Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3206From SQL Injection to Hall Of Fame SQL injection NA Jadek Mark (@mase289) Bug Bounty2020-08-182023-06-13
3205How could I Tag Photo to any user’s Scrapbook on Facebook Authorization flaw Meta / Facebook Raja Sudhakar (@Rajasudhakar) Bug Bounty2020-08-182023-06-13
3204How to contact Google SRE: Dropping a shell in cloud SQL SQL injection Privilege escalation Parameter injection RCE Google wtm@offensi.com (@wtm_offensi) Bug Bounty2020-08-182023-06-13
3203Fun with header and forget password, with a twist: Password reset Host header injection NA Vuk Ivanovic Bug Bounty2020-08-182023-06-13
3202Escalating a GitHub leak to takeover entire organization Information disclosure NA Shashank (@cyberboyIndia) Bug Bounty2020-08-182023-06-13
3201Django debug mode to RCE in Microsoft acquisition Information disclosure RCE Microsoft Syed Abuthahir (@writerabu) Bug Bounty2020-08-192023-06-13
3200A perfect duplicate or how to send an email with a spoofed invoice’s content Email spoofing Open mail relay Missing authentication NA Mateusz Olejarka (@molejarka) Bug Bounty2020-08-192023-06-13
3198(Shopify.com) Blind Stored XSS Via Staff Name $$$$ Stored XSS Shopify Rio Mulyadi (@riomulyadi_) Bug Bounty2020-08-192023-06-13
3197How I Found My First Bug Stored Xss and Earned My First Bounty 1000$ Stored XSS Badoo Nazmul Haque (@0xnazmul) Bug Bounty2020-08-212023-06-13
3196Upload to the future IDOR NA Vuk Ivanovic Bug Bounty2020-08-222023-06-13
3195How I was able to find easy P1 just by doing Recon LFI NA Kirtan Patel (@kirtanpatel9111) Bug Bounty2020-08-222023-06-13
3194$$ Bounties for Unauthenticated file read in Cisco ASA CVE-2020–3452 LFI NA Supun Halangoda (@halangoda_supun) Bug Bounty2020-08-232023-06-13
3193Account Takeover For The Win 🏆 Account takeover Authentication flaw Password reset NA Ricardo Iramar dos Santos (@ricardo_iramar) Bug Bounty2020-08-242023-06-13
3192Stealing local files using Safari Web Share API Browser hacking Apple Pawel Wylecial (@h0wlu) Bug Bounty2020-08-242023-06-13
3191Waze: How I Tracked Your Mother Logic flaw Information disclosure Google (Waze) Peter Gasper (@malgregator) Bug Bounty2020-08-252023-06-13
3190Bug Bounty Failsx101[4] MFA bypass NA ArcherL (@realArcherL) Bug Bounty2020-08-262023-06-13
3189Auth bypass: Leaking Google Cloud service accounts and projects Authentication bypass Google Ezequiel Pereira (@epereiralopez) Bug Bounty2020-08-262023-06-13
3188Delete IDOR on a Fashion eCommerce Website IDOR NA Amey Anekar (@ameyanekar) Bug Bounty2020-08-262023-06-13
3187Accessing the website directly through its IP address, a case of a poorly hidden sql injection SQL injection NA Vuk Ivanovic Bug Bounty2020-08-272023-06-13
3186My Hacking Adventures With Safari Reader Mode CSP bypass SOP bypass Apple Nikhil Mittal (@c0d3G33k) Bug Bounty2020-08-272023-06-13
3185Oversecured automatically discovers persistent code execution in the Google Play Core Library Arbitrary Code Execution Android Google Oversecured (@OversecuredInc) Bug Bounty2020-08-282023-06-13
3184The Importance of keeping up to date, or how I found an interesting bug thanks to a tweet Stored XSS NA Vuk Ivanovic Bug Bounty2020-08-292023-06-13
3183Unhiding the hidden Client-side enforcement of server-side security Authorization flaw CSRF NA I am Broot Bug Bounty2020-08-312023-06-13
3182Page shops with a hidden Product in “Featured product section” which could be controlled by attacker (Ex Editor). Logic flaw Meta / Facebook Rohit kumar (@rohitcoder) Bug Bounty2020-08-312023-06-13
3181Stop scratching the surface, and hack the dependencies Stored XSS NA Rotem Reiss (@rotem_reiss) Bug Bounty2020-08-312023-06-13