Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
782Contrast discovers zero-day flaw in popular Quarkus Java framework Drive-by attack CSRF RCE Quarkus Joseph Beeton Bug Bounty2022-11-232023-06-13
778Able to Mass-change profile section leads to my first $BOUNTY$ HTML injection IDOR CSRF NA SYRINE Bug Bounty2022-11-252023-06-13
774Exploiting CORS Misconfigurations CORS misconfiguration CSRF XST Apple Google Mozilla (Firefox) WHATWG scarlet / attack ships on fire Bug Bounty2022-11-262023-06-13
613Advanced CSRF Exploitation CSRF Stored XSS NA Sandro Einfeldt Bug Bounty2023-01-072023-06-13
604“2022: A Year of Fascinating Discoveries” CSRF SSRF Blind XSS Password reset Hyperlink injection IDOR Weak credentials AWS misconfiguration NA dhakal_bibek (@dhakal__bibek) Bug Bounty2023-01-092023-06-13
598Client-Side SSRF to Google Cloud Project Takeover [Google VRP] SSRF CSRF Open redirect Google Dohyun Lee Bug Bounty2023-01-122023-06-13
569EmojiDeploy: Smile! Your Azure web service just got RCE’d ._. RCE Cloud CSRF CORS misconfiguration Microsoft (Azure) Liv Matan (@terminatorLM) Bug Bounty2023-01-192023-06-13
561CSRF + Stored XSS Leading to Full Account Takeover Stored XSS CSRF Account takeover NA Fares Walid (@SirBagoza) Bug Bounty2023-01-202023-06-13
497SSO Gadgets: Escalate (Self-)XSS to ATO SSO OAuth Account takeover Self-XSS Login CSRF NA Lauritz Holtmann (@_lauritz_) Bug Bounty2023-02-042023-06-13
480Chaining Bugs to get my First Bug Bounty CSRF Open redirect Clickjacking Account takeover NA ag3n7 (@ag3n7apk) Bug Bounty2023-02-082023-06-13
457Bypassing SameSite=lax cookie restrictions to preform CSRF resulting to a horizontal privilege escalation via poor email verification mechanism CSRF NA Imad Husanovic (@deadoverflow_) Bug Bounty2023-02-132023-06-13
243Unveiling the Secrets: My Journey of Hacking Google’s OSS CSRF Self-XSS Google 7𝖍3𝖍4𝖈kv157 (@7h3h4ckv157) Bug Bounty2023-03-312023-06-13
235Simple Bugs 0x01: Password Changing to Account Takeover! Account takeover CSRF NA Vitor Falcao (@egl_falcao) Bug Bounty2023-04-032023-06-13
122A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… postMessage JSONP DOM XSS CORS misconfiguration CSRF WAF bypass NA Julien Cretel (@jub0bs) Bug Bounty2023-05-052023-06-13