Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2895How I hijacked the top-level domain of a sovereign state Domain takeover Internet Bug Bounty Fredrik N. Almroth (@Almroot) Bug Bounty2021-01-152023-06-13
2894Attack of the clones 2: Git CLI remote code execution strikes back RCE GitHub Vitor Fernandes (@Rapt00rVF) Bug Bounty2021-01-152023-06-13
2893BitLocker Lockscreen bypass Lock screen bypass Local Privilege Escalation Windows Microsoft Jonas L (@jonasLyk) Bug Bounty2021-01-152023-06-13
2892Hacking naked Akamai ARL at scale Akamai ARL attack NA Randy Gingeleski (@gingeleski) Bug Bounty2021-01-152023-06-13
2891Weaponizing Apify for mass bug bounty $$$ Akamai ARL attack NA Randy Gingeleski (@gingeleski) Bug Bounty2021-01-162023-06-13
2890Finding 0day to hack Apple RCE ColdFusion Apple Harsh Jaiswal (@rootxharsh) Bug Bounty2021-01-162023-06-13
2889My first and last crit of 2020 on Hackerone Lack of rate limiting Bruteforce IDOR Password reset Account takeover NA Takester (@dhiraj_ramteke) Bug Bounty2021-01-162023-06-13
2888Strange Admin Panel Bypass Story | | Bug Bounty Authentication bypass Account takeover NA Ranjeet Kumar Singh (@geekboyranjeet) Bug Bounty2021-01-172023-06-13
2887ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792 Insecure deeplink Information disclosure Android Google Apple Ashley King (@AshleyKingUK) Bug Bounty2021-01-172023-06-13
2886Let’s know How I have explored the buried secrets in React Native application Information disclosure Hardcoded credentials NA secureITmania (@secureitmania) Bug Bounty2021-01-182023-06-13
2885How I was rewarded a $1000 bounty after abusing File Upload functionality to Stored XSS Vulnerability leading to credential theft of a vistor in a website. Unrestricted file upload Stored XSS NA Kunal Khubchandani (@iamkun4l) Bug Bounty2021-01-182023-06-13
2884The Embedded YouTube Player Told Me What You Were Watching (and more) Information disclosure Google David Schütz (@xdavidhu) Bug Bounty2021-01-182023-06-13
2883Simple & Sweet: Bypass email update restriction to change emails of team members Logic flaw Authorization flaw NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-01-192023-06-13
2882Open-redirect [in email] Open redirect NA Akhil Bug Bounty2021-01-192023-06-13
2881[Bug Bounty] 600$ Info Disclosure: obtain any user’s backup data Information disclosure IDOR NA Tommaso De Ponti Bug Bounty2021-01-192023-06-13
2880SSRF Exploitation in Libreoffice Spreadsheet File Converter SSRF NA R4id3n (@R4id3n__) Bug Bounty2021-01-212023-06-13
2879Story Behind Sweet SSRF. SSRF XSS NA Rohit Soni (@streetofhacker) Bug Bounty2021-01-212023-06-13
2878KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card RCE Amazon Yogev Bar-On Bug Bounty2021-01-212023-06-13
2877Staff Information Disclosure on Support Ticketing System ($x,xxx) Information disclosure NA Ph.Hitachi Bug Bounty2021-01-222023-06-13
2876Page Admin Disclosure When Replying Comments Information disclosure Meta / Facebook Prakash Panta (@prakashpanta268) Bug Bounty2021-01-222023-06-13
2875CSRF Protection Bypass in Atlassian Confluence Server CSRF Atlassian yeuchimse (@yeuchimse) Bug Bounty2021-01-222023-06-13
2874The Secret Parameter, LFR, and Potential RCE in NodeJS Apps Local File Read RCE NA CaptainFreak (@0xCaptainFreak) Bug Bounty2021-01-232023-06-13
2873$10,000 for automatic email confirmation bug in Microsoft’s Edge browser Logic flaw Microsoft Karan Chaudhary (@0xKaran) Bug Bounty2021-01-232023-06-13
2872Sql Injection via hidden parameter SQL injection NA Rutvik Hajare (@HajareRutvik) Bug Bounty2021-01-242023-06-13
2871Bypassing WAF with incorrect proxy settings for Hunting Bugs. URL validation bypass NA Shaurya Sharma (@ShauryaSharma05) Bug Bounty2021-01-252023-06-13