Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2811Changing other users Episode title & description - IDOR Vulnerability in [REDACTED] (Write Up) IDOR NA Evan Ricafort (@evanricafort) Bug Bounty2021-02-132023-06-13
2810How I Hacked Everyone’s Resume/CV’s and Got €€€ IDOR Authorization flaw Information disclosure NA Vishal Bharad Bug Bounty2021-02-142023-06-13
2809IDOR via Websockets allow me to takeover any users account IDOR NA Mohsin Khan (@tabaahi_) Bug Bounty2021-02-142023-06-13
2808My first bounty (stored-xss) Stored XSS NA Karan sharma (@karansh491) Bug Bounty2021-02-142023-06-13
2807Stored XSS in icloud.com — $5000 Stored XSS NA Vishal Bharad Bug Bounty2021-02-142023-06-13
2802Full account takeover worth $1000 Think out of the box Account takeover CSRF IDOR NA Mohsin Khan (@tabaahi_) Bug Bounty2021-02-152023-06-13
2799SHAREit Flaw Could Lead to Remote Code Execution Android RCE MiTM Man-in-the-Disk attack Insecure intent Vulnerable Android content provider SHAREit Echo Duan Bug Bounty2021-02-152023-06-13
2798Sub-domain Takeover on api.techprep.fb.com (AWS Elastic Beanstalk)! Subdomain takeover Meta / Facebook Binit Ghimire (@WHOISbinit) Bug Bounty2021-02-162023-06-13
2796Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story) Configuration file injection RCE Google Imre Rad (@ImreRad) Bug Bounty2021-02-162023-06-13
2795From AWS S3 Misconfiguration to Sensitive Data Exposure AWS misconfiguration NA Jadek Mark (@mase289) Bug Bounty2021-02-172023-06-13
2794Story of a very lethal IDOR. XSS IDOR Account takeover NA Vedant Tekale (@_justYnot) Bug Bounty2021-02-172023-06-13
2782Account Take Over by Response Manipulation Authentication bypass Account takeover NA Naveen J (@thevillagehackr) Bug Bounty2021-02-172023-06-13
2779Account Takeover via Response Manipulation worth 1800$.. Authentication bypass OTP bypass Account takeover NA Ashutosh mishra (@ashutoshmish_ra) Bug Bounty2021-02-202023-06-13
2778Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli Race condition Lack of rate limiting OTP bypass SQL injection NA Yasser Mohammed (@boomneroli) Bug Bounty2021-02-202023-06-13
2777RCE On A Laravel Private Program RCE NA Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2021-02-202023-06-13
2776Let’s know How I have explored the buried secrets in Xamarin application Hardcoded API keys Information disclosure NA secureITmania (@secureitmania) Bug Bounty2021-02-212023-06-13
2775Web Cache Poisoning to Account Takeover Web cache poisoning Account takeover NA Josh Fam (@Pullerze) Bug Bounty2021-02-212023-06-13
2773CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux Unencrypted storage Keybase John Jackson (@johnjhacking) Bug Bounty2021-02-222023-06-13
2772Security and Privacy of Social Logins (II): PostMessage Security in Single Sign-On DOM XSS postMessage DOM XSS SAP The New York Times CNET Louis Jannett (@iphoneintosh) Bug Bounty2021-02-222023-06-13
2771CSRF through URL with # tag parameter CSRF NA Tommysuriel Bug Bounty2021-02-252023-06-13
2769Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough Web cache poisoning Stored XSS NA Gal Nagli (@naglinagli) Bug Bounty2021-02-252023-06-13
2768Stealing user passwords through a VPN’s SSO Open redirect SSTI NA Alain Mowat (@plopz0r) Bug Bounty2021-02-252023-06-13
2767Password Reset Token Leak via X-Forwarded-Host Host header injection Account takeover Password reset NA Saajan Bhujel (@saajanbhujel) Bug Bounty2021-02-262023-06-13
2766Account Takeover - Smoking with null’ Account takeover Authentication flaw NA Jerry Shah (@Jerry) Bug Bounty2021-02-262023-06-13
2764IDOR which allowed me to view Personal Email Addresses of More than 50K Users! IDOR Password reset NA Savir Suda (@savxiety) Bug Bounty2021-02-262023-06-13