Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2949Hiding from custom story privacy list is possible in FBlite making the victim unable to remove you from the list. Logic flaw Meta / Facebook Baibhav Anand (@SpongeBhav) Bug Bounty2020-12-242023-06-13
2948EN | Account Takeover via Web Cache Poisoning based Reflected XSS Reflected XSS Web cache poisoning Account takeover NA Lütfü Mert Ceylan (@lutfumertceylan) Bug Bounty2020-12-262023-06-13
2947Full Address Bar Spoofing On Opera Mini Android Address Bar Spoofing Opera Google Piyush Raj ~ Rex (@0x48piraj) Bug Bounty2020-12-262023-06-13
2946Facebook page admin disclosure by "Message Seller" button (Bounty: 1500 USD) Information disclosure Meta / Facebook Shubham Bhamare (@theshubh77) Bug Bounty2020-12-262023-06-13
2945Chaining CORS by Reflected xss to Account takeover #My first Blog CORS misconfiguration Reflected XSS Account takeover NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2020-12-262023-06-13
2944Regular expression injection, a code review low hanging fruit ReDoS NA Dominic (@dee__see) Bug Bounty2020-12-272023-06-13
2943[Google VRP] Hijacking Google Docs Screenshots postMessage XSS Google Sreeram KL (@kl_sree) Bug Bounty2020-12-272023-06-13
2942How I Got My First Bounty & Hof From Google (CSRF Lead To Account Delete) CSRF Google Bhupendra Rajbhar (@bhupendra1238) Bug Bounty2020-12-282023-06-13
2941Facebook page admin disclosure by "Create doc" button (Bounty: 5000 USD) Information disclosure Meta / Facebook Shubham Bhamare (@theshubh77) Bug Bounty2020-12-282023-06-13
2940Sensitive data leak using IDOR in integration service IDOR NA Ronak Patel (@ronak_9889) Bug Bounty2020-12-292023-06-13
2939Cache-Key Normalization - What could go wrong? Web cache poisoning DoS NA Youstin (@iustinBB) Bug Bounty2020-12-292023-06-13
2938Event Creator Is Not Able To Block The Attacker During Event Livestream Logic flaw Meta / Facebook Prakash Panta (@prakashpanta268) Bug Bounty2020-12-302023-06-13
2937Group Admin Can’t Able To Moderate Comments When Posted Through Page : Facebook Bug Bounty 2020 Logic flaw Meta / Facebook Prakash Panta (@prakashpanta268) Bug Bounty2020-12-302023-06-13
2936Replying Comments On Someone’s Livestream From Page Is Posted As Personal Identity Information disclosure Meta / Facebook Prakash Panta (@prakashpanta268) Bug Bounty2020-12-302023-06-13
2935Cross Domain Referrer Leakage Cross-Domain Referrer Leakage NA Mohsinalibukc Bug Bounty2020-12-312023-06-13
2934Facebook bug bounty (500 USD) : A blocked fundraiser organizer would be unable to view or remove themselves from the fundraiser. DoS Logic flaw Meta / Facebook Vivek ps (@vivekps143) Bug Bounty2020-12-312023-06-13
2932API based IDOR to leaking Private IP address of 6000 businesses IDOR NA Rafi Ahamed (Leonidas D. Ace) Bug Bounty2021-01-012023-06-13
2929Patch. Bypass. Repeat: Story of a FaceBook Page Admin Disclosure bug worth $5000 Information disclosure Meta / Facebook Shubham Bhamare (@theshubh77) Bug Bounty2021-01-042023-06-13
2928Exploiting Max. Character Limitation Logic flaw DoS NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-01-052023-06-13
2927Privilege Escalation: From being a normal user to admin Privilege escalation Broken Access Control NA Akshar Tank Bug Bounty2021-01-052023-06-13
2926Each and every request make sense… Privilege escalation Exposed JWT generation endpoint JWT NA Akshar Tank Bug Bounty2021-01-052023-06-13
2925Incident Response during Christmas Subdomain takeover NA TMO Bug Bounty2021-01-052023-06-13
2924Achieving Remote Code Execution By Exploiting Variable Check Feature RCE NA Shawar Khan (@ShawarkOFFICIAL) Bug Bounty2021-01-062023-06-13
2923Nick%27s infrequently updated blog WAF bypass IP spoofing Cloudflare Nick Booher Bug Bounty2021-01-062023-06-13
2922Finding bugs on Chess.com Lack of rate limiting Bruteforce CSRF Chess.com Seqrity (@seqrity9) Bug Bounty2021-01-072023-06-13