Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3283DNS Rebinding, The treacherous attack it can be DNS rebinding NA Vuk Ivanovic Bug Bounty2020-07-252023-06-13
3282A Simple IDOR which should not be missed on dating site ;) IDOR Information disclosure NA neelam Bug Bounty2020-07-262023-06-13
3281Obtained a bunch of sensitive data in just few steps — Hacking AWS misconfiguration Information disclosure NA Airlangga Visnhu Murthi Bug Bounty2020-07-262023-06-13
3280How I bypassed 2fa in a 3 years old private program! MFA bypass Bruteforce Lack of rate limiting NA Shivangx01b (@shivangx01b) Bug Bounty2020-07-262023-06-13
3279An unreproducable bug due to the load balancer, an unusual Open Redirect bug Open redirect NA tololovejoi (@tolo7010) Bug Bounty2020-07-272023-06-13
3278Exploiting popular macOS apps with a single “.terminal” file. MacOS File Quarantine bypass Internet Bug Bounty Slack Keybase Telegram Vladimir Metnew (@vladimir_metnew) Bug Bounty2020-07-272023-06-13
3277CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data MacOS Local Privilege Escalation Authorization flaw Apple Matt Shockley (@mattshockl) Bug Bounty2020-07-272023-06-13
3276CSRF + Open Redirect To Account Takeover CSRF Open redirect Account takeover NA R29k (@R29k_) Bug Bounty2020-07-282023-06-13
3275Bug HTML Injection On Tokopedia ! HTML injection Tokopedia jowi Bug Bounty2020-07-282023-06-13
3274Pre-Access to Victim’s Account via Facebook Signup OAuth Account takeover NA Akshansh Jaiswal (@Akshanshjaiswl) Bug Bounty2020-07-282023-06-13
3273Authentication Token Leads To IDOR Authentication bypass NA mohit (@mohit29295572) Bug Bounty2020-07-282023-06-13
3272Company’s zendesk subdomain lead to hidden access. Exposed registration page NA himanshu pdy (@himanshu_pdy) Bug Bounty2020-07-282023-06-13
3271Authorization bypass in Google’s ticketing system (Google-GUTS) Authorization flaw Google Zohar Shachar Bug Bounty2020-07-282023-06-13
3270FFUF and my first bounty Information disclosure NA Suryansh Mansharamani Bug Bounty2020-07-292023-06-13
3269XSS, RCE & HTML File Upload in same endpoint XSS RCE Unrestricted file upload NA Tarikul Islam (@sa1tama0) Bug Bounty2020-07-292023-06-13
3268The Noob Way Of Taking Over Accounts Authorization flaw Account takeover Homograph attack NA Mudassir Sharief Bug Bounty2020-07-292023-06-13
3267Zoom Security Exploit – Cracking private meeting passwords CSRF Lack of rate limiting Zoom Tom Anthony (@TomAnthonySEO) Bug Bounty2020-07-292023-06-13
3266One Click to Compromise -- Fun With ClickOnce Deployment Manifests NTLMv2 hash disclosure One-click execution of arbitrary .Net assemblies Windows Microsoft Dave Cossa (@G0ldenGunSec) Bug Bounty2020-07-302023-06-13
3265Exploiting Business Logic — Wallet Money Payment tampering Logic flaw NA Keshav Malik (@g0t_rOoT_) Bug Bounty2020-07-302023-06-13
3264Weird Behavior of Facebook Page FAQ Leading to Bounty from Facebook Logic flaw Meta / Facebook Ashok Chapagai (@ashokcpg) Bug Bounty2020-07-302023-06-13
3263New features means new bugs Logic flaw Authorization flaw Payment bypass NA Zseano (@zseano) Bug Bounty2020-07-302023-06-13
3262Using XAMPP and Burp Intruder when scanning for subdomains to look for interesting behaviour & code Information disclosure NA Zseano (@zseano) Bug Bounty2020-07-302023-06-13
3261Bypassing OTP via reset password OTP bypass NA Ahmed Cj (@0x0Cj) Bug Bounty2020-07-302023-06-13
3260Unauthd - Logic bugs FTW Logic flaw Apple Ilias Morad (@A2nkF_) Bug Bounty2020-07-312023-06-13
3259CVE-2020–9854: "Unauthd" - (three) logic bugs ftw! Local Privilege Escalation Logic flaw Apple Ilias Morad (@A2nkF_) Bug Bounty2020-08-012023-06-13