Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1875XSS via X-Forwarded-Host header XSS Host header injection Omise Abhijeet Biswas (@abhijeetbiswas_) Bug Bounty2022-01-302023-06-13
1874Access Control Violation – Wiki Page Creation Authorization flaw NA Nick Berrie (@machevalia) Bug Bounty2022-01-302023-06-13
1873Stored Cross-Site Scripting in MediaWiki Stored XSS NA Nick Berrie (@machevalia) Bug Bounty2022-01-282023-06-13
1872Remote Code Execution in .tgz File Upload RCE Unrestricted file upload NA Nick Berrie (@machevalia) Bug Bounty2022-01-302023-06-13
1871Missing rate-limiting. How I was able to add any unowned phone number to my Facebook account? (Bounty: 5000 USD) OTP bruteforce Lack of rate limiting Meta / Facebook Shubham Bhamare (@theshubh77) Bug Bounty2022-01-312023-06-13
1868How I approached Dependency Confusion! Dependency confusion NA Aditya Soni (@hetroublemakr) Bug Bounty2022-02-012023-06-13
1865CVE-2021-44142: Details On A Samba Code Execution Bug Demonstrated At Pwn2Own Austin Memory corruption RCE NA Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) Bug Bounty2022-02-012023-06-13
1864IDOR vulnerability on invoice and weak password reset leads to account take over IDOR Password reset Account takeover Payment tampering Logic flaw NA Damaidec Bug Bounty2022-02-012023-06-13
1863No Rate Limiting on OTP sending Bruteforce Lack of rate limiting NA nOOb_mAsTeR Bug Bounty2022-02-022023-06-13
1861A misconfigured Apache Airflow to AWS Account Compromise Outdated component with a known vulnerability Privilege escalation Information disclosure NA Avinash Jain (@logicbomb_1) Bug Bounty2022-02-022023-06-13
1860My first bounty, IDOR + Self XSS [€3000] Self-XSS IDOR Intigriti Ladecruze (@ladecruze) Bug Bounty2022-02-022023-06-13
1857A technique to semi-automatically find vulnerabilities in WordPress plugins XSS SQL injection Open redirect CSRF NA kazet (@kazet1234) Bug Bounty2022-02-032023-06-13
1854Solving DOM XSS Puzzles DOM XSS NA Eugene Lim (@spaceraccoonsec) Bug Bounty2022-02-032023-06-13
1853Write Up – Private Bug Bounty: RCE In EC2 Instance Via SSH With Private Key Exposed On Public Github Repository – $xx,000 USD Information disclosure NA Omar Espino (@omespino) Bug Bounty2022-02-032023-06-13
1851How I bypassed PHP functions to read sensitive files on server Components with known vulnerabilities RCE NA Kailash (@corrupted_brain) Bug Bounty2022-02-042023-06-13
1850What Bypassing Razer%27s DOM-based XSS Patch Can Teach Us DOM XSS Razer EdOverflow (@EdOverflow) Bug Bounty2022-02-052023-06-13
1848How I found a critical P1 bug in 5 minutes using a cellphone — Bug Bounty SQL injection NA Mr Empy (@mr_empy) Bug Bounty2022-02-062023-06-13
1844How can I access the members-only video comment? | YouTube ($5,000) Broken Access Control Google R ando (@Rando02355205) Bug Bounty2022-02-072023-06-13
1841Full Account takeover (ATO) — a tale of two bugs 🐛 IDOR Account takeover NA Kwadwo Amoako Bug Bounty2022-02-082023-06-13
1840SQL Injection, Reflected XSS and Information Disclosure in one subdomain in just 10 minutes SQL injection XSS Information disclosure NA Mahmoud Hamed (@7odamo_) Bug Bounty2022-02-082023-06-13
1839CVE-2022-21703: cross-origin request forgery against Grafana CSRF SSRF Grafana Labs Julien Cretel (@jub0bs) Bug Bounty2022-02-082023-06-13
1837SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022-21999) Local Privilege Escalation Microsoft Olivier Lyak (@ly4k_) Bug Bounty2022-02-082023-06-13
1836WordPress < 5.8.3 - Object Injection Vulnerability Object injection RCE WordPress Simon Scannell (@scannell_simon) Bug Bounty2022-02-082023-06-13
1833ICMAD SAP Vulnerabilities (CVE-2022-22536, CVE-2022-22532 & CVE-2022-22533) HTTP request smuggling Memory leak DoS Memory corruption SAP SAP Product Security Response team Bug Bounty2022-02-082023-06-13
1827QRCDR ZeroDay Path Traversal Vulnerability Path traversal NA Farhad Karimi (@n0lsec) Bug Bounty2022-02-112023-06-13