Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1676Small bugs are more dangerous than you think Self-XSS Stored XSS Open redirect CSRF NA Liv Matan (@terminatorLM) Bug Bounty2022-04-012023-06-13
1575Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO) XSS CSRF Account takeover NA Zulfi Al-Farizi Bug Bounty2022-05-062023-06-13
1562The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… CSS injection Clickjacking Account takeover XSS Cookie bomb Self-XSS CSRF NA Renwa (@RenwaX23) Bug Bounty2022-05-102023-06-13
1549Stealing Google Drive OAuth tokens from Dropbox CSRF SSRF Account takeover Dropbox Sivanesh Ashok (@sivaneshashok) Bug Bounty2022-05-172023-06-13
15312FA Bypass on private bug bounty program due to CSRF token misconfiguration MFA bypass NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-05-222023-06-13
1499If It’s a Feature!!! Let’s Abuse It for $750 CSRF NA Shakti Mohanty (@3ncryptSaan) Bug Bounty2022-06-052023-06-13
1454CSRF leads to account takeover in Yahoo! CSRF Account takeover Yahoo! / Verizon Media Retr02332 (@Retr02332) Bug Bounty2022-06-162023-06-13
1400We Hacked Larksuite For 1 month and Here is what we found XSS IDOR Privilege escalation Broken Access Control CSRF 40x bypass Lark Technologies Snap Sec (@snap_sec) Bug Bounty2022-07-042023-06-13
1381How we have pwned Root-Me in 2022 XSS CSRF RCE SPIP SpawnZii (@SpawnZii) Bug Bounty2022-07-122023-06-13
1379How a Simple IDOR Led Me to Delete Any Account IDOR CSRF NA rajesh.r (@_rajesh_ranjan_) Bug Bounty2022-07-122023-06-13
1248My Experience on Hacking the Dutch Government XSS Open redirect CSRF Account takeover Dutch Government Jefferson Gonzales (@gonzxph) Bug Bounty2022-08-112023-06-13
1245IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit Authentication bypass Information disclosure CSRF RCE Local Privilege Escalation VMware Steven Seeley (@steventseeley) Bug Bounty2022-08-112023-06-13
1213CSRF leads to Account Takeover | Samsung CSRF Account takeover Samsung R ando (@Rando02355205) Bug Bounty2022-08-162023-06-13
1166CSRF Vulnerability In The NodeJS Ecosystem CSRF Node.js third-party modules (csurf) Adrian Tiron (@adrian__t) Bug Bounty2022-08-282023-06-13
1092Bug Bounty - Cross-site request forgery is a thing CSRF XSS NA Patrick Hener (@C1sc01) Bug Bounty2022-09-122023-06-13
1059Apollo Router Security Audit Report (Q2 2022) DoS CSRF Apollo GraphQL Norbert Szetei (@73696e65) Bug Bounty2022-09-202023-06-13
1010Zoneminder – Web App Testing – Oct 2022 DoS Log injection CSRF Stored XSS ZoneMinder Trenches of IT (@TrenchesofIT) Bug Bounty2022-09-302023-06-13
1005CSRF Attack — 0 click account delete - 1st write-up CSRF HTML injection NA Deepak (@bug_vs_me) Bug Bounty2022-10-032023-06-13
993Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to stored Self-XSS CSRF NA Ahmad A Abdulla (@lu3ky13) Bug Bounty2022-10-062023-06-13
949Facebook SMS Captcha Was Vulnerable to CSRF Attack CSRF Meta / Facebook Lokesh Kumar (@lokeshdlk77) Bug Bounty2022-10-172023-06-13
908Chaining multiple vulnerabilities for credential stealing CSRF Self-XSS XSS NA Bartłomiej Bergier (@_bergee_) Bug Bounty2022-10-252023-06-13
866CSRF Leads to Delete User Account CSRF NA Omarbakrey Bug Bounty2022-11-042023-06-13
854Compromising Plesk Via Its REST API CORS misconfiguration CSRF Plesk Adrian Tiron (@Adrian__T) Bug Bounty2022-11-082023-06-13
821CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures CSRF RCE RPM Spec Injection F5 Ron Bowes (@iagox86) Bug Bounty2022-11-162023-06-13
791CVE-2021-40662 Chamilo LMS 1.11.14 RCE Stored XSS CSRF RCE Chamilo LMS Febin Bug Bounty2021-11-232023-06-13