Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1050Tarfile: Exploiting the World With a 15-Year-Old Vulnerability Path traversal Python Kasimir Schulz (@Abraxus7331) Bug Bounty2022-09-212023-06-13
1049How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty SQL injection NA Omar Hashem (@OmarHashem666) Bug Bounty2022-09-222023-06-13
1048Making HTTP header injection critical via response queue poisoning HTTP header injection HTTP request smuggling NA James Kettle (@albinowax) Bug Bounty2022-09-222023-06-13
1047Skype for Business Audit Part 1 - SKYPErsistence Local Privilege Escalation Windows Security code review Microsoft Florian Hauser (@frycos) Bug Bounty2022-09-222023-06-13
1045My First XSS Open redirect XSS NA Avyukt Syrine (@AvyuktSyrine) Bug Bounty2022-09-232023-06-13
1044My First Valid Bug “Bypass the Admin Panel” Authentication bypass NA Digant Prajapati Bug Bounty2022-09-232023-06-13
1043Arbitrary File Corruption: End - to - End Encrypted Messaging Application Insecure intent Android NA Neil Mark Ochea (@nmochea) Bug Bounty2022-09-232023-06-13
1042WAF bypasses via 0days WAF bypass Content-type confusion Charset confusion ModSecurity Terjanq (@terjanq) Bug Bounty2022-09-232023-06-13
1041Pre-Auth Remote Code Execution - Web Page Test RCE SSRF CatchPoint Laluka (@TheLaluka) Bug Bounty2022-09-232023-06-13
1040CVE-2022-35256 - HTTP Request Smuggling in NodeJS HTTP request smuggling Node.js VVX7 (@VV_X_7) Bug Bounty2022-09-232023-06-13
1039Complete take-over of Cisco Unified Communications Manager due consecutively misconfigurations Security misconfiguration VoIP hacking NA hackthebox Bug Bounty2022-09-242023-06-13
1037Blind XSS on Admin Portal Leads to Information Disclosure Blind XSS NA Rohit Kumar (Rohit_443) Bug Bounty2022-09-242023-06-13
1036Escalating SSTI to Reflected XSS using curly braces {} SSTI XSS NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-09-242023-06-13
1034Shopping App Deeplink Arbitrary URLs Insecure deeplink Android NA Neil Mark Ochea (@nmochea) Bug Bounty2022-09-252023-06-13
1032Blind account takeover Account takeover NA Bartłomiej Bergier (@_bergee_) Bug Bounty2022-09-252023-06-13
1030Skype for Business Audit Part 2 - SKYPErimeterleak SSRF Security code review Microsoft Florian Hauser (@frycos) Bug Bounty2022-09-262023-06-13
1029“Hey Siri, follow that car!” - How traffic cameras expose your location through parking apps. Information disclosure Session hijacking NA Inti De Ceukelaire (@securinti) Bug Bounty2022-09-262023-06-13
1028Discovering The Less-known Vulnerability In Oracle Peoplesoft TockenChpoken Privilege escalation Bruteforce Cookie manipulation NA RE:HACK (@rehackxyz) Bug Bounty2022-09-262023-06-13
1026From nothing to AWS credentials SSRF NA (@darkandroider) Bug Bounty2022-09-272023-06-13
1025Another Tale Of IBM I (AS/400) Hacking Local Privilege Escalation Midrange system Menu security NA pz Bug Bounty2022-09-282023-06-13
1024Two RCEs are better than one: write-up of an interesting lateral movement Local Privilege Escalation RCE NA Riccardo Malatesta (@seeu_inspace) Bug Bounty2022-09-282023-06-13
1023Exploits Explained: 5 Unusual Authentication Bypass Techniques Authentication bypass JWT CMS SSO NA Ozgur Alp (@ozgur_bbh) Bug Bounty2022-09-282023-06-13
1022Practically-exploitable Cryptographic Vulnerabilities in Matrix Cryptographic issues Matrix Martin Albrecht (@martinralbrecht) Bug Bounty2022-09-282023-06-13
1020Apple CoreText - An Unexpected Journey to Learn about Failure Memory corruption Apple Daniel Lim Wee Soong (@daniellimws) Bug Bounty2022-09-292023-06-13
1019CVE-2022-37461: Two Reflected XSS Vulnerabilities in Canon Medical’s Vitrea View Reflected XSS Canon Jordan Hedges Bug Bounty2022-09-292023-06-13