Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2190Improper phone number validation to account takeover Logic flaw OTP bypass Account takeover NA shesha sai_c (@Cyb3r_4ss4s1n) Bug Bounty2021-09-272023-06-13
2189CVE-2021-39246 – Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack excessive verbose logging – Windows, macOS, Linux Verbose logging Tor sickcodes (@sickcodes) Bug Bounty2021-09-272023-06-13
2186Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS) Stored XSS Apple Bobby Rauch / Bobbyr Bug Bounty2021-09-282023-06-13
2185"A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild Prototype pollution XSS Apple Atlassian Mozilla HubSpot Segment Analytics Sergey Bobrov (@black2fan) Bug Bounty2021-09-282023-06-13
2180Expect The Unexpected: Discovering fresh ZeroDay for Bounty Logic flaw Information disclosure NA Sina Kheirkhah (@SinSinology) Bug Bounty2021-09-302023-06-13
2178vScalation (CVE-2021-22015)- Local Privilege Escalation in VMware vCenter Local Privilege Escalation VMware Yuval Lazar Bug Bounty2021-11-302023-06-13
2177Privilege Escalation to stored XSS Privilege escalation HTTP response manipulation Stored XSS NA Rohit Kumar (Rohit_443) Bug Bounty2021-10-012023-06-13
2176The Discovery Of Gatekeeper Bypass CVE-2021-1810 Logic flaw Apple Rasmus Sten (@pajp) Bug Bounty2021-10-012023-06-13
2175Pre-Auth SSRF To Full MailBox Access (Microsoft Exchange Server Exploit) SSRF NA Vanshal Gaur (@VanshalG) Bug Bounty2021-10-022023-06-13
2172Bypassing 403 Protection To Get Pagespeed Admin Access 403 bypass NA Prajit Sindhkar (@PrajitSindhkar) Bug Bounty2021-10-042023-06-13
2171CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass Authentication bypass Security code review Forma LMS Cristian Giustini Bug Bounty2021-10-052023-06-13
2170CVE-2021-26084 RCE Atlassian snowyyowl (@bennyyjacob) Bug Bounty2021-10-052023-06-13
2169How I got access to many PIIs through a source code leak Information disclosure NA Supras (@LdrTom) Bug Bounty2021-10-052023-06-13
2167CSRF to one tray Red-bull CSRF Redbull Mohammed Saneem Bug Bounty2021-10-062023-06-13
2165CVE-2021-26420: Remote Code Execution In Sharepoint Via Workflow Compilation RCE Microsoft - Bug Bounty2021-10-062023-06-13
2164Accessing Apple’s internal UAT Slackbot for fun and non-profit Authorization flaw Apple Shail Patel (@shail_official) Bug Bounty2021-10-072023-06-13
2163Request Smuggling In Major Crypto Site — road to disappointment HTTP Header Smuggling NA CeloIme Prezime Bug Bounty2021-10-092023-06-13
2162Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage Information disclosure NA MikeChan Bug Bounty2021-10-092023-06-13
2160Account Takeover — Story of 2 same issues in a single program but different sub-domains. Account takeover NA Himanshu Pdy (@himanshu_pdy) Bug Bounty2021-10-102023-06-13
2158How I got $500 with Open redirect Open redirect NA khan mamun (@mamunwhh) Bug Bounty2021-10-102023-06-13
2156Exploiting HTML-to-PDF Converters through HTML Imports XSS LFI NA Mohammed Diaa (@mhmdiaa) Bug Bounty2021-10-102023-06-13
2149Abusing Slack’s file-sharing functionality to de-anonymise fellow workspace members XSLeaks Slack Julien Cretel (@jub0bs) Bug Bounty2021-10-122023-06-13
2148500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻 OTP bypass Account takeover Password reset NA Gowtham_Naidu (@NaiduPonnana) Bug Bounty2021-10-132023-06-13
2145Exploitation of file’s download parameters to create potential risk of malware delivery: $200 bug! CSRF RCE NA Muhammad Aamir (@Muhammad__Aamir) Bug Bounty2021-10-172023-06-13
2144Business Logic Errors - A Logic Destruction Logic flaw NA Jerry Shah (@Jerry) Bug Bounty2021-10-172023-06-13