Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
786CVE-2022-40300: SQL Injection In Manageengine Privileged Access Management SQL injection Zoho (ManageEngine) Justin Hung Bug Bounty2022-11-232023-06-13
785Dodging OAuth origin restrictions for Firebase spelunking OAuth Security misconfiguration Authentication flaw NA Aditya Saligrama (@saligrama_a) Bug Bounty2022-11-232023-06-13
784From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942) Authentication bypass Kerberos RCE Privilege escalation Security code review Intel Julien Ahrens (@MrTuxracer) Bug Bounty2022-11-232023-06-13
782Contrast discovers zero-day flaw in popular Quarkus Java framework Drive-by attack CSRF RCE Quarkus Joseph Beeton Bug Bounty2022-11-232023-06-13
781Legally hacking a Government Satellite? Missing authentication OS command injection RCE NA RiotSecTeam (@RiotSecTeam) Bug Bounty2022-11-242023-06-13
780Hacker%27s Guide to Directory/Endpoint Enumeration 40x bypass NA Inderjeet Singh (@3nc0d3dGuY) Bug Bounty2022-11-242023-06-13
779CVE-2022–43781 OS command injection RCE Atlassian Petrus Viet (@VietPetrus) Bug Bounty2022-11-252023-06-13
778Able to Mass-change profile section leads to my first $BOUNTY$ HTML injection IDOR CSRF NA SYRINE Bug Bounty2022-11-252023-06-13
777Exploiting an N-day vBulletin PHP Object Injection Vulnerability PHP Object Injection Security code review vBulletin Egidio Romano / EgiX Bug Bounty2022-11-262023-06-13
776Hacking Dutch Government-Broken Authentication To Full Website Takeover (P1) Exposed registration page Dutch Government V1dr4X Bug Bounty2022-11-262023-06-13
775How I hacked into a government e-learning website IDOR Account takeover NA iamgk808 (@iamgk808) Bug Bounty2022-11-262023-06-13
773WebView XSS, account takeover Webview XSS Android Account takeover Improper Export of Android Application Components NA shafou Bug Bounty2022-11-262023-06-13
772A great weekend hack(worth $8k) SQL injection IDOR Stored XSS NA Manas Harsh (@ManasH4rsh) Bug Bounty2022-11-262023-06-13
771[Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application Android Hardcoded credentials IDOR NA Abdelhak Kharroubi Bug Bounty2022-11-262023-06-13
770A Real World Example Of Classic Remote Command Execution (RCE) OS command injection XSS RCE NA Bhashit Pandya (@x30r_) Bug Bounty2022-11-262023-06-13
768Access Any Owner Account without Authentication (Auth bypass + 2FA bypass) Authentication bypass MFA bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-11-272023-06-13
767Firebase Exploit bug bounty Security misconfiguration Firebase NA Damaidec Bug Bounty2022-11-272023-06-13
766Unique Rate limit bypass worth 1800$ Rate limiting bypass Captcha bypass NA Manav Bankatwala (@ManavBankatwala) Bug Bounty2022-11-272023-06-13
7652FA Enabled Accounts Can Bypass Authentication & Access Account After Deactivation Authentication bypass Account takeover NA Sharat Kaikolamthuruthil (@sharp488) Bug Bounty2022-11-272023-06-13
762Improper error handling leads to exposing internal tokens Information disclosure NA Agnieszka Pietruczuk Bug Bounty2022-11-282023-06-13
761Broken access control + misconfiguration = Beautiful privilege escalation Broken Access Control Privilege escalation NA Hossam Mesbah (@m359ah) Bug Bounty2022-11-282023-06-13
759Cross-Site Scripting in CodeIgniter version 3.1.13 Reflected XSS Security code review CodeIgniter Antoine Cervoise Bug Bounty2022-11-292023-06-13
758VoIP Spoofing (Intigriti) 1,250€ VoIP Spoofing NA 0xJin (@0xJin) Bug Bounty2022-11-292023-06-13
752VLC : Integer overflow in vnc module <= 3.0.18 CVE-2022-41325 Memory corruption Integer overflow VLC 0xMitsurugi Bug Bounty2022-11-302023-06-13
749Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access Cloud SQL injection Privilege escalation Information disclosure IBM Ronen Shustin (@ronenshh) Bug Bounty2022-12-012023-06-13