Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1783Bypassing default visibility for newly-added email in Facebook(Part I - Submitting I.D) Logic flaw Meta / Facebook Kent Jarold Abulag (@wkemenhehehegsg) Bug Bounty2022-02-252023-06-13
1782A Weird Price Tampering Vulnerability Payment tampering Logic flaw NA vFlexo (@vflexo) Bug Bounty2022-02-252023-06-13
1780SSRF & LFI In Uploads Feature SSRF LFI HTML injection NA Raymond Lind Bug Bounty2022-02-262023-06-13
1779CVE-2022-22947: SpEL Casting And Evil Beans RCE Java Beans NA Wyatt Dahlenburg (@wdahlenb) Bug Bounty2022-02-262023-06-13
1778Hacking Subscription Plans for free service. Payment bypass OTP bypass NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2022-02-272023-06-13
1775HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations HTTP request smuggling DoS Semantic gap attacks NA Kaiwen Shen (@m0xiaoxi) Bug Bounty2022-03-012023-06-13
1774Password Reset to Admin Access Account takeover Authentication bypass Password reset NA Jesse Clark (@Hogarth45_) Bug Bounty2022-03-012023-06-13
1772[ Directory Traversal attack ] How did I find it using GitHub Information disclosure Path traversal NA Fenrir (@leetibrahim) Bug Bounty2022-03-022023-06-13
1771webOS Revisited - Even More Mistaken Identities Local Privilege Escalation Browser hacking LG Andreas Lindh (@addelindh) Bug Bounty2022-03-022023-06-13
1770CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO Stored XSS Account takeover Apache Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-03-022023-06-13
1766CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED) Username enumeration GraphQL GitLab Jacob Baines (@junior_baines) Bug Bounty2022-03-032023-06-13
1764How I Hacked A Crypto Company And Could Steal 1 Million Dollars Worth of Bitcoin Path traversal NA zoid (@z0idsec) Bug Bounty2022-03-052023-06-13
1762Some critical vulnerabilities found with passive analysis on bug bounty programs explained Information disclosure Logic flaw NA Daniel V. (@d4niel_v) Bug Bounty2022-03-072023-06-13
1761The Bad Twin: a peculiar case of JWT exploitation scenario Account takeover NA Sandh0t (@sandh0t) Bug Bounty2022-03-072023-06-13
1760AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service Cross-tenant vulnerability Account takeover Microsoft Yanir Tsarimi (@Yanir_) Bug Bounty2022-03-072023-06-13
1759Circumventing Browser Security Mechanisms For SSRF SSRF XSS NA HTTPVoid (@httpvoid0x2f) Bug Bounty2022-03-082023-06-13
1758How I managed to make a DDoS attack by exploiting a company’s service — Bug Bounty DoS NA Mr Empy (@mr_empy) Bug Bounty2022-03-082023-06-13
1755Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis) RCE Oracle Nguyễn Tiến Giang (@testanull) Bug Bounty2022-03-092023-06-13
1754SSD Advisory – NETGEAR DGND3700v2 PreAuth Root Access Authentication bypass OS command injection RCE Netgear - Bug Bounty2022-03-092023-06-13
1747CVE-2022-24696 – Glance By Mirametrix Privilege Escalation Local Privilege Escalation Lenovo Oddvar Moe (@Oddvarmoe) Bug Bounty2022-03-112023-06-13
1746How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control) Broken Access Control NA can1337 (@canmustdie) Bug Bounty2022-03-112023-06-13
1744I can see the dislikes count even though is hidden by YouTube | YouTube ($500) Broken Access Control IDOR NA R ando (@Rando02355205) Bug Bounty2022-03-122023-06-13
1743XSS through base64 encoded JSON XSS NA Aman Pareek (@aman_notsogreat) Bug Bounty2022-03-122023-06-13
1742A Tale of Open Redirection to Stored XSS Stored XSS Open redirect NA Tushar Sharma (@tusharSharma_0) Bug Bounty2022-03-122023-06-13
1741Open Redirect via Sendgrid Email Misconfiguration Open redirect NA Rifqi Hilmy Zhafrant Bug Bounty2022-03-132023-06-13