Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2451A supply-chain breach: Taking over an Atlassian account XSS CSRF Atlassian Dikla Barda, Yaara Shriki Bug Bounty2021-06-242023-06-13
2415Part 2: Dive into Zoom Applications CSRF Account takeover Information disclosure Session expiration issue Authorization flaw Logic flaw Zoom Rakesh Thodupunoori (@rakesh_3895) Bug Bounty2021-07-132023-06-13
2380You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures Password reset Host header injection CSRF Account takeover NA Tommaso Innocenti (@innotommy) Bug Bounty2021-07-262023-06-13
2353how to be popular CSRF Type confusion OkCupid yan (@bcrypt) Bug Bounty2021-08-022023-06-13
2335Multiple Vulnerabilities In cPanel/WHM XXE Stored XSS Privilege escalation CSRF Cross-Site WebSocket Hijacking (CSWH) cPanel Adrian Tiron (@adrian__t) Bug Bounty2021-08-102023-06-13
2321Why u should use burp to test Path Traversal Vulnerability and also get RXSS Path traversal XSS CSRF Account takeover NA Yasser Mohammed (@boomneroli) Bug Bounty2021-08-162023-06-13
2310How I found my first Subdomain Takeover vulnerability Subdomain takeover CSRF NA Monish Basaniwal Bug Bounty2021-08-202023-06-13
2264chaining bugs from self XSS to account takeover Self-XSS WAF bypass CSRF Account takeover NA Behnam Yazdanpanah (@abhiunix) Bug Bounty2021-09-022023-06-13
22472 CSRF 1 IDOR on Google Marketing Platform IDOR CSRF Google apapedulimu / Nosa Shandy (@LocalHost31337) Bug Bounty2021-09-062023-06-13
2167CSRF to one tray Red-bull CSRF Redbull Mohammed Saneem Bug Bounty2021-10-062023-06-13
2145Exploitation of file’s download parameters to create potential risk of malware delivery: $200 bug! CSRF RCE NA Muhammad Aamir (@Muhammad__Aamir) Bug Bounty2021-10-172023-06-13
2138Exploiting Request forgery on Mobile Applications. CSRF Account takeover Android iOS Pinterest Sayed Abdelhafiz (@dPhoeniixx) Bug Bounty2021-10-192023-06-13
2085chaining improper authentication to idor and no rate limit for mass account takeover Account takeover Lack of rate limiting CSRF IDOR NA mohit (@mohit29295572) Bug Bounty2021-11-122023-06-13
2073Diving into Open-source LMS Codebases Insecure file upload Insecure deserialization RCE CSRF SQL injection Reflected XSS Moodle Chamilo LMS Poh Jia Hao (@Chocologicall) Bug Bounty2021-11-162023-06-13
2063Exploiting OAuth: Journey to Account Takeover Account takeover OAuth XSS Weak CSP CSRF NA Aditya Dixit (@zombie007o) Bug Bounty2021-11-192023-06-13
2030AWS SageMaker Jupyter Notebook Instance Takeover Self-XSS CSRF RCE AWS Gafnit Amiga (@gafnitav) Bug Bounty2021-12-022023-06-13
1963Story of a weird CSRF bug CSRF NA Sudhanshu Rajbhar (@sudhanshur705) Bug Bounty2021-12-292023-06-13
1955Bug Hunting Journey of 2021 Stored XSS Open redirect Token leak CSRF Logic flaw Information disclosure IDOR Account takeover NA Sudhanshu Rajbhar (@sudhanshur705) Bug Bounty2021-12-312023-06-13
1924Pwning the portal: from database dump to session hijacking SQL injection XSS CSRF NA Bitcrack (@bitcrack_cyber) Bug Bounty2022-01-122023-06-13
1911Stealing administrative JWT%27s through post auth SSRF (CVE-2021-22056) SSRF CSRF VMware Shubham Shah (@infosec_au) Bug Bounty2022-01-172023-06-13
1859Abusing Facebooks `Call To Action` To Launch Internal Deeplinks CSRF Android iOS Meta / Facebook Ashley King (@AshleyKingUK) Bug Bounty2022-02-022023-06-13
1857A technique to semi-automatically find vulnerabilities in WordPress plugins XSS SQL injection Open redirect CSRF NA kazet (@kazet1234) Bug Bounty2022-02-032023-06-13
1839CVE-2022-21703: cross-origin request forgery against Grafana CSRF SSRF Grafana Labs Julien Cretel (@jub0bs) Bug Bounty2022-02-082023-06-13
1794What an injection into jQuery-selector can lead to CSRF NA Anton Subbotin (@ska_vans) Bug Bounty2022-02-212023-06-13
1696Bug Bounty Adventures: A NodeBB 0-day CSRF Account takeover SSO Authentication flaw Opera Marouane Mouhtadi (@Mar0_0uane) Bug Bounty2022-03-252023-06-13