Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2763CVE-2020–13956 Blind SSRF URL parsing issue Apache HttpClient Priyank (@Rev_Octo) Bug Bounty2021-02-262023-06-13
2762Somebody Call The Plumber, GraphQL is Leaking Again… Information disclosure GraphQL NA N0ur5 Bug Bounty2021-02-272023-06-13
2761Story About Stop 10000+ users to get Their job notification Logic flaw NA PJBorah Bug Bounty2021-02-272023-06-13
2760Host MITM attack via IPv6 rogue router advertisements (K8S CVE-2020-10749 / Docker CVE-2020-13401 / LXD / WSL2 / ...) MiTM Kubernetes Etienne Champetier / champtar Bug Bounty2021-02-282023-06-13
2759Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554) MiTM Kubernetes Etienne Champetier / champtar Bug Bounty2021-02-282023-06-13
2758Any Account Takeover Through Privilege Escalation Privilege escalation Account takeover NA Shubham Chaskar (@chaskar_shubham) Bug Bounty2021-02-282023-06-13
2757Somebody Call The Plumber, GraphQL is Leaking Again… Information disclosure GraphQL NA N0ur5 Bug Bounty2021-02-282023-06-13
2755Bragging Rights: Killing File Uploads softly Unrestricted file upload Stored XSS NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-02-282023-06-13
2754Admin Panel Accessed Via SQL Injection… (Ezy Boooom…😅) SQL injection NA Ratnadip Gajbhiye (@scspcommunity) Bug Bounty2021-02-282023-06-13
2753Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape RCE NA Alex Chapman (@ajxchapman) Bug Bounty2021-02-282023-06-13
2752SSRF to fetch AWS credentials with full access to multiple services SSRF NA Zonduhackerone (@zonduu1) Bug Bounty2021-02-282023-06-13
2751RocketChat - Unauthenticated access to messages Authorization flaw Rocket.Chat Rojan Rijal (@uraniumhacker) Bug Bounty2021-03-012023-06-13
2749Secret Key Exposure in API Config Directory Information disclosure NA Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2021-03-012023-06-13
2748Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure CORS misconfiguration Information disclosure NA Harsh Parekh (@notmarshmllow) Bug Bounty2021-03-012023-06-13
2747GKE Autopilot Node Compromise via local-storage PersistentVolume Container escape Google Anthony Weems Bug Bounty2021-03-012023-06-13
2746Microsoft Edge Browser For IOS - Address Bar Spoofing Vulnerability Address Bar Spoofing Microsoft Rafay Baloch (@rafaybaloch) Bug Bounty2021-03-022023-06-13
2740Leveraging Template injection to takeover an account. CSTI XSS NA Akash Methani (@0xAkash) Bug Bounty2021-03-042023-06-13
2739GKE Autopilot Node Compromise via startup-script Container escape Google Anthony Weems Bug Bounty2021-03-052023-06-13
2736Exploiting a hidden and forgotten Bug SSRF NA Aditya Verma (@0cirius0) Bug Bounty2021-03-072023-06-13
2735Finding Hidden Login Endpoint Exposing Secret `Client ID` Information disclosure NA Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2021-03-072023-06-13
2729Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover HTTP request smuggling XSS NA Kleiton Kurti (@kleiton0x7e) Bug Bounty2021-03-092023-06-13
2728Dangling DNS Records on surf-test.xwf.internet.org (Amazon EC2)! Subdomain takeover Dangling DNS records Meta / Facebook Binit Ghimire (@WHOISbinit) Bug Bounty2021-03-102023-06-13
2727Finding Basic Authtoken in JAVASCRIPT file BY Full Automation Information disclosure NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-03-102023-06-13
2726Chain of Low Level Bugs and Misconfigurations Leads to Account Takeover Reflected XSS Clickjacking Account takeover NA pleorqy (@pleorqy) Bug Bounty2021-03-102023-06-13
2725Business Logic Error on Registration Leads to SMS Validation Bypass MFA bypass NA pleorqy (@pleorqy) Bug Bounty2021-03-102023-06-13