Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2394Escalating Self-XSS To Stored XSS via Image injection + IDOR Self-XSS Stored XSS IDOR NA Demon (@R29k_) Bug Bounty2021-07-212023-06-13
2392Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm Weak crypto NA Craig Hays (@craighays) Bug Bounty2021-07-222023-06-13
2390Story OF MY 3RD Bounty From Facebook Logic flaw NA Aashish Jung Kunwar (@WhoisAasis) Bug Bounty2021-07-232023-06-13
2385Easy Bounty With Exposed Buckets & Blobs Cloud storage misconfiguration NA mr.d0x (@mrd0x) Bug Bounty2021-07-262023-06-13
2384Bug Chain leads to Mass Account Takeover! Information disclosure Password reset Account takeover NA Shubhayu Majumdar (@shubhayu64) Bug Bounty2021-07-262023-06-13
2381XXE Case Studies XXE NA cinzinga (@cinzinga_) Bug Bounty2021-07-262023-06-13
2380You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures Password reset Host header injection CSRF Account takeover NA Tommaso Innocenti (@innotommy) Bug Bounty2021-07-262023-06-13
2378Abusing JSON Web Token to steal accounts — 3000$ IDOR NA Filipe Azevedo (@filipaze_) Bug Bounty2021-07-272023-06-13
2377XSS-Special-Cases: XSS That Works only in mobile Devices XSS NA 0xdln (@0xdln) Bug Bounty2021-07-272023-06-13
2376Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth RCE PHP Object Injection Moodle Johannes Moritz Bug Bounty2021-07-272023-06-13
2375Information Disclosure to Account Takeover Information disclosure OAuth Account takeover Authentication bypass NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-07-282023-06-13
2374How I earned $$$$ by Amazon S3 Bucket misconfigurations? AWS misconfiguration Subdomain takeover NA Abdullah Mohamed (@3bodymo_) Bug Bounty2021-07-292023-06-13
2373Chaining Open Redirect with XSS to Account Takeover Open redirect XSS Account takeover NA Radian ID Bug Bounty2021-07-292023-06-13
2371How I found my first IDOR in HackerOne IDOR NA N1GHTMAR3 (@n1ghtmar3_2421) Bug Bounty2021-07-292023-06-13
2369Google Bug Bounty: $500 worth client-side DoS on Google Keep Application-level DoS Google Tommaso De Ponti (@heytdep) Bug Bounty2021-07-302023-06-13
2368Account takeover via stored xss Stored XSS NA vikram naidu (@ImVikram7msd) Bug Bounty2021-07-302023-06-13
2367XXE in Public Transport Ticketing Mobile APP XXE RCE NA Nikhil (niks) (@niksthehacker) Bug Bounty2021-07-302023-06-13
2365How I bypassed website using Akamai waf XSS NA Yusif Cəfərov (@yusifceferov_) Bug Bounty2021-07-312023-06-13
2364How I escalate my Self-Stored XSS to Account Takeover with the help of IDOR Self-XSS IDOR Account takeover HackerEarth Jefferson Gonzales (@gonzxph) Bug Bounty2021-07-312023-06-13
2363From Hobby to Hacking Unrestricted file upload RCE Missing authentication NA Muhammad Syahrul Haniawan (@b0x_in) Bug Bounty2021-07-312023-06-13
2362Bug Bounty Stories #1: Tale of CSP bypass in an electron app! CSP bypass NA SecurityGOAT (@RuntimeSecurity) Bug Bounty2021-07-312023-06-13
2359Multi Domain DOM Cross Site Scripting DOM XSS NA Sam Paredes (@caffeinevulns) Bug Bounty2021-08-012023-06-13
2358Blind XXE Leads to Internal Port Scanning Through SSRF XXE SSRF NA Sam Paredes (@caffeinevulns) Bug Bounty2021-08-012023-06-13
2357Bug bounty - PHI/PII critical data exposure Information disclosure NA Molx32 Bug Bounty2021-08-012023-06-13
2356Tale of XSS in Angular Reflected XSS NA Sicksec (@OriginalSicksec) Bug Bounty2021-08-022023-06-13