Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1694Deleting account via support ticket IDOR Broken Access Control NA Bijan Murmu (@0xBijan) Bug Bounty2022-03-262023-06-13
1693Stealing cookies from subdomain leads to takeover user accounts at redacted.com Account takeover XSS NA Bijan Murmu (@0xBijan) Bug Bounty2022-03-272023-06-13
1692How I was able to rick roll every users on root-me.org XSS Root-Me Mizu (@kevin_mizu) Bug Bounty2022-03-272023-06-13
1690Ruby Deserialization - Gadget on Rails Insecure deserialization RCE Ruby on Rails HTTPVoid (@httpvoid0x2f) Bug Bounty2022-03-282023-06-13
1688ABC-Code Execution for Veeam Local Privilege Escalation Veeam Sina Kheirkhah (@SinSinology) Bug Bounty2022-03-292023-06-13
1687How I bypassed 403 forbidden domain using a simple trick 403 bypass NA Jan Muhammad Zaidi (@hasanakajan) Bug Bounty2022-03-292023-06-13
1685CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter Information disclosure VMware Yuval Lazar Bug Bounty2022-03-292023-06-13
1682CVE-2022-27643 - NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability Memory corruption RCE Netgear Relyze (@relyze) Bug Bounty2022-03-312023-06-13
1681Got Access To Dota 2 Admin Panel By Exploiting In-game Feature XSS Valve Abdillah Muhamad (@abdilahrf) Bug Bounty2022-03-312023-06-13
1678A Large-scale and Longitudinal Measurement Study of DKIM Deployment Email spoofing Phishing Google Mailchimp Sendgrid Salesforce Chuhan Wang Bug Bounty2022-04-012023-06-13
1676Small bugs are more dangerous than you think Self-XSS Stored XSS Open redirect CSRF NA Liv Matan (@terminatorLM) Bug Bounty2022-04-012023-06-13
1674Write Up – Finapi (Open Banking API) Oauth Credentials Exposed In Plain Text In Android App Hardcoded credentials Android NA Omar Espino (@omespino) Bug Bounty2022-04-012023-06-13
1673Design Flaw : A Tale of Permanent DOS (Informative -> Triaged) DoS NA Akash Hamal (@AkashHamal0x01) Bug Bounty2022-04-022023-06-13
1668Exploiting a double-edged SSRF for server and client-side impact SSRF NA Yassine Aboukir (@Yassineaboukir) Bug Bounty2022-04-032023-06-13
1666Cloud SSRF Exploitation SSRF NA Dan Barros Bug Bounty2022-04-042023-06-13
1665Hacked Nokia With Reflected Cross-site Scripting Vulnerability…. Reflected XSS Nokia Amit Kumar (@Amitlt2) Bug Bounty2022-04-042023-06-13
1664MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639 Local Privilege Escalation Apple Mickey Jin (@patch1t) Bug Bounty2022-04-042023-06-13
1663NoSQL Injection in Plain Sight NoSQL injection NA Kuldeep Pandya (@kuldeepdotexe) Bug Bounty2022-04-042023-06-13
1661CVE-2021-38159: MOVEit Transfer SQL Injection Analysis SQL injection Palantir Public Tuan Anh Nguyen (@haxor31337) Bug Bounty2022-04-052023-06-13
1659How I hacked one of the biggest airlines group of the world IDOR Account takeover NA Tarek Bouali (@iambouali) Bug Bounty2022-04-052023-06-13
1655CVE-2021-4119: [Bookstack] Email harvesting via SQL "LIKE" clause exploitation Broken Access Control SQL injection Bookstack Haxatron (@Haxatron1) Bug Bounty2022-04-052023-06-13
1654The Bug That Kept On Giving :: PaymentBypass :: Eposed Return Url Payment bypass Logic flaw NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2022-04-052023-06-13
1652Watch out the links : Account takeover! Account takeover NA Akash Hamal (@AkashHamal0x01) Bug Bounty2022-04-062023-06-13
1651SSRF and Account Takeover via XSS in ERPNext (0-day) SSRF XSS Account takeover ERPNext huli (@aszx87410) Bug Bounty2022-04-062023-06-13
1650How i got access to 1600k Users PII Data $$$$ Information disclosure NA Gokul AP (@CodingGokul) Bug Bounty2022-04-062023-06-13