Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2870IDOR Revealing Images CDN Links IDOR NA susan wagle Bug Bounty2021-01-252023-06-13
2869Chaining a self XSS to Account Takeover Self-XSS Reflected XSS Account takeover NA Arman Sameer (@ArmanSameer95) Bug Bounty2021-01-252023-06-13
2868Get paid by smuggling, the legal way HTTP Request Smuggling NA James Ling (@James_puppykok) Bug Bounty2021-01-252023-06-13
2867Leaking issues from linked Jira – Atlassian Confluence Server XS-Search Atlassian yeuchimse (@yeuchimse) Bug Bounty2021-01-252023-06-13
2866BMW Bug Bounty – Account Verification Bypass writeup OTP bypass Bruteforce Lack of rate limiting BMW Pethuraj (@Pethuraj) Bug Bounty2021-01-262023-06-13
2865Finding SSRF BY Full Automation SSRF NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-01-272023-06-13
2864$500 For No Rate Limit On Forgot Password Page Lack of rate limiting Password reset NA BBHC (@community_bug) Bug Bounty2021-01-272023-06-13
2863Hijacking Google Drive Files (Documents, Photo & Video) Through Google Docs Sharing Clickjacking Google santuySec (@santuySec) Bug Bounty2021-01-272023-06-13
2862Bragging Rights(Part 1): Short story of a bug wave IDOR Stored XSS SSRF Subdomain takeover Hardcoded credentials NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-01-272023-06-13
2861Weird functionality leads to Account Takeover (Millions of Users affected) Account takeover Authentication flaw NA Sahil Mehra (@nullr3x) Bug Bounty2021-01-272023-06-13
2860How We Escaped Docker in Azure Functions Privilege escalation Cloud Microsoft Intezer Bug Bounty2021-01-272023-06-13
2859Business Logic Error Methodology (easy way) + PoC-s Logic flaw NA Vuk Ivanovic Bug Bounty2021-01-282023-06-13
2858OTP Bypass Account Takeover to Admin Panel — Ft. Header Injection OTP bypass Account takeover NA Avinash Jain (@logicbomb_1) Bug Bounty2021-01-282023-06-13
2857Remote Code Execution – LimeSurvey (CVE-2018-7556) RCE NA yeuchimse (@yeuchimse) Bug Bounty2021-01-282023-06-13
2856Analysing Crash Messages To Achieve Blind Root Command Injection OS command injection NA Shawar Khan (@ShawarkOFFICIAL) Bug Bounty2021-01-282023-06-13
2855Launching Internal & Non-Exported Deeplinks On Facebook CSRF Meta / Facebook Ashley King (@AshleyKingUK) Bug Bounty2021-01-282023-06-13
2854Destroying Armies and Villages through Cross-Site Scripting - Bug Bounty Write-up Stored XSS InnoGames Fábio Freitas (@0xfabiof) Bug Bounty2021-01-292023-06-13
2853Broken Access Control & Stored XSS - Easy Hunt Stored XSS IDOR NA Kabeer (@iTheKabeer) Bug Bounty2021-01-292023-06-13
2852How I chained P4 To P2 [Open Redirection To Full Account Takeover] Open redirect Account takeover NA Bishal Shrestha (@bishal0x01) Bug Bounty2021-01-302023-06-13
2851Android apk leaks access token to takeover the whole infrastructure Information disclosure Hardcoded credentials Android NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-01-302023-06-13
2850An Interesting Account Takeover Vulnerability IDOR Account takeover NA Avanish Pathak (@avanish46) Bug Bounty2021-01-302023-06-13
2849An unexpected bug Bruteforce NA Nitin yadav (@Nitinydv14) Bug Bounty2021-01-312023-06-13
2848An Account Takeover Vulnerability Due to Response Manipulation. Authentication bypass Account takeover NA Avanish Pathak (@avanish46) Bug Bounty2021-01-312023-06-13
2847Disclose the FB profile of Facebook employees who create official announcement messages (Bug Bounty) Information disclosure Meta / Facebook Amine Aboud (@amineaboud) Bug Bounty2021-02-012023-06-13
2846Access developer tasks list of any Facebook Application (GraphQL IDOR) IDOR Meta / Facebook Amine Aboud (@amineaboud) Bug Bounty2021-02-012023-06-13