Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2631Pwning your assignments: Stored XSS via GraphQL endpoint Stored XSS GraphQL NA Kartik Sharma (@dominat0r98) Bug Bounty2021-04-182023-06-13
2630Exploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty program Unrestricted file upload RCE NA Jadek Mark (@mase289) Bug Bounty2021-04-182023-06-13
2628Unauthorized access to admin setpassword page BY bypassing 403 Forbidden Authorization flaw NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-04-182023-06-13
2627Blind SSRF to Port Scanning through response time SSRF NA Harish Bug Bounty2021-04-192023-06-13
2626Harvesting Active Directory credentials via HTTP Request Smuggling HTTP request smuggling NA Tijme Gommers (@tijme) Bug Bounty2021-04-192023-06-13
2623Playing With iframes: Bypassing Content-Security-Policy CSP bypass Open redirect HTML injection NA JM Sanchez / 0xEchidonut (@jmrcsnchz) Bug Bounty2021-04-202023-06-13
2622CVE-2021-30481: Source engine remote code execution via game invites RCE Integer underflow Valve floesen (@floesen_) Bug Bounty2021-04-202023-06-13
2621DMCA.COM Hack, Full Disclosure (With Proof-of-Concept) Privilege escalation Client-side enforcement of server-side security Stored XSS Broken Access Control DMCA Joël Aviad Ossi Bug Bounty2021-04-212023-06-13
2620How I was able to inject XSS payload into any user%27s mailbox XSS NA Gaurav Popalghat (@N008x) Bug Bounty2021-04-212023-06-13
2615Telegram bug bounties: XSS, privacy issues, official bot exploitation and more… XSS Authorization flaw DoS NA Davide Bug Bounty2021-04-222023-06-13
2612AWS internal metadata accessed through SSRF by Chaining an Open Redirect bug SSRF Open redirect NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-04-242023-06-13
2611RCE via Internal Access to Adminer Database Management (Critical) RCE NA Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2021-04-242023-06-13
2610From Wayback Machine To Account Takeover Account takeover Password reset Open redirect NA Demon (@R29k_) Bug Bounty2021-04-252023-06-13
2607From Wayback Machine To Account Takeover Open redirect Account takeover NA Demon (@R29k_) Bug Bounty2021-04-252023-06-13
2605CVE-2021-22204 - Recreating a critical bug in ExifTool, no Perl smarts required. RCE Exiftool - Bug Bounty2021-04-262023-06-13
2601Reflected DOM-based XSS on DomaiNesia XSS DomaiNesia N45HT Bug Bounty2021-04-272023-06-13
2600How did I earn €€€€ by breaking the back-end logic of the server Logic flaw Information disclosure NA Dewanand Vishal (@dewcode91) Bug Bounty2021-04-282023-06-13
2598De-anonymising Anonymous Animals in Google Workspace Privacy issue Information disclosure Google David Schütz (@xdavidhu) Bug Bounty2021-04-292023-06-13
2597A tale of Html to Pdf converter ssrf and various bypasses SSRF NA Jatin Aesthetic (@techyfreakk) Bug Bounty2021-04-292023-06-13
2594How I was able to Retrieve your Personal Documents using the Wayback Machine! Privacy issue Information disclosure NA Savir Suda (@savxiety) Bug Bounty2021-04-302023-06-13
2593My first OOB XXE exploitation XXE NA Joshua Martinelle (@J0_mart) Bug Bounty2021-04-302023-06-13
2591Password reset code brute-force vulnerability in AWS Cognito Password reset Bruteforce Rate limiting bypass Account takeover AWS Pentagrid (@pentagridsec) Bug Bounty2021-04-302023-06-13
2590How I got $400 for my first SSRF bug? SSRF NA Usama Varikkottil (@usama_dev) Bug Bounty2021-05-012023-06-13
2589How I found my first RCE? RCE NA ipanda (@ipanda915) Bug Bounty2021-05-012023-06-13
2588SSRF Through PDF Generation SSRF NA Joshua Martinelle (@J0_mart) Bug Bounty2021-05-012023-06-13