Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3471Multiple flaws leads to Account Takeover within an Application Account takeover Password reset NA Harshit Sengar (@sengarharshit1) Bug Bounty2020-05-182023-06-13
3470CVE-2020–1088 — Yet another arbitrary delete EoP Local Privilege Escalation Windows Microsoft Søren Fritzbøger (@fritzboger) Bug Bounty2020-05-182023-06-13
3468Teradici and CVE-2020-10965: An issue of routing. Missing authentication Teradici Benjamin Heald (@heald_ben) Bug Bounty2020-05-182023-06-13
3467How I got 200$ in 5 minutes – Sensitive data leak Information disclosure NA Sanjay Verdu (@codersanjay) Bug Bounty2020-05-192023-06-13
3466Easy bounties with subdomain discovery - Using Project Sonar for bug bounty Broken access control Authorization flaw Bpost Torben Capiau (@TorbenCapiau) Bug Bounty2020-05-202023-06-13
3465Become member of close & public group Authorization flaw Logic flaw Meta / Facebook abdellah yaala (@yaalaab) Bug Bounty2020-05-202023-06-13
3463Bypassing Message Request inbox Authorization flaw Logic flaw Meta / Facebook abdellah yaala (@yaalaab) Bug Bounty2020-05-212023-06-13
3462RCE in Google Cloud Deployment Manager SSRF RCE Google Ezequiel Pereira (@epereiralopez) Bug Bounty2020-05-212023-06-13
3461Parsing the DOM elements of Other pages via XSS: A Bug Bounty Story XSS Information disclosure NA Mandeep Jadon (@1337tr0lls) Bug Bounty2020-05-222023-06-13
3460My First Bug Bounty — 2 Factor Authentication Bypass OTP bypass NA Talatmehmood Bug Bounty2020-05-222023-06-13
3459How Source code reading helped me find an IDOR IDOR Information disclosure NA Sanjay Verdu (@codersanjay) Bug Bounty2020-05-222023-06-13
3458Story About OTP Bypass To Stored XSS OTP bypass Stored XSS NA PJ Borah (@PJBorah1) Bug Bounty2020-05-232023-06-13
3457How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber HTTP request splitting SSRF CRLF injection RCE Uber Andrey Abakumov (@andrewaeva) Bug Bounty2020-05-252023-06-13
3456Chaining an IDOR with a business-logic error to achieve critical impact IDOR Logic flaw NA Julien Cretel (@jub0bs) Bug Bounty2020-05-262023-06-13
3455Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client XXE Reflected XSS Uber Niv Levy (@restr1ct3d) Bug Bounty2020-05-272023-06-13
3453Stored XSS in Yahoo mail IOS app($3500) Stored XSS Yahoo! / Verizon Media kminthein / weev3 (@kyawminthein99) Bug Bounty2020-05-282023-06-13
3452Stored XSS in Microsoft outlook Stored XSS Microsoft kminthein / weev3 (@kyawminthein99) Bug Bounty2020-05-282023-06-13
3451iOS Outlook Stored XSS Write-Up($3000) XSS Microsoft kminthein / weev3 (@kyawminthein99) Bug Bounty2020-05-282023-06-13
3450Clickjacking to Account Takeover Clickjacking NA Abhishek Yadav (@abhishake100) Bug Bounty2020-05-282023-06-13
3449A Long Overdue Write-up: How I got into the Oppo Hall of Fame Login screen bypass Authentication bypass oppo Shibin B. Shaji (@shibinbshaji06) Bug Bounty2020-05-282023-06-13
3448How I was able to see Private Video Uploader Via Facebook Rights Manager.[Responsible Disclosure] Information disclosure Meta / Facebook Kishore TK (@kishoretk_off) Bug Bounty2020-05-282023-06-13
3447Bypassing WAF to perform XSS XSS NA Kleiton Kurti (@kleiton0x7e) Bug Bounty2020-05-282023-06-13
3446XSS Stored On Messages In [ Outlook Web — Outlook Android App ] Stored XSS Microsoft ElMahdi Mrhassel (@ElMrhassel) Bug Bounty2020-05-282023-06-13
3445Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code Information disclosure Apple Andy Grant Bug Bounty2020-05-282023-06-13
3444IDOR in session cookie leading to Mass Account Takeover IDOR Account takeover NA Zonduhackerone (@zonduu1) Bug Bounty2020-05-292023-06-13