Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2682I felt like there were no more bugs left after winning € 2000 … But an email worth €750 changed my mind Broken Access Control IDOR NA Thexssrat (@theXSSrat) Bug Bounty2021-03-312023-06-13
2681Missing CORS leads to Complete Account Takeover Missing CORS CSRF Account takeover NA Niraj Modi (@nirajmodi51) Bug Bounty2021-03-302023-06-13
2673Play a game, get Subscribed to my channel - YouTube Clickjacking Bug | #GoogleVRP Clickjacking Google Sriram Kesavan (@sriramoffcl) Bug Bounty2021-04-022023-06-13
2672XSS in Large Messenger and Payment App - a Shout Out to Parameter Guessing XSS HTML injection NA Lauritz Holtmann (@_lauritz_) Bug Bounty2021-04-022023-06-13
2671Bragging Rights: Let’s head back to bug bucket XSS IDOR MFA bypass NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-04-022023-06-13
2670This Man Thought Opening A TXT File Is Fine, He Thought Wrong. MacOS CVE-2019-8761 MacOS HTML injection Apple Paulos Yibelo (@PaulosYibelo) Bug Bounty2021-04-022023-06-13
2669Automate Cache Poisoning Vulnerability - Nuclei Web cache poisoning Stored XSS NA Mohamed Elbadry (@_melbadry9) Bug Bounty2021-04-022023-06-13
2667Code execution as root via AT commands on the Quectel EG25-G modem OS command injection RCE Quectel nns Bug Bounty2021-04-032023-06-13
2665Journeys in Quoteless and Multi Reflection XSS XSS NA Bend Theory (@bendtheory) Bug Bounty2021-04-042023-06-13
2664Remote code execution through unsafe unserialize in PHP Insecure deserialization RCE NA Sjoerd Langkemper Bug Bounty2021-04-042023-06-13
2661Intro to Open-source Bug Bounty Path traversal Mailtrain Arjun Shibu (@0xsegf) Bug Bounty2021-04-052023-06-13
2660Weird and very easy authentication bypass found with Google dorking Authentication bypass NA GrumpinouT (@RVerwilghen) Bug Bounty2021-04-052023-06-13
2659Cloud Based Storage Misconfigurations -> Critical Bounties Cloud storage misconfiguration NA Mikey (@mikey96_bh) Bug Bounty2021-04-052023-06-13
2658Apple TV for Fire OS code execution RCE Insecure storage Man-in-the-Disk attack Apple Razvan Sima (@0xraaz) Bug Bounty2021-04-052023-06-13
2656Chaining an Blind SSRF bug to Get an RCE Blind SSRF RCE NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-04-072023-06-13
2655What if you could deposit money into your Betting account for free? Oh wait where has this 25k came from… Logic flaw NA Mikey (@mikey96_bh) Bug Bounty2021-04-072023-06-13
2650Unauthenticated Account Takeover Through Forget Password Password reset Account takeover Information disclosure NA Nikhil (niks) (@niksthehacker) Bug Bounty2021-04-122023-06-13
2649ELECTRIC CHROME - CVE-2020-6418 on Tesla Model 3 RCE Browser hacking Tesla Google Chris Williams (@HawaiiFive0day) Bug Bounty2021-04-122023-06-13
2646Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion LFI Information disclosure NA Arben Shala (@arbennsh) Bug Bounty2021-04-132023-06-13
2642Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027) Man-in-the-Disk attack Meta / Facebook CENSUS Bug Bounty2021-04-142023-06-13
2639Fun sql injection — mod_security bypass SQL injection NA _Y000_ (@_Y000_) Bug Bounty2021-04-162023-06-13
2638How I earned $$$$ through Stored XSS Stored XSS CSTI NA Harish Bug Bounty2021-04-162023-06-13
2636Lets Learn English - Hacking 10M+ Users AWS misconfiguration Insecure Firebase database OTP bypass Account takeover Logic flaw NA Aseem Shrey (@AseemShrey) Bug Bounty2021-04-172023-06-13
2633XSS via Exif Data - The P2 Elevator Stored XSS NA Jerry Shah (@Jerry) Bug Bounty2021-04-182023-06-13
2632Misconfiguration in Change-password Functionality Leads to Account Takeover IDOR Logic flaw Password reset Account takeover NA Mahmoud Radwan (@0x___2m) Bug Bounty2021-04-182023-06-13