Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1593Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) SSRF VMware Keiran Sampson (@hpy_downunder) Bug Bounty2022-04-272023-06-13
15922FA Secret value disclosure leads to 2FA Bypass - Bug Bounty Writeup MFA bypass Information disclosure NA Aditya Singh / rook1337 (@imrook1337) Bug Bounty2022-04-282023-06-13
1591Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL Cross-tenant vulnerability Privilege escalation Authentication bypass Cloud Microsoft Shir Tamari (@shirtamari) Bug Bounty2022-04-282023-06-13
1589Exploitation of an SSRF vulnerability against EC2 IMDSv2 SSRF NA Yassine Aboukir (@Yassineaboukir) Bug Bounty2022-04-282023-06-13
1588Sensitive Data Exfiltration through XSS ($450) Token leak NA Zulfi Al-Farizi Bug Bounty2022-04-302023-06-13
1585Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks Privilege escalation CI/CD NA Noam Dotan Bug Bounty2022-05-022023-06-13
1584How I got a lousyT-Shirt from the Dutch Government. Old components with known vulnerabilities Dutch Government Mava (@mava656) Bug Bounty2022-05-032023-06-13
1583CVE-2022-25262 | JetBrains Hub single-click SAML response takeover Authorization flaw SAML OAuth JetBrains Yurii Sanin (@SaninYurii) Bug Bounty2022-05-032023-06-13
1582Hacking a Bank by Finding a 0day in DotCMS Directory traversal Unrestricted file upload RCE NA Shubham Shah (@infosec_au) Bug Bounty2022-05-032023-06-13
1579Business Logic Errors - Art of Testing Cards Payment bypass Logic flaw NA Jerry Shah (@Jerry) Bug Bounty2022-05-042023-06-13
1577Samsung Flow - Any App Can Read The External Storage Android Insecure intent Samsung Ken Gannon (@Yogehi) Bug Bounty2022-05-042023-06-13
1576Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store Android Insecure intent Samsung Ken Gannon (@Yogehi) Bug Bounty2022-05-042023-06-13
1575Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) XSS CSRF Account takeover NA Zulfi Al-Farizi Bug Bounty2022-05-062023-06-13
1574CVE-2022-0540 - Authentication bypass in Seraph Authentication bypass NA Khoa Dinh (@_l0gg) Bug Bounty2022-05-062023-06-13
1573How We hacked (bypassed) Admin Panel just by JS file Information disclosure NA Zhenwar Hawlery (@zhenwarx) Bug Bounty2022-05-062023-06-13
1572Advanced sqlmap Case Study SQL injection NA Peter M (@h1pmnh) Bug Bounty2022-05-062023-06-13
1570The $16,000 Dev Mistake Information disclosure NA Daniel Marte (@Masonhck3571) Bug Bounty2022-05-072023-06-13
1569Its all about 2fa bypass, or Account Takeover Password reset Account takeover OTP bypass NA anjaneyulu kanakatla Bug Bounty2022-05-082023-06-13
1568P1 Bug — PII information disclosure Information disclosure IDOR NA Huntersherlock Bug Bounty2022-05-082023-06-13
1567How I Paid For My Holiday With Bug Bounty XSS Broken Access Control IDOR Unrestricted file upload NA Tobydavenn Bug Bounty2022-05-082023-06-13
1566Can analyzing javascript files lead to remote code execution? Unrestricted file upload RCE NA Asem Eleraky (@melotover) Bug Bounty2022-05-082023-06-13
1565Account verification code bypass lead to a $4000 bounty OTP bypass NA Mohsin Khan (@tabaahi_) Bug Bounty2022-05-082023-06-13
1564RCE via Dependency Confusion Dependency confusion NA Samrat Gupta (@Sm4rty_) Bug Bounty2022-05-102023-06-13
1563ResolveURI RXSS Imperva Waf Bypass XSS NA Ahsan Shahid (@hunter0x8) Bug Bounty2022-05-102023-06-13
1562The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… CSS injection Clickjacking Account takeover XSS Cookie bomb Self-XSS CSRF NA Renwa (@RenwaX23) Bug Bounty2022-05-102023-06-13