Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2319CVE-2021-22929 – Brave Browser 1.27 and below permanently logs the server connection time for all v2 tor domains to ~/.config/BraveSoftware /Brave-Browser/tor/data/tor.log Privacy issue Information disclosure Brave Software sickcodes (@sickcodes) Bug Bounty2021-08-162023-06-13
2317Dangling DNS: Announcekit Subdomain takeover NA Mohamed Elbadry (@_melbadry9) Bug Bounty2021-08-162023-06-13
2316Confirming any new Email Address bug in Facebook (Part-4) Rate limiting bypass Meta / Facebook Lokesh Kumar (@lokeshdlk77) Bug Bounty2021-08-172023-06-13
2314A New Attack Surface on MS Exchange Part 1 - ProxyLogon! RCE Privilege escalation Microsoft Orange Tsai (@orange_8361) Bug Bounty2021-08-182023-06-13
2313Account Takeover via Access Token Leakage IDOR Information disclosure Account takeover NA Tuhin Bose (@tuhin1729_) Bug Bounty2021-08-192023-06-13
2310How I found my first Subdomain Takeover vulnerability Subdomain takeover CSRF NA Monish Basaniwal Bug Bounty2021-08-202023-06-13
2309Playing With s3 Leaks AWS misconfiguration NA Aswin Thambi Panikulangara (@r0074g3n7) Bug Bounty2021-08-212023-06-13
2308How I was able to get 1000$ bounty from a ds-store file? Information disclosure Debugging enabled NA Khaled Mohamed (@0xElkomy) Bug Bounty2021-08-212023-06-13
2307MonkeyType.com Stored Cross-Site Scripting Stored XSS Authentication bypass IDOR MonkeyType.com Tyle Butler (@tbutler0x90) Bug Bounty2021-08-222023-06-13
2306Story Of Unexpected Bugs IDOR XSS NA Neh Patel (@thecyberneh) Bug Bounty2021-08-222023-06-13
2305Server Side Request Forgery with huge impact in production application SSRF NA Gökhan Güzelkokar (@gkhck_) Bug Bounty2021-08-232023-06-13
2303Hey Google ! - Delete my Data Properly — #GoogleVRP Logic flaw Google Sriram Kesavan (@sriramoffcl) Bug Bounty2021-08-232023-06-13
2301How i was able to steal private files of any user on Larksuite IDOR NA Imran Nissar (@Imrannissar3) Bug Bounty2021-08-242023-06-13
2300[$5K] Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO) Account takeover Password reset Information disclosure NA Aditya Sharma (@Assass1nmarcos) Bug Bounty2021-08-242023-06-13
2299One Endpoint, Two Account Takeovers Account takeover NA Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2021-08-242023-06-13
2298“How Companies Need to Widen There Scopes” RCE Components with known vulnerabilities NA amnotacat Bug Bounty2021-08-252023-06-13
2294Business Logic Ratings Bug Logic flaw NA Maxwell Dulin (@Dooflin5) Bug Bounty2021-08-252023-06-13
2292Websocket Hijacking’ to steal Session_ID of victim users Cross-Site WebSocket Hijacking (CSWH) NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-08-252023-06-13
2291Reflective XSS via search box [Bypassing Cloudflare WAF]. Reflected XSS NA Friendly (@SkeletorKeys) Bug Bounty2021-08-262023-06-13
2290Oauth client secret leak and possible IDOR leading to PII Disclosure IDOR OAuth Information disclosure NA Monke (@pmofcats) Bug Bounty2021-08-262023-06-13
2288How did I earned 6000$ from tokens and scopes in one day Authorization flaw Privilege escalation NA Corraldev (@javier_corralg) Bug Bounty2021-08-272023-06-13
2286Exploiting Devops -Leak Source codes Information disclosure NA Shivbihari Pandey (@ninja_pandit_) Bug Bounty2021-08-282023-06-13
2285SSRF External Service Interaction for Find Real IP CloudFlare and Leads to SQL Injection WAF bypass SSRF SQL injection NA Caesar Evan Santoso Bug Bounty2021-08-282023-06-13
2284Cache Poisoning via SelfXSS + Path Parameter XSS Web cache poisoning NA ElMahdi Mrhassel (@ElMrhassel) Bug Bounty2021-08-282023-06-13
2283Bug Bounty: “My Remote Code Execution” Default credentials RCE NA 0xJin (@0xJin) Bug Bounty2021-08-292023-06-13