Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3362Bypassing file upload filter by source code review in Bolt CMS RCE Unrestricted file upload Path traversal Security code review Bolt CMS Sivanesh Ashok (@sivaneshashok) Bug Bounty2020-06-272023-06-13
3361An attempt to escalate a low-impact hidden input XSS XSS NA Ayush Ojha (@officialaimm) Bug Bounty2020-06-282023-06-13
3360How I was able to take over any account via the Password Reset Functionality. Password reset Account takeover NA Firas Fatnassi (@Fatnass1F1ras) Bug Bounty2020-06-282023-06-13
3359How I hacked a bank their application using it for hacking another bank company — 10K XSS XSS NA hg_real (@hgreal1) Bug Bounty2020-06-282023-06-13
3358Taking over Azure DevOps Accounts with 1 Click Subdomain takeover Account takeover Microsoft Sean Yeoh (@seanyeoh) Bug Bounty2020-06-282023-06-13
3357API Endpoint leads to Account Takeover In Android Application Exposed token generation endpoint Information disclosure NA Adesh Nandkishor kolte (@AdeshKolte) Bug Bounty2020-06-282023-06-13
3356Patched Zoom Exploit: Altering Camera Settings via Remote SQL Injection SQL injection Zoom Keegan Ryan (@inf_0_) Bug Bounty2020-06-292023-06-13
3355Using Inspect Element to Bypass Security restrictions | Bug Bounty POC Client-side enforcement of server-side security NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2020-06-302023-06-13
3354Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS Stored XSS Mail.ru kminthein / weev3 (@kyawminthein99) Bug Bounty2020-06-302023-06-13
3352Stored XSS with Password Recovery Page Stored XSS NA Lütfü Mert Ceylan (@lutfumertceylan) Bug Bounty2020-07-012023-06-13
3351ZombieVPN, Breaking That Internet Security RCE Insecure deserialization Bitdefender AnchorFree 0xSha (@0xsha) Bug Bounty2020-07-012023-06-13
3350Art of bug bounty: a way from JS file analysis to XSS XSS Verizon Media Tumblr Jakub Żoczek (@zoczus) Bug Bounty2020-07-012023-06-13
3349Blast from the past: Cross Site Scripting on the AWS Console DOM XSS Amazon Johann Rehberger (wunderwuzzi23) Bug Bounty2020-07-012023-06-13
3348Misconfigured S3 Bucket Access Controls to Critical Vulnerability AWS misconfiguration NA Harsh Bothra (@harshbothra_) Bug Bounty2020-07-022023-06-13
3347How I made $1500 dollars using base64 decoder :) Information disclosure NA Dilip (@dilip_spartn) Bug Bounty2020-07-022023-06-13
3346Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear Text SSRF Cafebazaar Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2020-07-022023-06-13
3344Price Tampering due to Improper checks on applying Coupon Payment tampering Logic flaw NA Vaibhav Joshi (@vj0shii) Bug Bounty2020-07-032023-06-13
3343How i got 200$ with an out of the box open redirect vulnerability Open redirect Token leak NA Tarek Galleze Bug Bounty2020-07-032023-06-13
3342Breaking Business Logic via Coupons — The Story of my 1st Valid Bug Bounty Payment tampering Logic flaw NA Dominic Ifediri (@Edi4all) Bug Bounty2020-07-032023-06-13
3341[Writeup][Bug Bounty][Tokopedia] Manipulate Other User’s Cart and Wishlist on Tokopedia [EN] IDOR Tokopedia Muhammad Thomas Fadhila Yahya (@fadhilthomas) Bug Bounty2020-07-032023-06-13
3340Bug bounty write-up: From SSRF to $4000 SSRF RCE NA thehackerish (@thehackerish) Bug Bounty2020-07-032023-06-13
3339CSRF Attack!!! CSRF NA Bala Praneeth (@Begin_hunt) Bug Bounty2020-07-042023-06-13
3338EN | Account Takeover and Sensitive Data Leakage via CORS Misconfiguration CORS misconfiguration CSRF Account takeover NA Lütfü Mert Ceylan (@lutfumertceylan) Bug Bounty2020-07-042023-06-13
3337How I got hall of fame in Microsoft XSS Microsoft Akash basnet (@noneofyou007) Bug Bounty2020-07-042023-06-13
3336BBC Bug Bounty Write-up | XSS Vulnerability Reflected XSS BBC Pethuraj (@Pethuraj) Bug Bounty2020-07-052023-06-13