Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2148500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻 OTP bypass Account takeover Password reset NA Gowtham_Naidu (@NaiduPonnana) Bug Bounty2021-10-132023-06-13
2139A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection SQL injection WAF bypass AWS Marc Olivier Bergeron Bug Bounty2021-10-192023-06-13
2133Moodle - Stored XSS and blind SSRF possible via feedback answer text Stored XSS SSRF Moodle rekter0 (@rekter0) Bug Bounty2021-10-222023-06-13
2127How I was able to revoke your Instagram 2FA Bruteforce Rate limiting bypass Meta / Facebook Dhiyaneshwaran (@DhiyaneshDK) Bug Bounty2021-10-232023-06-13
2112How I was able to access a properly Configured S3 Bucket Leaked AWS keys Information disclosure NA Pawan Chhabria (@heybenchmarkkk) Bug Bounty2021-10-282023-06-13
2111One misconfiguration to rule them all Information disclosure Debug mode enabled NA Sushant Soni (@sushantsoni5392) Bug Bounty2021-10-292023-06-13
2110How I found Command Injection via Obsolete PHPThumb OS command injection RCE NA Sushant Kamble Bug Bounty2021-10-302023-06-13
2109This is how i was able to Permanently Crash all Mapillary users within minutes Application-level DoS Meta / Facebook Abhishek Pathak (@pathleax) Bug Bounty2021-10-312023-06-13
2088Write Up – Google VRP Bug Bounty: /etc/environment Local Variables Exfiltrated On Linux Google Earth Pro Desktop App – $1,337 USD XSS Google Omar Espino (@omespino) Bug Bounty2021-11-112023-06-13
2077DOS attack in Yahoo, How i was able to deny new users from service? DoS Yahoo! / Verizon Media Mostafa Mamdoh Bug Bounty2021-11-152023-06-13
2074DOS attack in Yahoo, How i was able to deny new users from service? DoS Logic flaw Yahoo! / Verizon Media Mostafa Mamdoh Bug Bounty2021-11-162023-06-13
2058GoSecure Investigates Abusing Windows Server Update Services (WSUS) to Enable NTLM Relaying Attacks Local Privilege Escalation Microsoft Romain Carnus Bug Bounty2021-11-222023-06-13
2023This is how i was able to See and Delete your Private Facebook Portal photos IDOR Meta / Facebook Abhishek Pathak (@pathleax) Bug Bounty2021-12-042023-06-13
2018How I was able to change Reddit acquired Dubsmash%27s music library sound tracks%27 titles IDOR Reddit Sandeep Hodkasia (@sandeephodkasia) Bug Bounty2021-12-072023-06-13
1987How I was able to reveal page admin of almost any page on Facebook IDOR Meta / Facebook Sudip Shah Bug Bounty2021-12-202023-06-13
1978How I was able to bypass WAF and find the origin IP and a few sensitive files WAF bypass NA Jan Muhammad Zaidi (@hasanakajan) Bug Bounty2021-12-222023-06-13
1960How I Am Able To Crash Anyone’s Mozilla Firefox Browser By Sending An Email DoS Mozilla Sam Bug Bounty2021-12-302023-06-13
1954Fixing the Unfixable: Story of a Google Cloud SSRF SSRF Google David Schütz (@xdavidhu) Bug Bounty2021-12-312023-06-13
1948Story of YouTube’s Unfixable Ads Bypass Logic flaw Google MrMax4o4 Bug Bounty2022-01-032023-06-13
1947How i was able to bypass a Pin code Protection Authorization flaw NA Kerolos sameh (@xko2xx) Bug Bounty2022-01-032023-06-13
1937How I was able to spoof any Instagram username on Instagram shop IDOR Meta / Facebook Nawaf Alkhaldi (@nvmeeet) Bug Bounty2022-01-062023-06-13
1900How I was able to find multiple vulnerabilities of a Symfony Web Framework web application Debug mode enabled Information disclosure NA Abid Ahmad (@RootIntrud3r) Bug Bounty2022-01-232023-06-13
1894How I was able to take over accounts in websites deal with Github as an SSO provider Bruteforce Lack of rate limiting SSO Email verification bypass Account takeover NA Khaled Mohamed Bug Bounty2022-01-252023-06-13
1871Missing rate-limiting. How I was able to add any unowned phone number to my Facebook account? (Bounty: 5000 USD) OTP bruteforce Lack of rate limiting Meta / Facebook Shubham Bhamare (@theshubh77) Bug Bounty2022-01-312023-06-13
1868How I approached Dependency Confusion! Dependency confusion NA Aditya Soni (@hetroublemakr) Bug Bounty2022-02-012023-06-13