Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1428Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) SSRF Atlassian Shubham Shah (@infosec_au) Bug Bounty2022-06-262023-06-13
1427CVE-2022-32205: Set-Cookie denial of service DoS Internet Bug Bounty (curl) Harry Sintonen Bug Bounty2022-06-272023-06-13
1426CVE-2022-32206: HTTP compression denial of service DoS Internet Bug Bounty (curl) Harry Sintonen Bug Bounty2022-06-272023-06-13
1425CVE-2022-32207: Unpreserved file permissions Improper Preservation of Permissions Internet Bug Bounty (curl) Harry Sintonen Bug Bounty2022-06-272023-06-13
1424CVE-2022-32208: FTP-KRB bad message verification MiTM Internet Bug Bounty (curl) Harry Sintonen Bug Bounty2022-06-272023-06-13
1422CVE-2022-30522 – Denial of Service (DoS) Vulnerability in Apache httpd “mod_sed” filter DoS Internet Bug Bounty JFrog Security Research Team (@JFrogSecurity) Bug Bounty2022-06-282023-06-13
1421CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED) Client File Read Rapid7 Hans-Martin Münch (@h0ng10) Bug Bounty2022-06-282023-06-13
1420Access control worth $2000 (everyone missed this IDOR+Access control between two admins.) IDOR Broken Access Control NA dhakal_bibek (@dhakal__bibek) Bug Bounty2022-06-282023-06-13
1419FabricScape: Escaping Service Fabric and Taking Over the Cluster Container escape Local Privilege Escalation Cross-tenant vulnerability Microsoft Unit 42 (@Unit42_Intel) Bug Bounty2022-06-282023-06-13
1416Pwning ManageEngine — From PoC to Exploit: A deep dive into CVE-2020–11531 and CVE-2020–11532 Path traversal RCE Authentication bypass Zoho Erik Wynter (@WynterErik) Bug Bounty2022-06-282023-06-13
1414[BugBounty] how do I get a premium tier account without paying a penny Mass assignment Payment bypass NA Marzuki (@aizack_ma) Bug Bounty2022-06-292023-06-13
1411CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus XXE SSRF RCE Zoho Naveen Sunkavally Bug Bounty2022-06-292023-06-13
1409Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908) RCE XSS Microsoft s1r1us (@s1r1u5_) Bug Bounty2022-06-292023-06-13
1406Get root on macOS 12.3.1: proof-of-concepts for Linus Henze%27s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) Signature validation bypass Memory corruption Local Privilege Escalation MacOS Apple Zhuowei Zhang (@zhuowei) Bug Bounty2022-07-022023-06-13
1405Admin account takeover via weird Password Reset Functionality Account takeover Authentication bypass Password reset NA Mahmoud Youssef (@0xmahmoudjo0) Bug Bounty2022-07-022023-06-13
1404A swag for a Open Redirect — Google Dork — Bug Bounty Open redirect NA Proviesec (@proviesec) Bug Bounty2022-07-022023-06-13
1403Vertical Privilege Escalation: The user can takeover an admin account via response manipulation Privilege escalation HTTP response manipulation NA Jan Muhammad Zaidi (@hasanakajan) Bug Bounty2022-07-022023-06-13
1402($$$) Origin ip to account takeover WAF bypass Password reset Host header injection Account takeover NA Hemant Kumar Bug Bounty2022-07-022023-06-13
1401Penetration Testing Firebase Web Applications Firebase Information disclosure NA Bhashit Pandya (@x30r_) Bug Bounty2022-07-032023-06-13
1399Rediscovering Epic Games 0-Days (Forever Unpatched?) Local Privilege Escalation Epic Games Christopher Vella (@Kharosx0) Bug Bounty2022-07-062023-06-13
1398Exposing Millions of Voter ID card users’ details. IDOR OTP bypass Account takeover Logic flaw CERT-In Aziz Al Aman (@nxtexploit) Bug Bounty2022-07-062023-06-13
1397How I found Open redirect on Bug crowd public program in 2 day Open redirect NA Ittipatjitrada (@IttipatJitrada) Bug Bounty2022-07-062023-06-13
1396CVE-2022-34265 SQL injection Django Takuto Yoshikai (@TakutoYoshikai) Bug Bounty2022-07-072023-06-13
1395Account hijacking using "dirty dancing" in sign-in OAuth-flows OAuth Account takeover NA Frans Rosén (@fransrosen) Bug Bounty2022-07-072023-06-13
1394Interesting Privilege Escalation In an Old Private Program Privilege escalation NA Zunaid Mahmud (@SZ_Mahmud_7) Bug Bounty2022-07-072023-06-13