Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2054ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717) DoS ModSecurity theMiddle (@AndreaTheMiddle) Bug Bounty2021-11-242023-06-13
2051Unauthenticated Sensitive Information Disclosure at [REDACTED] Old components with known vulnerabilities Information disclosure NA Rizaldi Wahaz (@wah_haz) Bug Bounty2021-11-252023-06-13
2049RocketChat - Monitor User Messages Authorization flaw Rocket.Chat Rojan Rijal (@uraniumhacker) Bug Bounty2021-11-252023-06-13
2048WordPress Plugin Confusion: How an update can get you pwned Supply chain attack WordPress plugin confusion WordPress theme confusion NA Kamil Vavra (@vavkamil) Bug Bounty2021-11-252023-06-13
2046How I got my first bounty on financial sector gateway site by using Previous GraphQL vulnerabilities. Information disclosure GraphQL NA Night Hawk Bug Bounty2021-11-262023-06-13
2045SEC-596 Reflected XSS cPanel sh1yo (@sh1yo_) Bug Bounty2021-11-292023-06-13
2044[socket.io] Cross-Site Websockets Hijacking Cross-Site Websocket Hijacking (CSWH) Node.js third-party modules sh1yo (@sh1yo_) Bug Bounty2021-11-292023-06-13
2043Price Manipulation Bypass Using Integer Overflow Method Payment tampering Memory corruption NA Marx Chryz Bug Bounty2021-11-292023-06-13
2040NodeBB 1.18.4 - Remote Code Execution With One Shot RCE XSS Authentication bypass Arbitrary file read NodeBB Sonar (@SonarSource) Bug Bounty2021-11-302023-06-13
2037HTTP Header Injection In Citrix ADC And Citrix Gateway (CVE-2020-8300, CVE-2021-22927) Host header injection XSS Citrix Systems Wolfgang Ettlinger Bug Bounty2021-11-302023-06-13
2030AWS SageMaker Jupyter Notebook Instance Takeover Self-XSS CSRF RCE AWS Gafnit Amiga (@gafnitav) Bug Bounty2021-12-022023-06-13
2029Bypassing Box’s Time-based One-Time Password MFA OTP bypass MFA bypass Box Tal Peleg Bug Bounty2021-12-022023-06-13
2026How I accessed the Sensitive document which I had already deleted Privacy issue NA Pawan Chhabria (@heybenchmarkkk) Bug Bounty2021-12-042023-06-13
2024How I managed to hack User accounts of a billion-dollar sport platform OTP bypass Bruteforce Lack of rate limiting NA Vishnuraj Bug Bounty2021-12-042023-06-13
2021SSRF vulnerability in AppSheet - Google VRP SSRF Google David Nechuta (@david_nechuta) Bug Bounty2021-12-052023-06-13
2019Hacking into Admin Panel of U.S Federal government system C.A.R.S — without credentials. Client-side enforcement of server-side security Privilege escalation U.S. General Services Administration Hazem Brini (@ImJungsuu) Bug Bounty2021-12-072023-06-13
2014Another Admin panel HTTP response manipulation Authentication bypass NA Rizwan_siddiqui (@Rizwan_SiDdiqu1) Bug Bounty2021-12-082023-06-13
2013CVE-2021-43798 - Path Traversal Vulnerability In Grafana Path traversal Grafana Labs Jordy Versmissen / J0VSEC (@j0v0x0) Bug Bounty2021-12-082023-06-13
2012Account Takeover via Stored XSS Account takeover Stored XSS NA Demon (@R29k_) Bug Bounty2021-12-092023-06-13
2011From Finding AWS S3 Bucket to Sensitive Data Exposure AWS misconfiguration NA Demon (@R29k_) Bug Bounty2021-12-092023-06-13
2010Exploiting S3 bucket with path folder to Access PII info of A BANK AWS misconfiguration Information disclosure NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-12-092023-06-13
2009File Upload to RCE Unrestricted file upload NA Ahmed Magdy (@8Ahmed88Magdy8) Bug Bounty2021-12-092023-06-13
2003Open Redirection - QR Code Magic Open redirect NA Jerry Shah (@Jerry) Bug Bounty2021-12-112023-06-13
2002A story about a not-so-direct SSRF SSRF NA Preetham Bomma (@cyber01_) Bug Bounty2021-12-122023-06-13
2001SVG based Stored XSS Stored XSS NA xaonan44 Bug Bounty2021-12-122023-06-13