Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5226vimeo IDOR ( buying pro membership & ondemand videos for 0.1$ ) IDOR Vimeo N B Sri Harsha (@nbsriharsha) Bug Bounty2015-01-162023-06-13
4682RCE due to ShowExceptions RCE Information disclosure Debugging enabled NA Harsh Jaiswal (@rootxharsh) Bug Bounty2018-07-202023-06-13
4528Path traversal while uploading results in RCE Path traversal RCE NA Harsh Jaiswal (@rootxharsh) Bug Bounty2018-10-152023-06-13
4483OLX Reflected XSS on Resend Code link !! Reflected XSS OLX Harshad Gaikwad (@h4rsh4d) Bug Bounty2018-11-122023-06-13
4263Vimeo SSRF with code execution potential. SSRF Vimeo Harsh Jaiswal (@rootxharsh) Bug Bounty2019-03-082023-06-13
4179Stealing local storage data through XSS Stored XSS Account takeover NA Harshad Gaikwad (@h4rsh4d) Bug Bounty2019-04-252023-06-13
3774Abusing feature to steal your tokens OAuth NA Harsh Jaiswal (@rootxharsh) Bug Bounty2019-12-172023-06-13
3528From Recon to P1 (Critical) — An Easy Win Exposed registration page NA Harsh Bothra (@harshbothra_) Bug Bounty2020-04-242023-06-13
3519Recon to Sensitive Information Disclosure in Minutes Information disclosure Outdated component with a known vulnerability NA Harsh Bothra (@harshbothra_) Bug Bounty2020-04-282023-06-13
3483Weak Cryptography in Password Reset to Full Account Takeover Account takeover Password reset Cryptographic issues NA Harsh Bothra (@harshbothra_) Bug Bounty2020-05-152023-06-13
3471Multiple flaws leads to Account Takeover within an Application Account takeover Password reset NA Harshit Sengar (@sengarharshit1) Bug Bounty2020-05-182023-06-13
3415XSS to Database Credential Leakage & Database Access — Story of total luck! Reflected XSS Information disclosure NA Harsh Bothra (@harshbothra_) Bug Bounty2020-06-062023-06-13
3400Let’s Bypass CSRF Protection & Password Confirmation to Takeover Victim Accounts :D CSRF NA Harsh Bothra (@harshbothra_) Bug Bounty2020-06-122023-06-13
3348Misconfigured S3 Bucket Access Controls to Critical Vulnerability AWS misconfiguration NA Harsh Bothra (@harshbothra_) Bug Bounty2020-07-022023-06-13
3296Unique Case for Price Manipulation | BugBounty | VAPT Payment tampering NA Harshit Sengar (@sengarharshit1) Bug Bounty2020-07-182023-06-13
3211Witnet Network Bug Bounty: DOS Bug from Harsh Jain DoS Witnet Harsh Jain Bug Bounty2020-08-172023-06-13
3146How I By-pass the login page and 2FA authentication….. Authentication bypass OTP bypass MFA bypass NA Harsh Bug Bounty2020-09-202023-06-13
3121Journey Of My First Bug Bounty (Nov 2018) Authentication bypass Samsung Harsh Tyagi (@harshtya9i) Bug Bounty2020-10-022023-06-13
3098How I find my first P1 level Bug. $$$ XSS NA Harsh Bug Bounty2020-10-132023-06-13
3081Accidental Observation to Critical IDOR IDOR NA Harsh Bothra (@harshbothra_) Bug Bounty2020-10-242023-06-13
3080My first bug on Google IDOR Google Manas Harsh (@ManasH4rsh) Bug Bounty2020-10-252023-06-13
3039Evading Filters to perform the Arbitrary URL Redirection Attack Open redirect NA Harsh Bothra (@harshbothra_) Bug Bounty2020-11-122023-06-13
2890Finding 0day to hack Apple RCE ColdFusion Apple Harsh Jaiswal (@rootxharsh) Bug Bounty2021-01-162023-06-13
2862Bragging Rights(Part 1): Short story of a bug wave IDOR Stored XSS SSRF Subdomain takeover Hardcoded credentials NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-01-272023-06-13
2755Bragging Rights: Killing File Uploads softly Unrestricted file upload Stored XSS NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-02-282023-06-13