Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1740How I bypassed disable_functions in php to get a remote shell RCE NA Asem Eleraky (@melotover) Bug Bounty2022-03-132023-06-13
1735Achieving Remote Code Execution via Unrestricted File Upload Unrestricted file upload RCE NA Haroon Hameed (@HaroonHameed40) Bug Bounty2022-03-142023-06-13
1734From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password” WAF bypass Weak credentials NA YoKo Kho (@YokoAcc) Bug Bounty2022-03-142023-06-13
1732My First Bug on VDP & BBP - Bug Bounty Stored XSS NA Aditya Singh / rook1337 (@imrook1337) Bug Bounty2022-03-152023-06-13
1731CVE-2020-24427: Adobe Reader CJK Codecs Memory Disclosure Vulnerability Memory disclosure Adobe Haboob Research Team (@HaboobSa) Bug Bounty2022-03-152023-06-13
1730CVE-2022-22616: Simple way to bypass GateKeeper, hidden for years Local Privilege Escalation GateKeeper bypass MacOS Apple Mickey Jin (@patch1t) Bug Bounty2022-03-152023-06-13
1729How I managed to trigger XSS automatically to get critical account takeover Stored XSS NA c4rrilat0r (@c4rrilat0r) Bug Bounty2022-03-152023-06-13
1728Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) Arbitrary file write Apple Richard Warren (@buffaloverflow) Bug Bounty2022-03-152023-06-13
1725How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? XSS NA akshal(tojojo) Bug Bounty2022-03-162023-06-13
1723From XSS to RCE (dompdf 0day) XSS RCE NA Positive Security (@positive_sec) Bug Bounty2022-03-162023-06-13
1722Parameter Pollution - Zero Day HTTP parameter pollution Discourse Jerry Shah (@Jerry) Bug Bounty2022-03-172023-06-13
1721My First Blind SQL Injection SQL injection NA T VAMSHI Bug Bounty2022-03-172023-06-13
1718Bypass confirmation to add payment method. Email verification bypass Logic flaw NA Yaj Desu Bug Bounty2022-03-182023-06-13
1717For the first Bounty, it takes a few challenging months, but only a few days for the second. Old components with known vulnerabilities NA Aneesha D (@interc3pt3r) Bug Bounty2022-03-182023-06-13
1713CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera Browser hacking Google Microsoft Opera Maciej Pulikowski (@pulik_io) Bug Bounty2022-03-192023-06-13
1712Bug Bounty catches part -1 Authentication bypass Information disclosure Broken Access Control NA Bijan Murmu (@0xBijan) Bug Bounty2022-03-202023-06-13
1710($$$) Broken Authentication and IDOR at [REDACTED] IDOR NA Rizaldi Wahaz (@wah_haz) Bug Bounty2022-03-212023-06-13
1707Google Maps API Key Unauthorized Use Case Information disclosure NA Dan Barros Bug Bounty2022-03-222023-06-13
1705Basic recon to RCE II RCE NA Joshua Martinelle (@J0_mart) Bug Bounty2022-03-222023-06-13
1704Authentication bypass using root array Authentication bypass Information disclosure NA Eslam Akl (@eslam3kll) Bug Bounty2022-03-222023-06-13
1703When Equal is Not, Another WebView Takeover Story Android NA Dimitrios Valsamaras (@Ch0pin) Bug Bounty2022-03-222023-06-13
1701Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121) RCE Western Digital Alex Plaskett (@alexjplaskett) Bug Bounty2022-03-232023-06-13
1698Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044) XSS Arbitrary file read Authentication bypass OS command injection RCE Netgear stypr (@stereotype32) Bug Bounty2022-03-252023-06-13
1696Bug Bounty Adventures: A NodeBB 0-day CSRF Account takeover SSO Authentication flaw Opera Marouane Mouhtadi (@Mar0_0uane) Bug Bounty2022-03-252023-06-13
1695Broken Access Control - IDOR IDOR NA Nick Berrie (@machevalia) Bug Bounty2022-03-252023-06-13