Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4733Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper DOM XSS Universal XSS Clickjacking Browser extension hacking NA Matthew Bryant (@IAmMandatory) Bug Bounty2018-06-082023-06-13
4732[PayPal BBP] I could’ve deleted All SMC messages. Using Brute-Force technique. CSRF Paypal Ayoub Ait Elmokhtar (@aessadek) Bug Bounty2018-06-102023-06-13
4731How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL XXE NA Darrell Damstedt Bug Bounty2018-06-112023-06-13
4730Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution CSV injection Server side spreadsheet injection Formula injection RCE Google Jake Miller Bug Bounty2018-06-112023-06-13
4729Full account Takeover via reset password function IDOR Account takeover Password reset NA Khaled Hassan Bug Bounty2018-06-122023-06-13
4727Vulnerability Netflix (cross-site-scripting) XSS Reflected XSS Netflix Bada Diaz (@bada77) Bug Bounty2018-06-132023-06-13
4726How I got paid premium plan for free on many popular websites Logic flaw NA Khaled Hassan Bug Bounty2018-06-132023-06-13
4725The 2.5 BTC Stored XSS Stored XSS NA Khaled Hassan Bug Bounty2018-06-132023-06-13
4713How I got access to local AWS info via Jira SSRF NA Coen Goedegebure (@CoenHimself) Bug Bounty2018-06-242023-06-13
4712Account Take over via reset password Password reset Account takeover NA Yasser Gersy (@yassergersy) Bug Bounty2018-06-252023-06-13
4710How re-signing up for an account lead to account takeover Logic flaw Account takeover NA Zseano (@zseano) Bug Bounty2018-06-262023-06-13
4709Take Advantage of Out-of-Scope Domains in Bug Bounty Programs XSS NA Abdullah Hussam (@Abdulahhusam) Bug Bounty2018-06-272023-06-13
4707Unauthenticated Command Injection Vulnerability in VMware NSX SD-WAN by VeloCloud OS command injection RCE VMware Brian Sullivan Bug Bounty2018-06-292023-06-13
4706https://leigh-annegalloway.com/tumblr/ Captcha bypass Username enumeration Information disclosure Automattic Leigh-Anne Galloway (@L_AGalloway) Bug Bounty2018-06-292023-06-13
4705Chaining Multiple Vulnerabilities to Gain Admin Access IDOR Account takeover NA Ben Sadeghipour (@nahamsec) Bug Bounty2018-07-022023-06-13
4703Latex to RCE, Private Bug Bounty Program RCE NA Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2018-07-062023-06-13
4702CVE-2016-3473 XXE NA hateshape (@hateshaped) Bug Bounty2018-07-062023-06-13
4701CVE-2018-8819 XXE NA hateshape (@hateshaped) Bug Bounty2018-07-072023-06-13
4699#BugBounty - Compromising User Account- "How I was able to compromise user account via HTTP Parameter Pollution(HPP)" HTTP parameter pollution Password reset Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2018-07-072023-06-13
4694Bug Bounty at Bangladeshi Site. SQL injection NA Shaifullah Shaon Bug Bounty2018-07-152023-06-13
4693Attacking PostgreSQL Database Bruteforce Weak credentials NA Vishnuraj Bug Bounty2018-07-162023-06-13
4691CVE-2018-13784: PrestaShop 1.6.x Privilege Escalation Privilege escalation Session management issue PrestaShop Charles Fol (@cfreal_) Bug Bounty2018-07-162023-06-13
4690Hacking thousands of companies through their helpdesk Account takeover DoS Logic flaw NA Khaled Hassan Bug Bounty2018-07-172023-06-13
4687Oracle WebLogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933) SAML Authentication bypass Oracle (WebLogic) Denis Andzakovic Bug Bounty2018-07-182023-06-13
4682RCE due to ShowExceptions RCE Information disclosure Debugging enabled NA Harsh Jaiswal (@rootxharsh) Bug Bounty2018-07-202023-06-13