Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5096One company: 262 bugs, 100% acceptance, 2.57 priority, millions of user details saved. Stored XSS Blind XSS CSRF Account takeover IDOR NA Zseano (@zseano) Bug Bounty2017-02-252023-06-13
5095Time-based Blind SQLi on news.starbucks.com Blind SQL injection Starbucks toctou Bug Bounty2017-02-262023-06-13
5094Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token postMessage Violation of secure design principles Slack Frans Rosén (@fransrosen) Bug Bounty2017-02-282023-06-13
5093Ok Google, Give Me All Your Internal DNS Information! SSRF Google Julien Ahrens (@MrTuxracer) Bug Bounty2017-03-012023-06-13
5092Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities XSS CSP bypass Airbnb Brett Buerhaus (@bbuerhaus) Bug Bounty2017-03-082023-06-13
5091Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat Open redirect SSRF Path traversal Airbnb Brett Buerhaus (@bbuerhaus) Bug Bounty2017-03-092023-06-13
5090How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) XSS Google Marin Moulinier Bug Bounty2017-03-092023-06-13
5089Remote Code Execution in AT&T RCE SSTI Components with known vulnerabilities AT&T Corben Leo (@hacker_) Bug Bounty2017-03-102023-06-13
5088Airbnb – Ruby on Rails String Interpolation led to Remote Code Execution RCE Airbnb Brett Buerhaus (@bbuerhaus) Bug Bounty2017-03-132023-06-13
5087Bypassing Safe Links in Exchange Online Advanced Threat Protection Open redirect Microsoft Mikail Tunç (@emtunc) Bug Bounty2017-03-162023-06-13
5086Penetrating PornHub – XSS vulns galore (plus a cool shirt!) XSS PornHub Jon Bottarini (@jon_bottarini) Bug Bounty2017-03-162023-06-13
5085Near universal XSS in McAfee Web Gateway XSS McAfee Olivier Arteau Bug Bounty2017-03-172023-06-13
5084Critical information disclosure on Wappalyzer.com Information disclosure Wappalyzer Davide Tampellini (@tampe125) Bug Bounty2017-03-242023-06-13
5083Hundreds of hundreds sub-secdomains hack3d! (including Hacker0ne) Subdomain takeover HackerOne Ak1T4 (@akita_zen) Bug Bounty2017-03-282023-06-13
5082Airbnb – Web to App Phone Notification IDOR to view Everyone’s Airbnb Messages IDOR Airbnb Brett Buerhaus (@bbuerhaus) Bug Bounty2017-03-312023-06-13
5081Inspect Element leads to Stripe Account Lockout Authentication Bypass Authentication bypass Stripe Jon Bottarini (@jon_bottarini) Bug Bounty2017-04-032023-06-13
5080AWS S3 bucket misconfiguration - Paytm AWS misconfiguration Paytm Tutorgeeks (@tutorgeeks) Bug Bounty2017-04-182023-06-13
5079Tales of SugarCRM Security Horrors PHP Object Injection SQL injection Authentication bypass SugarCRM Egidio Romano / EgiX Bug Bounty2017-04-232023-06-13
5078I got emails — G Suite Vulnerability Logic flaw Google Yelp Meta / Facebook Rojan Rijal (@uraniumhacker) Bug Bounty2017-05-052023-06-13
5075Hacking the NHS for Fun and No Profit SQL injection LFI NHS Nathan (@NathOnSecurity) Bug Bounty2017-05-222023-06-13
5074A pair of Plotly bugs: Stored XSS and AWS Metadata SSRF Stored XSS SSRF Plotly Yasin Soliman (@SecurityYasin) Bug Bounty2017-05-252023-06-13
5073Pivoting from blind SSRF to RCE with HashiCorp Consul Blind XSS RCE NA Peter Adkins (@darkarnium) Bug Bounty2017-05-292023-06-13
5072XSS on Google{5.000$}-Google Vulnerability Reward Program (VRP) Stored XSS Google - Bug Bounty2017-05-302023-06-13
5071Android Browser All Versions - Address Bar Spoofing Vulnerability - CVE-2015-3830 Address Bar Spoofing Google Rafay Baloch (@rafaybaloch) Bug Bounty2017-06-012023-06-13
5070Nokia Asha Series Lock Screen Bypass Authentication bypass Lock screen bypass Nokia Hammad Shamsi (@HammadShamsii) Bug Bounty2017-06-012023-06-13