Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2095Bypass Chrome Ad-Heavy detection mechanism Browser hacking Google (Chrome) 0x0021h (@0x0021h) Bug Bounty2021-11-092023-06-13
2093400$ Bounty again using Google Dorks Directory listing Information disclosure NA Haris M (@hrsm321) Bug Bounty2021-11-092023-06-13
2092Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond HTTP Header Smuggling HTTP Request Smuggling NA Daniel Thatcher (@_danielthatcher) Bug Bounty2021-11-102023-06-13
2091ChaosDB Explained: Azure%27s Cosmos DB Vulnerability Walkthrough Cross-tenant vulnerability Account takeover Privilege escalation Microsoft Nir Ohfeld (@nirohfeld) Bug Bounty2021-11-102023-06-13
2089Unrestricted File Upload Leads to SSRF and RCE ImageTragick Unrestricted file upload SSRF RCE NA Muhammad Adel (@ItsFadinG_) Bug Bounty2021-11-112023-06-13
2087Simple SSRF Allows Access To Internal Assets SSRF NA Sam Paredes (@caffeinevulns) Bug Bounty2021-11-112023-06-13
2085chaining improper authentication to idor and no rate limit for mass account takeover Account takeover Lack of rate limiting CSRF IDOR NA mohit (@mohit29295572) Bug Bounty2021-11-122023-06-13
2084How I got $200 in 30 Seconds. Information disclosure NA Yash__ HackZ (@HackzYash) Bug Bounty2021-11-122023-06-13
2083Privilege Escalation, worth of €300 Broken Access Control IDOR Privilege escalation NA Hemant Kumar Bug Bounty2021-11-122023-06-13
2082Never leave this tip while you hunting Broken Access Control Broken Access Control NA secureITmania (@secureitmania) Bug Bounty2021-11-132023-06-13
2079Broken Link Hijacking — 404 Google Play Store— xxx$ Bounty Broken link hijacking NA Proviesec (@proviesec) Bug Bounty2021-11-142023-06-13
2078How I Found P1 bug Due to Sensitive data exposure And Earn $$$$ Information disclosure NA Piyush shukla (@PiyushShukla__) Bug Bounty2021-11-152023-06-13
2076T-Reqs: HTTP Request Smuggling with Differential Fuzzing HTTP Request Smuggling NA Bahruz Jabiyev (@BahruzJabiyev) Bug Bounty2021-11-152023-06-13
2073Diving into Open-source LMS Codebases Insecure file upload Insecure deserialization RCE CSRF SQL injection Reflected XSS Moodle Chamilo LMS Poh Jia Hao (@Chocologicall) Bug Bounty2021-11-162023-06-13
2072Finding Zero-Day Vulnerabilities in the Supply Chain CSTI Signature bypass Adaxes Roni Carta (@0xLupin) Bug Bounty2021-11-162023-06-13
2071Keybase App Vulnerability: Incomplete Cleanup of Messages In Keybase for Android/iOS, CVE-2021-34421 Information disclosure Keybase Olivia O’Hara (@oliviaohara) Bug Bounty2021-11-172023-06-13
2070The tale of CVE-2021–34479 (VSCode XSS) XSS CSP bypass Microsoft Daniel Santos (@bananabr) Bug Bounty2021-11-172023-06-13
2068CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory Information disclosure Microsoft Karl Fosaaen (@kfosaaen) Bug Bounty2021-11-172023-06-13
2067URL whitelist bypass in https://cxl-services.appspot.com Privilege escalation URL validation bypass SSRF Google David Schütz (@xdavidhu) Bug Bounty2021-11-172023-06-13
2066A common defect in java system-Memory DoS (include CVE-2021-2344, CVE-2021-2371, CVE-2021-2376, CVE-2021-2378) DoS Oracle threedr3am (@threedr3am1) Bug Bounty2021-11-182023-06-13
2065A Story of an Epic Blind Remote Code Execution(RCE) RCE OS command injection NA Akash Solanki (@MAALP1225) Bug Bounty2021-11-182023-06-13
2063Exploiting OAuth: Journey to Account Takeover Account takeover OAuth XSS Weak CSP CSRF NA Aditya Dixit (@zombie007o) Bug Bounty2021-11-192023-06-13
2060Peeping through a Web-Socket Cross-Site Websocket Hijacking (CSWH) NA Aditya Verma (@0cirius0) Bug Bounty2021-11-212023-06-13
2059[BugBounty] XSS with Markdown — Exploit & Fix on OpenSource XSS NA Lê Thành Phúc Bug Bounty2021-11-222023-06-13
2057A business logic error bug worth 600$ Payment tampering NA Deep Patidar (@itsdeepceh) Bug Bounty2021-11-232023-06-13