Bounty2023-01-192023-06-13
558Bypassing Cloudflare WAF: XSS via SQL Injection Reflected XSS SQL injection WAF bypass NA Uku Sõrmus Bug Bounty2023-01-212023-06-13
555How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon] Information disclosure Google Orwa Atyat (@GodfatherOrwa) Bug Bounty2023-01-222023-06-13
501Azure security — Internal recon leveraging lack of access control Azure AD Cloud Security misconfiguration Privilege escalation Microsoft (Azure) Molx32 Bug Bounty2023-02-022023-06-13
476Azure Ad Kerberos Tickets: Pivoting To The Cloud Active Directory Cloud Lateral movement NA Edwin David Bug Bounty2023-02-092023-06-13
449Assumed Breach Assessment Case Study: Uncovering WeSecureApp’s Approach Internal pentest Missing authentication Hardcoded credentials Cloud NA WeSecureApp (@wesecureapp) Bug Bounty2023-02-142023-06-13