Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1017XSS through DHCP: How Attackers Use Standards XSS NA Dylan Ross Bug Bounty2022-09-292023-06-13
1016ECDSA Nonce Reuse Cryptographic issues NA Ingredous Labs Bug Bounty2022-09-292023-06-13
1014Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned) Web cache poisoning Akamai Paypal Airbnb Tesla Valve Zomato Whitejar Starbucks PlayStation Marriott Hyatt Hotels Goldman Sachs Microsoft Apple LastPass Brussels Airlines Mastercard eToro BBP BMW Group Rockstar Games Francesco Mariani (@_medusa_1_) Bug Bounty2022-09-292023-06-13
1013Security vs Compliance-Cloudflare Password Policy Restriction Bypass Client-side enforcement of server-side security Cloudflare Lohith Gowda M (@lohigowda_in) Bug Bounty2022-09-292023-06-13
1009Tale of Easy P1 Bugs in Wild Forced browsing 403 bypass Information disclosure NA Harsh Tandel Bug Bounty2022-10-012023-06-13
1008Breaking Business Logic - Part: 2^7 = 1 Race condition NA Hemdeep Gamit Bug Bounty2022-10-022023-06-13
1006Using Default Credential to Admin Account Takeover Weak credentials NA Rohit Kumar (Rohit_443) Bug Bounty2022-10-022023-06-13
1005CSRF Attack — 0 click account delete - 1st write-up CSRF HTML injection NA Deepak (@bug_vs_me) Bug Bounty2022-10-032023-06-13
1004My First And Second Bugs Are — 2FA Bypass MFA bypass HTTP response manipulation Information disclosure NA Jai Niresh J Bug Bounty2022-10-032023-06-13
1003Bugcrowd — Tale of multiple misconfigurations!! ❌ Account takeover OAuth OTP bypass Password reset NA Vaibhav Lakhani Bug Bounty2022-10-042023-06-13
1001Hacking TMNF: Part 1 - Fuzzing the game server RCE Memory corruption Format string vulnerability Ubisoft - Bug Bounty2022-10-052023-06-13
1000How I Found A P1 Bug Authentication bypass Information disclosure NA Amith Bug Bounty2022-10-052023-06-13
999Appsmith Patches Full-Read SSRF Vulnerabilities Reported by CloudSEK SSRF Appsmith Sparsh Kulshrestha (@d0tdotslash) Bug Bounty2022-10-052023-06-13
997A Deep Dive of CVE-2022–33987 (Got allows a redirect to a UNIX socket) SSRF MediaWiki Chaim Sanders Bug Bounty2022-10-062023-06-13
996Error based SQL Injection with WAF bypass manual Exploit 100% SQL injection WAF bypass NA Ahmed Qaramany (@c0nqr0r) Bug Bounty2022-10-062023-06-13
995Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style DNS cache poisoning Kaminsky attack NA Timo Longin Bug Bounty2022-10-062023-06-13
994CVE-2022-41343 RCE Insecure deserialization Phar deserialization dompdf Tanto Security team (@TantoSecurity) Bug Bounty2022-10-062023-06-13
993Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to stored Self-XSS CSRF NA Ahmad A Abdulla (@lu3ky13) Bug Bounty2022-10-062023-06-13
990Full Company Building Takeover Information disclosure NA Omar Hashem (@OmarHashem666) Bug Bounty2022-10-062023-06-13
989CVE-2022–36635 — A SQL Injection in ZKSecurityBio to RCE SQL injection ZKTeco Caio Burgardt (@CaioBurgardt) Bug Bounty2022-10-062023-06-13
987Auth Bypass Via Exposed Credentials Hardcoded API keys NA g30rgy th3 d4rk (@Crypt0g30rgy) Bug Bounty2022-10-072023-06-13
986Vulnerabilities in Online Payment Systems Payment bypass Payment tampering Logic flaw NA Claudio Moran Bug Bounty2022-10-082023-06-13
984Persistent PHP Payloads In PNGs: How To Inject PHP Code In An Image – And Keep It There ! Unrestricted file upload Code injection RCE NA Quentin Roland (@ROLANDQuentin2) Bug Bounty2022-10-102023-06-13
982Reflected cross-site scripting vulnerability in Crealogix EBICS implementation Reflected XSS CREALOGIX AG Tobias Ospelt (@floyd_ch) Bug Bounty2022-10-102023-06-13
980[Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I] Broken Access Control Android NA Abdelhak Kharroubi Bug Bounty2022-10-102023-06-13