Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1947How i was able to bypass a Pin code Protection Authorization flaw NA Kerolos sameh (@xko2xx) Bug Bounty2022-01-032023-06-13
1946IDOR leads to leak Private Details IDOR NA annonymous Bug Bounty2022-01-032023-06-13
1945P5 to P1: Interesting Account Takeover Account takeover Session expiration issue Password reset NA Tushar Sharma (@tusharSharma_0) Bug Bounty2022-01-032023-06-13
1942SQL Injection - The File Upload Playground Unrestricted file upload SQL injection NA Jerry Shah (@Jerry) Bug Bounty2022-01-042023-06-13
1941thisclosed_#1 - Full Account Takeover of ANY user via Insecure Direct Object Reference (IDOR) on reset password functionality IDOR Password reset Account takeover NA Samuele Gugliotta (@indevi0us) Bug Bounty2022-01-042023-06-13
1940Breaking Parser Logic: Gain Access To NGINX Plus API — Read/Write Upstreams. Path traversal NA zoid (@z0idsec) Bug Bounty2022-01-052023-06-13
1936Exploiting Redash instances with CVE-2021-41192 Privilege escalation Session management issue SSRF NA Ian Carroll (@iangcarroll) Bug Bounty2022-01-062023-06-13
1934A Tale Of 5250$: How I Accessed Millions Of User’s Data Including Their National ID’s AWS misconfiguration Information disclosure NA Sam (@__Sam0_0) Bug Bounty2022-01-072023-06-13
19332FA bypass by reading the documentation MFA bypass NA tomorrowisnew (@tomorrowisnew_) Bug Bounty2022-01-092023-06-13
1932Host Header Injection Lead To Account Takeovers Host header injection Password reset Account takeover NA M7.Arman (@ArmanSecurity) Bug Bounty2022-01-092023-06-13
1931How did I find Log4j vulnerability via Static Code Analysis and receive €€€ bounty? Log4shell RCE NA Pranav Gajjar (@Pranav_Gajjar_) Bug Bounty2022-01-102023-06-13
1929Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle%27s Shibboleth Session hijacking Session management issue Account takeover RCE Moodle Johannes Moritz Bug Bounty2022-01-102023-06-13
1928Cross-Origin Resource Sharing (CORS) Misconfiguration leads to User’s PII leaks. CORS misconfiguration NA Tarikul Islam (@sa1tama0) Bug Bounty2022-01-102023-06-13
1927Exploiting URL Parsers: The Good, Bad, And Inconsistent URL parsing issue NA Noam Moshe Bug Bounty2022-01-102023-06-13
1926Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more RCE Microsoft Gabriel Sztejnworcel (@sztejnworcel) Bug Bounty2022-01-112023-06-13
1924Pwning the portal: from database dump to session hijacking SQL injection XSS CSRF NA Bitcrack (@bitcrack_cyber) Bug Bounty2022-01-122023-06-13
1923C.S.T.I Lead To Account Takeover $$$ CSTI Account takeover NA M7.Arman (@ArmanSecurity) Bug Bounty2022-01-132023-06-13
1922Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969) Insecure deserialization Microsoft Florian Hauser (@frycos) Bug Bounty2022-01-132023-06-13
1920XSS Filter Evasion + IDOR XSS IDOR NA JM Sanchez / 0xEchidonut (@jmrcsnchz) Bug Bounty2022-01-132023-06-13
1918RCE In Adobe Acrobat Reader For Android(CVE-2021-40724) RCE Path traversal Android Google Adobe sunny (@hulkvision) Bug Bounty2022-01-142023-06-13
1917120 Days of High Frequency Hunting SSRF LFI Information disclosure Broken Access Control Authentication bypass XSS SQL injection NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-01-152023-06-13
1916Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) SQL injection Broken Access Control Moodle 0xkasper (@0xkasper) Bug Bounty2022-01-152023-06-13
1915XXE in SAML SSO Writeup - Bug Bounty XXE NA Aditya Singh / rook1337 (@imrook1337) Bug Bounty2022-01-162023-06-13
1914How i found “Broken Access Control Through out-of-sync setup” and got $1000 Broken Access Control Authorization flaw NA Mr Robert | Ahmed M Hassan (@Mr_Robert20) Bug Bounty2022-01-162023-06-13
1913Critical XSS in chrome extension XSS postMessage NA p3rr0 (@Hperalta89) Bug Bounty2022-01-172023-06-13