Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1206Let%27s Dance in the Cache - Destabilizing Hash Table on Microsoft IIS! DoS Web cache poisoning Authentication bypass Microsoft Orange Tsai (@orange_8361) Bug Bounty2022-08-182023-06-13
1199Account takeover worth $1000 Account takeover Authentication bypass Information disclosure Password reset NA Faique (@imfaiqu3) Bug Bounty2022-08-192023-06-13
1100Riding The Inforail To Exploit Ivanti Avalanche Part 2 RCE Insecure deserialization Path traversal Authentication bypass Unrestricted file upload Arbitrary file write Arbitrary file read Ivanti Piotr Bazydło (@chudyPB) Bug Bounty2021-09-082023-06-13
1097How I was able to Bypass Philips Authentication Outdated component with a known vulnerability Authentication bypass Philips ParagBagul Bug Bounty2022-09-102023-06-13
1044My First Valid Bug “Bypass the Admin Panel” Authentication bypass NA Digant Prajapati Bug Bounty2022-09-232023-06-13
1023Exploits Explained: 5 Unusual Authentication Bypass Techniques Authentication bypass JWT CMS SSO NA Ozgur Alp (@ozgur_bbh) Bug Bounty2022-09-282023-06-13
1000How I Found A P1 Bug Authentication bypass Information disclosure NA Amith Bug Bounty2022-10-052023-06-13
963FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684) Authentication bypass Fortinet James Horseman (@JamesHorseman2) Bug Bounty2022-10-132023-06-13
954Google SSO misconfiguration leading to Account Takeover Authentication bypass Account takeover SSO NA 0x4KD (@0x4kd) Bug Bounty2022-10-142023-06-13
93023000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite JWT Authentication bypass Arbitrary file write Unrestricted file upload NA Souhaib Naceri (@h4x0r_dz) Bug Bounty2022-10-192023-06-13
846Accidental $70k Google Pixel Lock Screen Bypass Lock screen bypass Authentication bypass Android Google David Schütz (@xdavidhu) Bug Bounty2022-11-102023-06-13
828Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) RCE Code injection SSRF Line Feed injection Arbitrary file read Authentication bypass Security code review Checkmk Stefan Schiller (@scryh_) Bug Bounty2022-11-152023-06-13
784From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942) Authentication bypass Kerberos RCE Privilege escalation Security code review Intel Julien Ahrens (@MrTuxracer) Bug Bounty2022-11-232023-06-13
768Access Any Owner Account without Authentication (Auth bypass + 2FA bypass) Authentication bypass MFA bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-11-272023-06-13
7652FA Enabled Accounts Can Bypass Authentication & Access Account After Deactivation Authentication bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-11-272023-06-13
678Better Make Sure Your Password Manager Is Secure Hardcoded credentials XSS Cryptographic issues Authorization flaw Authentication bypass Click Studios kuekerino (@kuekerino) Bug Bounty2022-12-192023-06-13
6640 click Facebook Account Takeover and Two-Factor Authentication Bypass Authentication bypass GraphQL Account takeover Android MFA bypass Meta / Facebook abdellah yaala (@yaalaab) Bug Bounty2022-12-212023-06-13
650Authentication Bypass in Nexus manager (version 3.37.3–02) Components with known vulnerabilities Authentication bypass HTTP response manipulation NA SHARAN.K Bug Bounty2022-12-262023-06-13
648How I found multiple critical bugs in Red Bull Authentication bypass HTTP response manipulation Path traversal LFI XSS SQL injection RCE Unrestricted file upload RFI Security code review Red Bull Bartłomiej Bergier (@_bergee_) Bug Bounty2022-12-262023-06-13
620Cacti: Unauthenticated Remote Code Execution RCE Authentication bypass OS command injection Security code review Cacti Stefan Schiller (@scryh_) Bug Bounty2023-01-032023-06-13
619CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise Authentication bypass SSRF Rocket Software Tom Wedgbury Bug Bounty2023-01-042023-06-13
591YAFPC — Unauthenticated Remote Code Execution Authentication bypass Hardcoded credentials RCE NA Luke Paris Bug Bounty2023-01-142023-06-13
579Centreon map vulnerability Authentication bypass Centreon Vladimir Bug Bounty2023-01-172023-06-13
564Two Factor Authentication Bypass On Facebook MFA bypass Meta / Facebook Gtm Mänôz (@Gtm0x01) Bug Bounty2023-01-202023-06-13
549Using 0days to Protect the United Nations RCE Authentication bypass Path traversal United Nations Florian Hauser (@frycos) Bug Bounty2023-01-242023-06-13