Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3715Google Bug Bounty: CSRF in learndigital.withgoogle.com CSRF Google santuySec (@santuySec) Bug Bounty2020-01-212023-06-13
3714User Account Takeover via Signup Feature | Bug Bounty POC Account takeover Logic flaw Authorization flaw NA Muzammil Kayani (@muzammilabbas2) Bug Bounty2020-01-222023-06-13
3713Facebook Vulnerability: Hidden “Community Manager” in Pages due to “Invitation Accept” logic Logic flaw Meta / Facebook Ritish Kumar Singh Bug Bounty2020-01-222023-06-13
3712Password Reset Token Leak Via Referrer Password reset Information disclosure NA Shrey Shah (@ShreySh43332033) Bug Bounty2020-01-222023-06-13
3711A Less Known Attack Vector, Second Order IDOR Attacks IDOR NA Ozgur Alp (@ozgur_bbh) Bug Bounty2020-01-222023-06-13
3710CORS Misconfiguration leading to Private Information Disclosure CORS misconfiguration NA Virus0X01 (@Virus0X01) Bug Bounty2020-01-232023-06-13
3709How I was able to take over any users account with host header injection Host header injection NA Ajay Gautam (@evilboyajay) Bug Bounty2020-01-232023-06-13
3707The unexpected bounty: A story of Zendesk takeover on REDACTED.com Subdomain takeover NA wis4nggeni Bug Bounty2020-01-252023-06-13
3706Accidental IDOR that Deleted Admin Account. IDOR NA Sayaan Alam (@ehsayaan) Bug Bounty2020-01-252023-06-13
3705Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC Parameter tampering Meta / Facebook Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2020-01-262023-06-13
3701Escalating reflected XSS with HTTP Smuggling Reflected XSS HTTP request smuggling NA Hazana (@HazanaSec) Bug Bounty2020-01-272023-06-13
3700Tale of a Misconfiguration in Password Reset Password reset Information disclosure NA Naveenroy Bug Bounty2020-01-272023-06-13
3699Adding anyone including non-friend and blocked people as co-host in personal event! IDOR Meta / Facebook Binit Ghimire (@WHOISbinit) Bug Bounty2020-01-282023-06-13
3698Hyperlink Injection - Easy Money (sometimes) Hyperlink injection NA Abhishek Yadav (@abhishake100) Bug Bounty2020-01-282023-06-13
3697How I get my first SWAG from SIDN (Sensitive Data Expose) Broken Access Control Information disclosure SIDN Mehedi Hasan Remon (@mehedi1194) Bug Bounty2020-01-292023-06-13
3696How I was able to takeover the company’s LinkedIn Page Broken link hijacking NA Vijaysimha Reddy Bathini (@fatratfatrat) Bug Bounty2020-01-292023-06-13
36952FA Bypass via Logical Rate Limiting Bypass MFA bypass Logic flaw NA Jeppe Bonde Weikop Bug Bounty2020-01-302023-06-13
3694OK Google: bypass the authentication! Authentication bypass Google Mattia Vinci Bug Bounty2020-01-312023-06-13
3692Tumblr Bug Bounty ( $200) Unrestricted file upload XSS Authorization flaw Automattic Myo Min Thu (@myominthu1337) Bug Bounty2020-02-022023-06-13
3691CSRF CSRF CSRF… CSRF NA Navneet (@na5n33t) Bug Bounty2020-02-032023-06-13
3690Easily leaking passenger information on an Airline IDOR NA Zseano (@zseano) Bug Bounty2020-02-042023-06-13
3689Exploiting Insecure Firebase Database! Insecure Firebase database Android NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2020-02-042023-06-13
3688Responsible Disclosure: Breaking out of a Sandboxed Editor to perform RCE RCE HackerEarth Jatin Dhankhar (@jatindhankhar_) Bug Bounty2020-02-042023-06-13
3687Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access Stored XSS CSP bypass Open redirect RCE Meta / Facebook Gal Weizman (@WeizmanGal) Bug Bounty2020-02-042023-06-13
3686Arbitary File Upload too Stored XSS - Bug Bounty Arbitrary file upload Stored XSS NA m0chan (@m0chan98) Bug Bounty2020-02-042023-06-13