Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2750Join Facebook Group With Unpublish Page Authorization flaw Meta / Facebook gevakun Bug Bounty2021-03-012023-06-13
2749Secret Key Exposure in API Config Directory Information disclosure NA Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2021-03-012023-06-13
2748Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure CORS misconfiguration Information disclosure NA Harsh Parekh (@notmarshmllow) Bug Bounty2021-03-012023-06-13
2747GKE Autopilot Node Compromise via local-storage PersistentVolume Container escape Google Anthony Weems Bug Bounty2021-03-012023-06-13
2746Microsoft Edge Browser For IOS - Address Bar Spoofing Vulnerability Address Bar Spoofing Microsoft Rafay Baloch (@rafaybaloch) Bug Bounty2021-03-022023-06-13
2745How I Might Have Hacked Any Microsoft Account Account takeover Password reset Bruteforce MFA bypass Microsoft Laxman Muthiyah (@laxmanmuthiyah) Bug Bounty2021-03-022023-06-13
2744The Invincible Kid Logic flaw Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2021-03-032023-06-13
2743Content Injection (RCE) in Yandex Browser for Android [2018] MiTM Yandex Nightwatch Cybersecurity (@nightwatchcyber) Bug Bounty2021-03-032023-06-13
2742Stored XSS at Trello.com Stored XSS Trello Maor Dayan (@mord1234) Bug Bounty2021-03-042023-06-13
2741Low hanging fruits on Facebook Group Room. Unable to remove post on group when post room add with event ($500) Logic flaw Meta / Facebook Randy Arios Bug Bounty2021-03-042023-06-13
2740Leveraging Template injection to takeover an account. CSTI XSS NA Akash Methani (@0xAkash) Bug Bounty2021-03-042023-06-13
2739GKE Autopilot Node Compromise via startup-script Container escape Google Anthony Weems Bug Bounty2021-03-052023-06-13
2738GKE Autopilot Node Compromise via SSH Metadata Container escape Google Anthony Weems Bug Bounty2021-03-052023-06-13
2737The easiest $2500 I got it from bug bounty program Information disclosure Uber Abdullah Mohamed (@3bodymo_) Bug Bounty2021-03-062023-06-13
2736Exploiting a hidden and forgotten Bug SSRF NA Aditya Verma (@0cirius0) Bug Bounty2021-03-072023-06-13
2735Finding Hidden Login Endpoint Exposing Secret `Client ID` Information disclosure NA Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2021-03-072023-06-13
2734Stored XSS in Google Ads Android Application— $3133.70 Stored XSS HTML injection Google Ashish Dhone (@ashketchum_16) Bug Bounty2021-03-072023-06-13
2733Partially disable Cybereason EDR as low privileges user on Windows EDR bypass Local Privilege Escalation Cybereason Mehdi Alouache Bug Bounty2022-10-282023-06-13
2732Bypassing Chrome%27s URL restrictions Browser hacking URL validation bypass Google (Chrome) Jeffrey Bencteux (@jeffbencteux) Bug Bounty2021-03-072023-06-13
2731Dangling DNS: Amazon EC2 IPs (Current State) Dangling DNS records Subdomain takeover 8x8 Mohamed Elbadry (@_melbadry9) Bug Bounty2021-03-082023-06-13
2730Write Up – Google VRP N/A: SSRF Bypass With Quadzero In Google Cloud Monitoring SSRF Google Omar Espino (@omespino) Bug Bounty2021-03-082023-06-13
2729Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover HTTP request smuggling XSS NA Kleiton Kurti (@kleiton0x7e) Bug Bounty2021-03-092023-06-13
2728Dangling DNS Records on surf-test.xwf.internet.org (Amazon EC2)! Subdomain takeover Dangling DNS records Meta / Facebook Binit Ghimire (@WHOISbinit) Bug Bounty2021-03-102023-06-13
2727Finding Basic Authtoken in JAVASCRIPT file BY Full Automation Information disclosure NA Santosh Kumar Sha (@killmongar1996) Bug Bounty2021-03-102023-06-13
2726Chain of Low Level Bugs and Misconfigurations Leads to Account Takeover Reflected XSS Clickjacking Account takeover NA pleorqy (@pleorqy) Bug Bounty2021-03-102023-06-13