Write-ups

Check The Published Writeups

WDBTitleTagsProgramsAuthorsTypePublicationAdded
2775Web Cache Poisoning to Account Takeover Web cache poisoning Account takeover NA Josh Fam (@Pullerze) Bug Bounty2021-02-212023-06-13
2774Grafana Admin Panel bypass in Google Acquisition(VirusTotal) Default credentials Google Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2021-02-222023-06-13
2773CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux Unencrypted storage Keybase John Jackson (@johnjhacking) Bug Bounty2021-02-222023-06-13
2772Security and Privacy of Social Logins (II): PostMessage Security in Single Sign-On DOM XSS postMessage DOM XSS SAP The New York Times CNET Louis Jannett (@iphoneintosh) Bug Bounty2021-02-222023-06-13
2771CSRF through URL with # tag parameter CSRF NA Tommysuriel Bug Bounty2021-02-252023-06-13
2770Hijacking Reset Password Link in https://www.niteflirt.com/ via Host Header Poising (Write Up) Host header injection Account takeover Password reset Niteflirt Evan Ricafort (@evanricafort) Bug Bounty2021-02-252023-06-13
2769Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough Web cache poisoning Stored XSS NA Gal Nagli (@naglinagli) Bug Bounty2021-02-252023-06-13
2768Stealing user passwords through a VPN’s SSO Open redirect SSTI NA Alain Mowat (@plopz0r) Bug Bounty2021-02-252023-06-13
2767Password Reset Token Leak via X-Forwarded-Host Host header injection Account takeover Password reset NA Saajan Bhujel (@saajanbhujel) Bug Bounty2021-02-262023-06-13
2766Account Takeover - Smoking with null’ Account takeover Authentication flaw NA Jerry Shah (@Jerry) Bug Bounty2021-02-262023-06-13
2765SSRF: Bypassing hostname restrictions with fuzzing SSRF Elastic Dominic (@dee__see) Bug Bounty2021-02-262023-06-13
2764IDOR which allowed me to view Personal Email Addresses of More than 50K Users! IDOR Password reset NA Savir Suda (@savxiety) Bug Bounty2021-02-262023-06-13
2763CVE-2020–13956 Blind SSRF URL parsing issue Apache HttpClient Priyank (@Rev_Octo) Bug Bounty2021-02-262023-06-13
2762Somebody Call The Plumber, GraphQL is Leaking Again… Information disclosure GraphQL NA N0ur5 Bug Bounty2021-02-272023-06-13
2761Story About Stop 10000+ users to get Their job notification Logic flaw NA PJBorah Bug Bounty2021-02-272023-06-13
2760Host MITM attack via IPv6 rogue router advertisements (K8S CVE-2020-10749 / Docker CVE-2020-13401 / LXD / WSL2 / ...) MiTM Kubernetes Etienne Champetier / champtar Bug Bounty2021-02-282023-06-13
2759Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554) MiTM Kubernetes Etienne Champetier / champtar Bug Bounty2021-02-282023-06-13
2758Any Account Takeover Through Privilege Escalation Privilege escalation Account takeover NA Shubham Chaskar (@chaskar_shubham) Bug Bounty2021-02-282023-06-13
2757Somebody Call The Plumber, GraphQL is Leaking Again… Information disclosure GraphQL NA N0ur5 Bug Bounty2021-02-282023-06-13
2756Jira Auth Bypass bug in Google Acquisition (Apigee) Authentication bypass Google Jayateertha Guruprasad (@JayateerthaG) Bug Bounty2021-02-282023-06-13
2755Bragging Rights: Killing File Uploads softly Unrestricted file upload Stored XSS NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-02-282023-06-13
2754Admin Panel Accessed Via SQL Injection… (Ezy Boooom…😅) SQL injection NA Ratnadip Gajbhiye (@scspcommunity) Bug Bounty2021-02-282023-06-13
2753Big Bugs: Bitbucket Pipelines Kata Containers Build Container Escape RCE NA Alex Chapman (@ajxchapman) Bug Bounty2021-02-282023-06-13
2752SSRF to fetch AWS credentials with full access to multiple services SSRF NA Zonduhackerone (@zonduu1) Bug Bounty2021-02-282023-06-13
2751RocketChat - Unauthenticated access to messages Authorization flaw Rocket.Chat Rojan Rijal (@uraniumhacker) Bug Bounty2021-03-012023-06-13