Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
979Enter "Sandbreak" - Vulnerability In vm2 Sandbox Module Enables Remote Code Execution (CVE-2022-36067) RCE Sandbox bypass vm2 Oxeye (@OxeyeSecurity) Bug Bounty2022-10-102023-06-13
977Web application firewall bypass WAF bypass NA - Bug Bounty2022-10-112023-06-13
976Cold Hard Cache — Bypassing RPC Interface Security with Cache Abuse Privilege escalation Windows Microsoft - Bug Bounty2022-10-112023-06-13
975In GUID We Trust IDOR Password reset Race condition Account takeover NA Daniel Thatcher (@_danielthatcher) Bug Bounty2022-10-112023-06-13
974Breaking Parser Logic: Gain Access To NGINX Plus API — Read/Write Upstreams. Path traversal NA Cyberlix (@cyberlixio) Bug Bounty2022-10-122023-06-13
973Critical IDOR Vulnerability on Medium? IDOR NA zer0d Bug Bounty2022-10-122023-06-13
972Pwning ManageEngine — From Endpoint to Exploit: A deep dive into CVE-2021–42847 Arbitrary file write XXE RCE Zoho Erik Wynter (@WynterErik) Bug Bounty2022-10-122023-06-13
971Broken Access Control leads to full team takeover and privilege escalation Broken Access Control Privilege escalation NA Abdelhameed Ghazy (@El3Etraa1) Bug Bounty2022-10-122023-06-13
968The story of a [P5] that lead me to a [P3] find Pre-account takeover NA JAI NIRESH J Bug Bounty2022-10-132023-06-13
967Compromising a Backup System by iSCSI Interface During a Routine Penetration Test Missing authentication NA Bruno Oliveira Bug Bounty2022-10-132023-06-13
966Adobe Reader - XFA - ANSI-Unicode Confusion Information Leak Memory corruption Adobe Ashfaq Ansari (@HackSysTeam) Bug Bounty2022-10-132023-06-13
965SQL Injection in GraphQL SQL injection GraphQL NA Ahmed Gad (@0xGAD) Bug Bounty2022-10-132023-06-13
964Code flaws leads to Org/Admin Account Takeover Privilege escalation Account takeover NA Saransh Saraf (@mr23r0) Bug Bounty2022-10-132023-06-13
963FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684) Authentication bypass Fortinet James Horseman (@JamesHorseman2) Bug Bounty2022-10-132023-06-13
962Fall account takeover via Amazon Cognito misconfiguration IDOR Account takeover NA Hossam Ahmed (@iknowhatodo0x01) Bug Bounty2022-10-132023-06-13
961Some Vulnerabilities Don’t Have A Name ReDoS Memory leak Node.js third-party modules (debug) Mario Teixeira Bug Bounty2022-10-132023-06-13
960It’s the Little Things : Breaking an AI Path traversal NA Debangshu Kundu (@debangshu_kundu) Bug Bounty2022-10-132023-06-13
958Code Injection and SQLi in WP ALL Export Pro SQL injection Security code review NA p3n7a90n (@p3n7a90n) Bug Bounty2022-10-142023-06-13
956The Castle’s Latrine SQL injection NA infiltrateops Bug Bounty2022-10-142023-06-13
955Story about Escalation of HTML Injection to EC2 Instance credentials leak SSRF HTML injection NA Harsh Tandel (@H4r5h_T4nd37) Bug Bounty2022-10-142023-06-13
954Google SSO misconfiguration leading to Account Takeover Authentication bypass Account takeover SSO NA 0x4KD (@0x4kd) Bug Bounty2022-10-142023-06-13
953[CVE-2022-1786] A Journey To The Dawn Use-After-Free Memory corruption Local Privilege Escalation Google (kCTF) Linux Kernel Organization kylebot (@ky1ebot) Bug Bounty2022-10-152023-06-13
952My First Critical Bug In HackerOne Platform HTTP request smuggling NA EX_097 Bug Bounty2022-10-162023-06-13
946Guest Blog Post - Memory corruption vulnerabilities in Edge Browser hacking Memory corruption Use-After-Free Out-of-bounds Read Out-of-bounds Write Microsoft David Erceg (@david_erceg) Bug Bounty2022-10-172023-06-13
943Basic recon to RCE III RCE OS command injection NA Joshua Martinelle (@J0_mart) Bug Bounty2022-10-182023-06-13