Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1094SSRF(g/vrp) for 5000$ SSRF NA lalka (@0x01alka) Bug Bounty2022-09-122023-06-13
1093Contentful Access Token Disclosure in Android APK Information disclosure Android NA Cyberali Bug Bounty2022-09-122023-06-13
1092Bug Bounty - Cross-site request forgery is a thing CSRF XSS NA Patrick Hener (@C1sc01) Bug Bounty2022-09-122023-06-13
1091How I DIDN’T get an RCE in a $200 Billion company — Bug Bounty RCE Components with known vulnerabilities NA nynan (@_nynan) Bug Bounty2022-09-122023-06-13
1090LiveHelperChat - Remote Code Execution via Vulnerable Theme Upload Function RCE Live Helper Chat Arben Shala (@arbennsh) Bug Bounty2022-09-132023-06-13
1087Blind XSS and Time-Based SQL Injection to Admin Panel Control and Database Takeover Blind XSS SQL injection NA Cyberali Bug Bounty2022-09-132023-06-13
1086Data Exfiltration through Blind XXE on PDF Generator Blind XXE WAF bypass NA Arben Shala (@arbennsh) Bug Bounty2022-09-132023-06-13
1084mast1c0re: Hacking the PS4 / PS5 through the PS2 Emulator - Part 1 - Escape Memory corruption PlayStation CTurt (@CTurtE) Bug Bounty2022-09-262023-06-13
1083Attacking the Android kernel using the Qualcomm TrustZone Memory corruption Qalcomm Google Tamir Zahavi-Brunner (@tamir_zb) Bug Bounty2022-09-142023-06-13
1081How I abused the file upload function to get a high severity vulnerability in Bug Bounty Unrestricted file upload Information disclosure NA Omar Hashem (@OmarHashem666) Bug Bounty2022-09-142023-06-13
1079Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804) RCE OS command injection Atlassian Maxwell Garrett (@TheGrandPew) Bug Bounty2022-09-142023-06-13
1078HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites HTTP Request Smuggling Desync attack NA Ankit Singh (@AnkitCuriosity) Bug Bounty2022-09-142023-06-13
1075Getting Paid With Just Picking Color — Bug Bounty CSS injection NA Redza Bug Bounty2022-09-162023-06-13
1071How i Found Unauthorized Bypass RCE RCE Old components with known vulnerabilities NA Yashshirke Bug Bounty2022-09-182023-06-13
1070SSRF Attack Leading To AWS Metadata SSRF CERT-EU ParagBagul Bug Bounty2022-09-182023-06-13
1069Bug Bounty { How I found an Sensitive Information Disclosure( Reconnaissance ) } Information disclosure NA S Rahul (@7srambo) Bug Bounty2022-09-182023-06-13
1067Android Application Forgot Password Token Leakage Leading to Account Takeover Information disclosure Password reset Account takeover Android NA Cyberali Bug Bounty2022-09-192023-06-13
1065SSD Advisory – Linux CLOCK_THREAD_CPUTIME_ID LPE Memory corruption Race condition Kernel hacking Linux Kernel Organization - Bug Bounty2022-09-202023-06-13
1064Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286) Local Privilege Escalation Windows Driver hacking Seagate x86matthew (@x86matthew) Bug Bounty2022-09-202023-06-13
1063Privilege Escalation Leads to making authenticated actions (payment processing, creating invoices.. etc) Privilege escalation Authorization flaw NA X-Vector (@XVector11) Bug Bounty2022-09-202023-06-13
1060AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes Cloud Cross-tenant vulnerability Authorization flaw Oracle Elad Gabay (@eladgabay_) Bug Bounty2022-09-202023-06-13
1057How we Abused Repository Webhooks to Access Internal CI Systems at Scale CI/CD NA Omer Gil (@omer_gil) Bug Bounty2022-09-202023-06-13
1055Mass Assignment Leading to Pre Account Takeover Mass assignment NA Cyberali Bug Bounty2022-09-212023-06-13
1054TypeORM Prototype Pollution Leading To SQL Injection (CVE-2022-36531) DoS SQL injection TypeORM Norbert Szetei (@73696e65) Bug Bounty2022-09-212023-06-13
1053Tarfile: Exploiting the World With a 15-Year-Old Vulnerability Path traversal Python Kasimir Schulz (@Abraxus7331) Bug Bounty2022-09-212023-06-13