Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5290Facebook XSS via Cross-Origin Resource Sharing XSS Meta / Facebook Matt Austin (@mattaustin) Bug Bounty2010-07-062023-06-13
5289Hacking Facebook with FBML and DOM XSS Meta / Facebook Matt Austin (@mattaustin) Bug Bounty2010-07-182023-06-13
5288Facebook FBML DOM Traversal (Information Disclosure) Information disclosure Meta / Facebook Matt Austin (@mattaustin) Bug Bounty2011-08-232023-06-13
5259Flickr XSS (Stored / DOM XSS) XSS Flickr Matt Austin (@mattaustin) Bug Bounty2013-12-182023-06-13
5247Google Docs %27ClickJacking%27 (Information Disclosure) Clickjacking Google Matt Austin (@mattaustin) Bug Bounty2014-05-132023-06-13
5245ebay bug bounty Reflected XSS Ebay Matthew Bryant (@IAmMandatory) Bug Bounty2014-06-062023-06-13
5207XSS to RCE in Atlassian Hipchat XSS RCE Atlassian Matt Austin (@mattaustin) Bug Bounty2015-11-152023-06-13
5178Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS Blind XSS GoDaddy Matthew Bryant (@IAmMandatory) Bug Bounty2016-05-082023-06-13
5146Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System Subdomain takeover DigitalOcean Matthew Bryant (@IAmMandatory) Bug Bounty2016-08-252023-06-13
5118The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean Domain takeover Google Amazon Rackspace DigitalOcean Matthew Bryant (@IAmMandatory) Bug Bounty2016-12-052023-06-13
5056How I hacked 23.900.000 tumblr domains at once :) IDOR Automattic Ak1T4 (@akita_zen) Bug Bounty2017-06-192023-06-13
4967Craft CMS – Why case matters Reflected XSS Content injection Craft CMS Markus Krell (@MarkusKrell) Bug Bounty2017-10-012023-06-13
4926Taking note: XSS to RCE in the Simplenote Electron client XSS RCE Automattic Yasin Soliman (@SecurityYasin) Bug Bounty2017-11-222023-06-13
4740Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected) SOP bypass Browser extension hacking NA Matthew Bryant (@IAmMandatory) Bug Bounty2018-06-052023-06-13
4733Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper DOM XSS Universal XSS Clickjacking Browser extension hacking NA Matthew Bryant (@IAmMandatory) Bug Bounty2018-06-082023-06-13
4706https://leigh-annegalloway.com/tumblr/ Captcha bypass Username enumeration Information disclosure Automattic Leigh-Anne Galloway (@L_AGalloway) Bug Bounty2018-06-292023-06-13
4600Stored XSS Vulnerability in Tumblr Stored XSS Automattic Anas Mahmood (@AnasIsHere) Bug Bounty2018-09-082023-06-13
4586How I hijacked your account when you opened my cat picture Logout CSRF NA Matti Bijnens (@MattiBijnens) Bug Bounty2018-09-142023-06-13
4490WordPress Design Flaw Leads to WooCommerce RCE RCE Automattic (WooCommerce) Simon Scannell (@scannell_simon) Bug Bounty2018-11-062023-06-13
4166Remote code execution On Microsoft edge using URL Protocol RCE Microsoft Matt harr0ey (@harr0ey) Bug Bounty2019-05-012023-06-13
4110How spending our Saturday hacking earned us 20k IDOR NA Matti Bijnens (@MattiBijnens) Bug Bounty2019-06-142023-06-13
3843Keylogging users via Slack themes CSS injection Slack Matt Langlois (@fletchto99) Bug Bounty2019-11-112023-06-13
3694OK Google: bypass the authentication! Authentication bypass Google Mattia Vinci Bug Bounty2020-01-312023-06-13
3692Tumblr Bug Bounty ( $200) Unrestricted file upload XSS Authorization flaw Automattic Myo Min Thu (@myominthu1337) Bug Bounty2020-02-022023-06-13
3650Discord DoS with a single message DoS Discord DarkMatterMatt Bug Bounty2020-02-242023-06-13