Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2143How I Escalated a Time-Based SQL Injection to RCE SQL injection RCE Sony JM Sanchez / 0xEchidonut (@jmrcsnchz) Bug Bounty2021-10-172023-06-13
2142Independently Secure, Together Not So Much – A Story Of 2 WP Plugins RCE Race condition Unrestricted file upload Security code review NA Adrian Tiron (@Adrian__T) Bug Bounty2021-10-172023-06-13
2136CVE-2021-2471 MySQL JDBC XXE XXE Oracle (MySQL) pyn3rd (@pyn3rd) Bug Bounty2021-10-212023-06-13
2134All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646) RCE Memory corruption Microsoft Eugene Lim (@spaceraccoonsec) Bug Bounty2021-10-222023-06-13
2133Moodle - Stored XSS and blind SSRF possible via feedback answer text Stored XSS SSRF Moodle rekter0 (@rekter0) Bug Bounty2021-10-222023-06-13
2132A story of another awesome old school hacking that lead to a cool P1 bug 403 bypass NA Vuk Ivanovic Bug Bounty2021-10-222023-06-13
2131How i Got 3 SQL injection in just 10 minutes. SQL injection NA Ahmed Fatouh (@XDev05) Bug Bounty2021-10-232023-06-13
2128Google Chrome Vulnerability Worth for $6K: Use After Free (CVE-2021-30573) Memory corruption Google Security For Everyone / S4E Team (@secforeveryone) Bug Bounty2021-10-232023-06-13
2123An Effective 5 min recon leads to a Hall of Fame Information disclosure NA Renganathan (@IamRenganathan) Bug Bounty2021-10-262023-06-13
2121Use-After-Free in Voice Control: CVE-2021-30902 Write-up Memory corruption Apple 08Tc3wBB (@08Tc3wBB) Bug Bounty2021-10-272023-06-13
2120Easy SSRF from Wayback Machine SSRF NA Khaled Mohamed (@0xElkomy) Bug Bounty2021-10-272023-06-13
2119Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD Broken authentication Authentication flaw GoCD Sonar (@SonarSource) Bug Bounty2021-10-272023-06-13
2118Unauthorized access to any user’s account. IDOR Authentication bypass Account takeover NA vikram naidu (@ImVikram7msd) Bug Bounty2021-10-282023-06-13
2116Apple XAR – Arbitrary File Write (CVE-2021-30833) Arbitrary file write Apple Richard Warren (@buffaloverflow) Bug Bounty2021-10-282023-06-13
2115A journey from XML External Entity (XXE) to NTLM hashes! XXE NA Shubham Chaskar (@chaskar_shubham) Bug Bounty2021-10-282023-06-13
2112How I was able to access a properly Configured S3 Bucket Leaked AWS keys Information disclosure NA Pawan Chhabria (@heybenchmarkkk) Bug Bounty2021-10-282023-06-13
2111One misconfiguration to rule them all Information disclosure Debug mode enabled NA Sushant Soni (@sushantsoni5392) Bug Bounty2021-10-292023-06-13
2110How I found Command Injection via Obsolete PHPThumb OS command injection RCE NA Sushant Kamble Bug Bounty2021-10-302023-06-13
2109This is how i was able to Permanently Crash all Mapillary users within minutes Application-level DoS Meta / Facebook Abhishek Pathak (@pathleax) Bug Bounty2021-10-312023-06-13
2107How i made 500$ with XSS XSS Account takeover NA Nassim Chami (@nvccim) Bug Bounty2021-11-012023-06-13
2106Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 RCE Insecure deserialization Security code review Sitecore Shubham Shah (@infosec_au) Bug Bounty2021-11-012023-06-13
2105A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions Local Privilege Escalation MacOS Apple Perception Point (@PerceptionPo1nt) Bug Bounty2021-11-032023-06-13
2101Unauthenticated Access To Cloud Portal β€” A πŸšͺ Without πŸ—οΈ Authentication bypass NA Yukesh Kumar (@3th1c_yuk1) Bug Bounty2021-11-052023-06-13
20994 Crits in 48 hours: Unicorn Programs Privilege escalation Information disclosure IDOR NA Monke (@pmofcats) Bug Bounty2021-11-062023-06-13
2096How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes SQL injection NA Mahmoud Youssef (@0xmahmoudjo0) Bug Bounty2021-11-072023-06-13