Write-ups

Check The Published Writeups

WDBTitleTagsProgramsAuthorsTypePublicationAdded
2725Business Logic Error on Registration Leads to SMS Validation Bypass MFA bypass NA pleorqy (@pleorqy) Bug Bounty2021-03-102023-06-13
2724Messing with GitHub%27s fork collaboration for fun and profit Broken Access Control GitHub Teddy Katz (@not_aardvark) Bug Bounty2021-03-102023-06-13
2723[Google VRP] How I Get Blind XSS At Google With Dork (First Bounty and HOF ) Blind XSS Google Rio Mulyadi (@riomulyadi_) Bug Bounty2021-03-112023-06-13
2722Account Takeover Via Reset Password Worth 2000$ Password reset Account takeover NA Ashutosh mishra (@ashutoshmish_ra) Bug Bounty2021-03-122023-06-13
2721Finding keys under the door Stored XSS Unrestricted file upload Paytm Naveen Prakaasham K S V Bug Bounty2021-03-122023-06-13
2720How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company SQL injection Automattic IBM 8x8 Ahmad A Abdulla (@lu3ky13) Bug Bounty2021-03-122023-06-13
2719IDOR Vulenebility with empty response still exposing sensitive details of customers! IDOR NA Rahul Varale Bug Bounty2021-03-142023-06-13
2718Facebook Group Members Disclosure. Information disclosure Meta / Facebook Baibhav Anand (@SpongeBhav) Bug Bounty2021-03-152023-06-13
2717De-anonymize the members of a private Facebook Group as a non-member. GraphQL Information disclosure Meta / Facebook Baibhav Anand (@SpongeBhav) Bug Bounty2021-03-152023-06-13
2716API Misconfiguration which leads to unauthorized access to servicedesk tickets Information disclosure NA Gaurav Popalghat (@N008x) Bug Bounty2021-03-162023-06-13
2715Voice Confusion When Commenting On Watch Party Information disclosure Meta / Facebook Prakash Panta (@prakashpanta268) Bug Bounty2021-03-162023-06-13
2714An Interesting Account Takeover!! IDOR Account takeover Weak encryption Password reset NA Mayank Pandey (@mayank_pandey01) Bug Bounty2021-03-172023-06-13
2713An unknown Linux secret that turned SSRF to OS Command injection SSRF Command injection NA secureITmania (@secureitmania) Bug Bounty2021-03-172023-06-13
2712CVE-2021-27076: A Replay-style Deserialization Attack Against Sharepoint Insecure deserialization RCE Microsoft Simon Zuckerbraun (@HexKitchen) Bug Bounty2021-03-172023-06-13
2711Abusing Data Protection Laws For D0xing & Account Takeovers SSTI Account takeover NA Hx01 (@Hxzeroone) Bug Bounty2021-03-172023-06-13
2710Dangling DNS: Worksites.net Dangling DNS records Subdomain takeover NA Mohamed Elbadry (@_melbadry9) Bug Bounty2021-03-172023-06-13
2709Stealing arbitrary GitHub Actions secrets Logic flaw GitHub Teddy Katz (@not_aardvark) Bug Bounty2021-03-172023-06-13
2708Chaining bugs for the greater good Blind XSS CSRF NA mohamad mahmoudi (@Lotus_619) Bug Bounty2021-03-182023-06-13
2707How I hacked Facebook: Part Two SSRF Account takeover Cookie manipulation Meta / Facebook Alaa Abdulridha (@alaa0x2) Bug Bounty2021-03-182023-06-13
2706TikTok for Android 1-Click RCE RCE XSS Insecure intent Android TikTok Sayed Abdelhafiz (@dPhoeniixx) Bug Bounty2021-03-182023-06-13
2705H2C Smuggling in the Wild HTTP request smuggling NA Sean Yeoh (@seanyeoh) Bug Bounty2021-03-182023-06-13
2704How to Harpon Big Blue! Logic flaw Exposed registration page IBM Clark Voss (@clark_voss) Bug Bounty2021-03-192023-06-13
2703A short story about an XSS in chat.mozilla.org (CVE-2021-21320) XSS Mozilla Guilherme Keerok (@k33r0k) Bug Bounty2021-03-192023-06-13
2702Subdomain Takeover in AWS: making a PoC Subdomain takeover NA Diego Bernal Adelantado (@secfaults) Bug Bounty2021-03-202023-06-13
2701OAuth Misconfiguration found in small time-window of attack OAuth NA Muhammad Aamir (@Muhammad__Aamir) Bug Bounty2021-03-202023-06-13