Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3024Pentest-Story: Empirum password decryption Weak crypto Reverse engineering Matrix42 evait security GmbH (@evait_security) Bug Bounty2020-11-162023-06-13
3023Stealing User’s PII info by visiting API endpoint directly Information disclosure Logic flaw NA Kunal pandey (@kunalp94) Bug Bounty2020-11-162023-06-13
3022Firefox: How a website could steal all your cookies Arbitrary file read Mozilla Pedro Oliveira (@kanytu) Bug Bounty2020-11-162023-06-13
3021Hacking into (RCE) Government Server operated for the US Department of Energy’s National Nuclear Security Administration. RCE OS command injection US Department of Energy Shaheen Fazim Bug Bounty2020-11-162023-06-13
3020OpenEMR 5.0.1.3 Arbitrary File Actions Arbitrary file write Arbitrary file read Security code review OpenEMR Josh Fam (@Pullerze) Bug Bounty2020-11-172023-06-13
3019Tale of 3 vulnerabilities to account takeover! SSRF Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2020-11-172023-06-13
3018Server Side Misconfigurartion - A Funny Fix Information disclosure Basecamp Jerry Shah (@Jerry) Bug Bounty2020-11-182023-06-13
3017GraphQL IDOR in Facebook streamer dashboard. IDOR GraphQL Meta / Facebook Kailash (@Corrupted_brain) Bug Bounty2020-11-182023-06-13
3016Out of Band XXE in an E-commerce IOS app XXE NA Gaurang Bhatnagar (@0xgaurang) Bug Bounty2020-11-192023-06-13
3015Arbitrary File Write On Client By ADB Pull Arbitrary file write Google Serafina (Sera) Tonin Brocious (@daeken) Bug Bounty2020-11-192023-06-13
3014Bypassing the Redirect filters with 7 ways Open redirect OAuth NA ElMahdi Mrhassel (@ElMrhassel) Bug Bounty2020-11-192023-06-13
3013Exploiting dynamic rendering engines to take control of web apps SSRF Open redirect NA Vasilii Ermilov (@ermil0v) Bug Bounty2020-11-192023-06-13
3012Turning Blind Error Based SQL Injection into Exploitable Boolean One SQL injection NA Ozgur Alp (@ozgur_bbh) Bug Bounty2020-11-212023-06-13
30112 Reflected XSS In Razer Reflected XSS Razer Mostafa Bug Bounty2020-11-212023-06-13
3010Weird (im)possible XSS on error page Reflected XSS NA Rody Shahnazarian (@Komradz86) Bug Bounty2020-11-212023-06-13
3009Escalating XSS to Account Takeover Reflected XSS Account takeover NA Aditya Verma (@0cirius0) Bug Bounty2020-11-222023-06-13
3008Fixing a Google Vulnerability Privilege escalation Google I (@InsecureNature) Bug Bounty2020-11-222023-06-13
3007SD-PWN — Part 3 — Cisco vManage — Another Day, Another Network Takeover RCE SSRF Arbitrary file write Path traversal OS command injection Local Privilege Escalation Cisco Realmode Labs (@RealmodeLabs) Bug Bounty2020-11-232023-06-13
3006Reflected Cross Site Scripting on REDACTED Program (Bounty: 750$) Reflected XSS NA can1337 (@canmustdie) Bug Bounty2020-11-232023-06-13
3005How images on Github will leak your private information Information disclosure GitHub fuomag9 (@fuomag9) Bug Bounty2020-11-242023-06-13
3004SD-PWN Part 4 — VMware VeloCloud — The Last Takeover RCE Authentication bypass Default credentials SQL injection Path traversal LFI VMware Realmode Labs (@RealmodeLabs) Bug Bounty2020-11-262023-06-13
3003Pre-Account Takeover using OAuth Misconfiguration OAuth NA the_unluck_guy (@7he_unlucky_guy) Bug Bounty2020-11-262023-06-13
3002How i got easy $$$ for SQL Injection Bug SQL injection NA Rafi Andhika Galuh Bug Bounty2020-11-262023-06-13
3001The Story of my first critical bug SQL injection NA Shellbr3ak (@0xShellbr3ak) Bug Bounty2020-11-292023-06-13
3000Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB Information disclosure Account takeover NA DarkLotus (@darklotuskdb) Bug Bounty2020-11-292023-06-13