Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2543Time-Based SQL Injection to Dumping the Database SQL injection Android NA Naveen J (@thevillagehackr) Bug Bounty2021-05-192023-06-13
2542SSRF in PDF Renderer using SVG SSRF NA pwn.vg / Tomi (@mastomii) Bug Bounty2021-05-192023-06-13
2540Third-Party Apps were still getting your private Facebook data even after their access expiry. Logic flaw Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2021-05-202023-06-13
2536403 Forbidden Bypass 403 bypass Forced browsing NA th3.d1p4k (@DipakPanchal05) Bug Bounty2021-05-212023-06-13
2535How I turned 0000 into $600: Phone Verification Bypass OTP bypass NA Shrirang Diwakar Bug Bounty2021-05-212023-06-13
2533Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device (500$) Information disclosure Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2021-05-212023-06-13
2532Finding and Exploiting Unintended Functionality in Main Web App APIs IDOR Information disclosure Privilege escalation NA Bend Theory (@bendtheory) Bug Bounty2021-05-212023-06-13
2531CORS misconfig that worths USD200 CORS misconfiguration NA MikeChan Bug Bounty2021-05-232023-06-13
2529Content Spoofing Vulnerability in Shibboleth Service Provider Content spoofing NA Toni Huttunen Bug Bounty2021-05-242023-06-13
2528Chaining XSS with authentication issues to turn it into full account takeover XSS Account takeover NA N1GHTMAR3 (@n1ghtmar3_2421) Bug Bounty2021-05-242023-06-13
2526Stored XSS with two different parameters Reflected XSS NA Joel Cantu (@InfosecRintox) Bug Bounty2021-05-252023-06-13
2525GitLab Arbitrary File Read & Write through Kroki - CVE-2021-22203 Arbitrary file read NA Anh Duc Nguyen (@ledz1996) Bug Bounty2021-05-252023-06-13
2523How I hacked a Target again and again… OAuth Account takeover XSS Broken Access Control NA Aditya Verma (@0cirius0) Bug Bounty2021-05-272023-06-13
2522Hey WAF! Better Luck Next Time! 👽 SQL injection NA Akash Rox Starz Bug Bounty2021-05-282023-06-13
2521Github, The Goldmine for P1s and P2s - Sensitive Information Exposure via Github by a Company Employee Information disclosure NA Savir Suda (@savxiety) Bug Bounty2021-05-282023-06-13
2519The beauty of chaining client-side bugs CRLF injection XSS CSP bypass DoS CSTI NA Master SEC (@MasterSEC_AR) Bug Bounty2021-05-292023-06-13
2518Account Takeover via iFrame Injection Iframe injection Account takeover NA xbforce (@xbforce) Bug Bounty2021-05-292023-06-13
2516runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465) Kubernetes Container escape Google Etienne Champetier / champtar Bug Bounty2021-05-302023-06-13
2515Escalating SSRF to Accessing all user PII information by aws metadata SSRF NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-05-312023-06-13
2512CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads CRLF injection Synology Justin Taft Bug Bounty2021-06-012023-06-13
2511Escalating SSRF to Accessing all user PII information by aws metadata SSRF NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-06-012023-06-13
2510Admin Panel? Pwned! Information disclosure Hardcoded credentials NA Splintersec (@splint3rsec) Bug Bounty2021-06-022023-06-13
2508Exploiting Open Redirect - Whitelist Bypass Using Salesforce Environment Open redirect Token theft Salesforce NA Gaurav Nayak (@4auvar) Bug Bounty2021-06-022023-06-13
2506Bypassing LFI (Local File Inclusion) LFI NA Abhishek (@abhishake21) Bug Bounty2021-06-032023-06-13
2505Server Side Request Forgery - A Forged Document SSRF File upload NA Jerry Shah (@Jerry) Bug Bounty2021-06-032023-06-13