Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2973Exploiting new-era of Request forgery on mobile applications CSRF Account takeover Pinterest Sayed Abdelhafiz (@dPhoeniixx) Bug Bounty2020-12-112023-06-13
2965TikTok Careers Portal Account Takeover CSRF Open redirect Account takeover TikTok Lauritz Holtmann (@_lauritz_) Bug Bounty2020-12-152023-06-13
2951Cookie Tossing to RCE on Google Cloud JupyterLab Self-XSS DoS CSRF RCE Google s1r1us (@s1r1u5_) Bug Bounty2020-12-232023-06-13
2942How I Got My First Bounty & Hof From Google (CSRF Lead To Account Delete) CSRF Google Bhupendra Rajbhar (@bhupendra1238) Bug Bounty2020-12-282023-06-13
2922Finding bugs on Chess.com Lack of rate limiting Bruteforce CSRF Chess.com Seqrity (@seqrity9) Bug Bounty2021-01-072023-06-13
2904CSRF with IDOR - A Deadly Combo CSRF IDOR NA Jerry Shah (@Jerry) Bug Bounty2021-01-122023-06-13
2875CSRF Protection Bypass in Atlassian Confluence Server CSRF Atlassian yeuchimse (@yeuchimse) Bug Bounty2021-01-222023-06-13
2855Launching Internal & Non-Exported Deeplinks On Facebook CSRF Meta / Facebook Ashley King (@AshleyKingUK) Bug Bounty2021-01-282023-06-13
2842Stealing Chat session ID with CORS and execute CSRF attack CSRF CORS misconfiguration NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-02-022023-06-13
2814OAuth Misconfiguration Leads to Full Account takeover OAuth Clickjacking CSRF Account takeover NA Yasser Mohammed (@boomneroli) Bug Bounty2021-02-132023-06-13
2802Full account takeover worth $1000 Think out of the box Account takeover CSRF IDOR NA Mohsin Khan (@tabaahi_) Bug Bounty2021-02-152023-06-13
2780CSRF In JSF 2.0: Predicting CSRF Tokens For Apache MyFaces CSRF ViewState Apache Wolfgang Ettlinger Bug Bounty2021-02-192023-06-13
2771CSRF through URL with # tag parameter CSRF NA Tommysuriel Bug Bounty2021-02-252023-06-13
2708Chaining bugs for the greater good Blind XSS CSRF NA mohamad mahmoudi (@Lotus_619) Bug Bounty2021-03-182023-06-13
2684CSRF to Full Account Takeover CSRF Account takeover NA Ashraf Harb (@ashrafharb97) Bug Bounty2021-03-292023-06-13
2681Missing CORS leads to Complete Account Takeover Missing CORS CSRF Account takeover NA Niraj Modi (@nirajmodi51) Bug Bounty2021-03-302023-06-13
2662CSRF in YouTube Leanback API CSRF Google David Schütz (@xdavidhu) Bug Bounty2021-04-052023-06-13
2657I Built a TV That Plays All of Your Private YouTube Videos CSRF Google David Schütz (@xdavidhu) Bug Bounty2021-04-052023-06-13
2616Got Nice catch by Google OAuth Open redirect CSRF Google Parth Desani (@DesaniParth) Bug Bounty2021-04-222023-06-13
2587Chaining CSRF with XSS to deactivate Mass user accounts by single click CSRF XSS NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-05-022023-06-13
2583Deep Dive into Open Source Bug Bounty CSRF NA Ritik Sahni (@ritiksahni22) Bug Bounty2021-05-032023-06-13
2534CSRF from which we can create a support ticket in Victim’s Account (500$) CSRF Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2021-05-212023-06-13
2533Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device (500$) Information disclosure Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2021-05-212023-06-13
2501Executing CSRF With Phone Validation CSRF NA Greg Gibson Bug Bounty2021-06-042023-06-13
2473Part-1 Dive into Zoom Applications CSRF Payment bypass Logic flaw Account takeover Privilege escalation Zoom Rakesh Thodupunoori (@rakesh_3895) Bug Bounty2021-06-162023-06-13