Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
899Hijacking AUR Packages by Searching for Expired Domains Subdomain takeover Supply chain attack NA Joren Vrancken Bug Bounty2022-10-262023-06-13
897Misconfigured AWS S3 Bucket (Information Disclosure & Subdomain Takeover) AWS misconfiguration NA Gokhan Guzelkokar (@gkhck_) Bug Bounty2022-10-272023-06-13
896A 250$ CSS Injection — My First Finding on Hackerone! CSS injection NA Dsonbacker Bug Bounty2022-10-272023-06-13
894AWS SSRF to Root on production instance — A bug worth 1.75Lacs SSRF RCE Password reset NA Avinash Jain (@logicbomb_1) Bug Bounty2022-10-272023-06-13
893Abusing Windows’ tokens to compromise Active Directory without touching LSASS Local Privilege Escalation Windows Active Directory Privilege Escalation NA Aurélien Chalot (@Defte_) Bug Bounty2022-10-272023-06-13
892RCE docker api, but … RCE Docker daemon misconfiguration NA nanwn Bug Bounty2022-10-282023-06-13
890CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities RCE Phar deserialization Reflected XSS XPATH injection Path traversal LFI Juniper Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-10-282023-06-13
889Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis Local Privilege Escalation Windows Microsoft Zscaler Threatlabz (@Threatlabz) Bug Bounty2022-10-282023-06-13
888How i was able to get free money via sending negative tokens Logic flaw Payment tampering NA Mohamed Anani (@0xM5awy) Bug Bounty2022-10-282023-06-13
886Old RCE worth $3362. RCE NA nanwn Bug Bounty2022-10-302023-06-13
8852FA Bypass due to information disclosure & Improper access control. DoS MFA bypass NA Akash Hamal (@AkashHamal0x01) Bug Bounty2022-10-312023-06-13
883A tale of a simple Apple kernel bug Out-of-bounds Read Memory corruption MacOS iOS Apple Jordy Zomer (@pwningsystems) Bug Bounty2022-10-312023-06-13
882Blind SQL Injection on Delete Request Blind SQL injection NA Jawad Mahdi (@hunter0x1) Bug Bounty2022-10-302023-06-13
881Safari is hot-linking images to semi-random websites Browser hacking XSS Apple Gareth Heyes (@garethheyes) Bug Bounty2022-10-312023-06-13
880urlscan.io%27s SOAR spot: Chatty security tools leaking private data Information disclosure NA Fabian Bräunlein Bug Bounty2022-11-012023-06-13
879CVE−2022-3602: Punycode buffer overflow in OpenSSL Memory corruption DoS OpenSSL Colm MacCárthaigh (@colmmacc) Bug Bounty2022-11-012023-06-13
876Improper Access Control — My Third Finding on Hackerone! HTML injection Broken Access Control NA mehedishakeel (@mehedishakeel) Bug Bounty2022-11-022023-06-13
875Fuzzing For Hidden Params SQL injection NA calfcrusher Bug Bounty2022-11-022023-06-13
874Chaining Multiple Vulnerabilities Leads to Remote Code Execution (RCE) on One of the Payment Service Companies. Exposed registration page Exposed Jenkins instance Weak credentials RCE NA Rohit Soni (@streetofhacker) Bug Bounty2022-11-022023-06-13
871Get Blind XSS within 5 Minutes — $100 Blind XSS NA Narayanan M Bug Bounty2022-11-032023-06-13
870The power of adaptability through experience. Lateral movement Active Directory Privilege Escalation NA Mike Saunders (@hardwaterhacker) Bug Bounty2022-11-032023-06-13
869Invitation Hijacking Authorization flaw Privilege escalation NA vFlexo (@vflexo) Bug Bounty2022-11-032023-06-13
868Case of Admin Bypass for RCE, XSS, and Information Disclosure RCE Unrestricted file upload Stored XSS Information disclosure NA Sam Paredes (@caffeinevulns) Bug Bounty2022-11-032023-06-13
866CSRF Leads to Delete User Account CSRF NA Omarbakrey Bug Bounty2022-11-042023-06-13
865Practical Client Side Path Traversal Attacks Path traversal Client-side Path Traversal Open redirect CSS injection Acronis Medi (@medi_0ne) Bug Bounty2022-11-042023-06-13