Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2237GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink Logic flaw Information disclosure GitHub Justin Steven (@justinsteven) Bug Bounty2021-09-082023-06-13
2236Change home directory and bypass TCC aka CVE-2020-27937 Privacy issue MacOS Apple Wojciech Reguła (@_r3ggi) Bug Bounty2021-09-092023-06-13
2235Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances Container takeover Container escape Privilege escalation Cloud Microsoft Unit 42 (@Unit42_Intel) Bug Bounty2021-09-092023-06-13
2234Mistuned Part 1: Client-side XSS to Calculator and More XSS Memory corruption iOS Apple CodeColorist (@codecolorist) Bug Bounty2021-09-102023-06-13
2231How I found my first AEM related bug. LFR NA Vedant Tekale (@_justYnot) Bug Bounty2021-09-112023-06-13
2226Hacking CloudKit - How I accidentally deleted your Apple Shortcuts Logic flaw Apple Frans Rosén (@fransrosen) Bug Bounty2021-09-132023-06-13
2223Microsoft Azure Portal – Persistent Cross-Site Scripting Stored XSS Microsoft Christian Becker (@0xchrisb) Bug Bounty2021-09-152023-06-13
2219This is why you shouldn’t trust your Federated Identity Provider OAuth Account takeover Authentication bypass NA Soufiane Habti (@wld_basha) Bug Bounty2021-09-152023-06-13
2217Weaponizing Reflected XSS to Account Takeover XSS Account takeover NA Hassan Shahid (@pwnsauc3) Bug Bounty2021-09-162023-06-13
2216A Small Tale of Account Takeover … IDOR Account takeover NA Saugat Pokharel (@saugatpk5) Bug Bounty2021-09-162023-06-13
2214All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021–33035) RCE Memory corruption Apache Eugene Lim (@spaceraccoonsec) Bug Bounty2021-09-172023-06-13
2213From Google Dorking to Information Disclosure Information disclosure Missing authentication NA MikeChan Bug Bounty2021-09-182023-06-13
2212From phpinfo page to many P1 bugs and RCE. [Symfony] File disclosure Information disclosure RCE NA Abdelrahman Khaled Bug Bounty2021-09-182023-06-13
2211A small change, and things go in your hand : Story of a $250 bounty Information disclosure NA Fardeen Ahmed (@fardeenahmed411) Bug Bounty2021-09-182023-06-13
2210Admin access !! Privilege escalation Broken Access Control NA th3.d1p4k (@DipakPanchal05) Bug Bounty2021-09-192023-06-13
2209Chaining bugs for better bounties SSRF XSS Information disclosure NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-09-192023-06-13
22075 RCEs in npm for $15,000 RCE NA Robert Chen (@NotDeGhost) Bug Bounty2021-09-202023-06-13
2205RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through RCE Path traversal Citrix Systems Markus Wulftange (@mwulftange) Bug Bounty2021-09-212023-06-13
2204Cookie Stealing via Clickjacking using Burp collaborator Clickjacking NA Anurag__Verma Bug Bounty2021-09-222023-06-13
2203A fever Worth 750$- [Accessing Private Projects ] IDOR Information disclosure Mozilla Shakti Mohanty (@3ncryptSaan) Bug Bounty2021-09-222023-06-13
2200Super Admin panel without Credentials 😎 Authentication bypass NA Rizwan_siddiqui (@Rizwan_SiDdiqu1) Bug Bounty2021-09-222023-06-13
2197Bug-Bounty | FASTMAIL [topicbox.com: Privileges Escalation > Organization Takeover] Privilege escalation Logic flaw Fastmail Mohammed ELdawody Bug Bounty2021-09-242023-06-13
2196Bug-Bounty | FASTMAIL [pobox.com : account takeover] Account takeover Password reset Fastmail Mohammed ELdawody Bug Bounty2021-09-242023-06-13
2194Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program Information disclosure Local Privilege Escalation Privacy issue Apple Denis Tokarev / illusionofchaos Bug Bounty2021-09-242023-06-13
2191Attack Surface Analysis - Part 3 - Resurrected Code Execution RCE NA Parsia Hackerman (@cryptogangsta) Bug Bounty2021-09-262023-06-13