Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1352FFUF-ing RECON, or how to get to P1–P3 from a slightly different recon vHost misconfiguration 403 bypass Information disclosure NA Vuk Ivanovic Bug Bounty2022-07-172023-06-13
1351CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to Jellyfin Broken Access Control XSS jellyfin Dan Barros Bug Bounty2022-07-182023-06-13
1350Good things takes time | Story of my first “valid” critical bug! Missing authentication Exposed administrative interface NA Kr1shna 4garwal (@Kr1shna4garwal) Bug Bounty2022-07-182023-06-13
1344How i was able to bypass Open Redirect 3 times on same program. Open redirect NA himanshu pdy (@himanshu_pdy) Bug Bounty2022-07-192023-06-13
1341CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation Local Privilege Escalation Zyxel Jake Baines (@Junior_Baines) Bug Bounty2022-07-192023-06-13
1340Local File Inclusion (interesting method) LFI NA Captain hook Bug Bounty2022-07-192023-06-13
1339Write-up: BlogEngine .NET - 0day Discovery Path traversal XXE BlogEngine .NET Jake McCallum (@0xLanks) Bug Bounty2022-07-192023-06-13
1336[CVE-2022-34918] A crack in the Linux firewall Memory corruption Local Privilege Escalation Linux Kernel Organization Arthur Mongodin Bug Bounty2022-07-202023-06-13
1334Gitlab Project Import RCE Analysis (CVE-2022-2185) RCE GitLab Nguyễn Tiến Giang (@testanull) Bug Bounty2022-07-212023-06-13
1333How I Test For Web Cache Vulnerabilities + Tips And Tricks Web cache poisoning Web cache deception NA Kevin (@bxmbn) Bug Bounty2022-07-212023-06-13
1332I mean, IDOR is NOT only about others ID IDOR NA can1337 (@canmustdie) Bug Bounty2022-07-222023-06-13
1330How I was able to Take over a support chat using leaked Keys Information disclosure NA Pliskin Bug Bounty2022-07-222023-06-13
1328WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security SQL injection XSS Account takeover WordPress Julien Ahrens (@MrTuxracer) Bug Bounty2022-07-222023-06-13
1327SecStory: How I Found Multiple P1 Vulnerabilities without Recon Authentication flaw NA rvdt (@rival_rvdt) Bug Bounty2022-07-232023-06-13
1326Un3xpected DoS Attack on Profile Pictur3 DoS NA Roxst4r (@mveswar98) Bug Bounty2022-07-232023-06-13
1325$$$ bounty in less 3 minutes from a google dork Information disclosure NA Steiner254 (@steiner254) Bug Bounty2022-07-232023-06-13
1324How I made 300 GitHub repos point to my blog using Azure subdomains takeover Subdomain takeover NA 0xPwN (@msd0s7) Bug Bounty2022-07-232023-06-13
1323A Developer’s Nightmare: Story of a simple IDOR and some poor fixes worth $1125 IDOR NA Marcos IAF (@marcos_iaf) Bug Bounty2022-07-242023-06-13
1322How I Gained Access To A Finance Company’s Accounts (Session Hijacking) Session fixation Weak crypto NA Talha Karakumru Bug Bounty2022-07-252023-06-13
1321Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505) Memory corruption DoS Broken Access Control Sensitive Information Sent Over an Unencrypted Channel Nuki Daniel Romero (@daniel_rome) Bug Bounty2022-07-252023-06-13
1317DoS worth $650 ? Interesting right! DoS Pixel flood attack NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-07-252023-06-13
1316Outdated PHP Version leads to RCE RCE Old components with known vulnerabilities NA iamdevansharya (@iamdevansharya) Bug Bounty2022-07-252023-06-13
1315Digging JS files to find BUGs IDOR Information disclosure NA Adnan Malik (@adnanmalikinfo) Bug Bounty2022-07-252023-06-13
1314CVE-2022–36446 — Webmin 1.996 — Remote Code Execution (RCE — Authenticated) During Install New Packages RCE OS command injection Webmin Emir Polat (@devilsgrins) Bug Bounty2022-07-262023-06-13
1313CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable MacOS SIP bypass Apple Mickey Jin (@patch1t) Bug Bounty2022-07-262023-06-13