Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2816How I was able to get extra coins Logic flaw Android NA Saddam Hussain (@wisdomfreak1) Bug Bounty2021-02-122023-06-13
2815[GITLAB] — Denial of service via “Login Panel” functionality. Application-level DoS GitLab Lyubomir Tsirkov (@lyubo_tsirkov) Bug Bounty2021-02-122023-06-13
2814OAuth Misconfiguration Leads to Full Account takeover OAuth Clickjacking CSRF Account takeover NA Yasser Mohammed (@boomneroli) Bug Bounty2021-02-132023-06-13
2813[GITLAB] — Just another SSRF issue. SSRF GitLab Lyubomir Tsirkov (@lyubo_tsirkov) Bug Bounty2021-02-132023-06-13
2812[GITLAB] — Server Side Request Forgery in “Project Import” page. SSRF GitLab Lyubomir Tsirkov (@lyubo_tsirkov) Bug Bounty2021-02-132023-06-13
2811Changing other users Episode title & description - IDOR Vulnerability in [REDACTED] (Write Up) IDOR NA Evan Ricafort (@evanricafort) Bug Bounty2021-02-132023-06-13
2810How I Hacked Everyone’s Resume/CV’s and Got €€€ IDOR Authorization flaw Information disclosure NA Vishal Bharad Bug Bounty2021-02-142023-06-13
2809IDOR via Websockets allow me to takeover any users account IDOR NA Mohsin Khan (@tabaahi_) Bug Bounty2021-02-142023-06-13
2808My first bounty (stored-xss) Stored XSS NA Karan sharma (@karansh491) Bug Bounty2021-02-142023-06-13
2807Stored XSS in icloud.com — $5000 Stored XSS NA Vishal Bharad Bug Bounty2021-02-142023-06-13
2802Full account takeover worth $1000 Think out of the box Account takeover CSRF IDOR NA Mohsin Khan (@tabaahi_) Bug Bounty2021-02-152023-06-13
2800I Own your Cloud Shell: Taking over “Azure Cloud Shell” Kubernetes Cluster Through Unsecured Kubelet API 30,000$ Bounty Privilege escalation RCE Microsoft Chen Cohen (@chencococococo) Bug Bounty2021-02-152023-06-13
2799SHAREit Flaw Could Lead to Remote Code Execution Android RCE MiTM Man-in-the-Disk attack Insecure intent Vulnerable Android content provider SHAREit Echo Duan Bug Bounty2021-02-152023-06-13
2798Sub-domain Takeover on api.techprep.fb.com (AWS Elastic Beanstalk)! Subdomain takeover Meta / Facebook Binit Ghimire (@WHOISbinit) Bug Bounty2021-02-162023-06-13
2797Hunting for bugs in Telegram%27s animated stickers remote attack surface Memory corruption DoS Telegram polict (@polict_) Bug Bounty2021-02-162023-06-13
2796Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story) Configuration file injection RCE Google Imre Rad (@ImreRad) Bug Bounty2021-02-162023-06-13
2795From AWS S3 Misconfiguration to Sensitive Data Exposure AWS misconfiguration NA Jadek Mark (@mase289) Bug Bounty2021-02-172023-06-13
2794Story of a very lethal IDOR. XSS IDOR Account takeover NA Vedant Tekale (@_justYnot) Bug Bounty2021-02-172023-06-13
2782Account Take Over by Response Manipulation Authentication bypass Account takeover NA Naveen J (@thevillagehackr) Bug Bounty2021-02-172023-06-13
2781Build Pipeline Security RCE AWS xssfox (@xssfox) Bug Bounty2021-02-182023-06-13
2780CSRF In JSF 2.0: Predicting CSRF Tokens For Apache MyFaces CSRF ViewState Apache Wolfgang Ettlinger Bug Bounty2021-02-192023-06-13
2779Account Takeover via Response Manipulation worth 1800$.. Authentication bypass OTP bypass Account takeover NA Ashutosh mishra (@ashutoshmish_ra) Bug Bounty2021-02-202023-06-13
2778Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli Race condition Lack of rate limiting OTP bypass SQL injection NA Yasser Mohammed (@boomneroli) Bug Bounty2021-02-202023-06-13
2777RCE On A Laravel Private Program RCE NA Yashar Shahinzadeh (@YShahinzadeh) Bug Bounty2021-02-202023-06-13
2776Let’s know How I have explored the buried secrets in Xamarin application Hardcoded API keys Information disclosure NA secureITmania (@secureitmania) Bug Bounty2021-02-212023-06-13