Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5287My Experience with the PayPal Bug Bounty Programme CSRF Paypal Jack Whitton (@fin1te) Bug Bounty2012-10-122023-06-13
5285Persistent XSS on myworld.ebay.com XSS Ebay Jack Whitton (@fin1te) Bug Bounty2013-01-272023-06-13
5284Framing, Part 1: Click-Jacking Etsy Clickjacking Etsy Jack Whitton (@fin1te) Bug Bounty2013-02-052023-06-13
5281Stealing Facebook Access Tokens with a Double Submit CSRF OAuth Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2013-04-132023-06-13
5279Overwriting Banner Images on Etsy Authorization flaw Etsy Jack Whitton (@fin1te) Bug Bounty2013-05-212023-06-13
5278Hijacking a Facebook Account with SMS Authorization flaw Account takeover Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2013-06-262023-06-13
5271Removing Covers Images on Friendship Pages, on Facebook Authorization flaw Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2013-09-252023-06-13
5268Content Types and XSS: Facebook Studio XSS Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2013-10-212023-06-13
5264Instagram%27s One-Click Privacy Switch CSRF Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2013-10-312023-06-13
5260Abusing CORS for an XSS on Flickr XSS Flickr Jack Whitton (@fin1te) Bug Bounty2013-12-122023-06-13
5247Google Docs %27ClickJacking%27 (Information Disclosure) Clickjacking Google Matt Austin (@mattaustin) Bug Bounty2014-05-132023-06-13
5215Bypassing Google Authentication on Periscope%27s Administration Panel Authentication bypass Google Jack Whitton (@fin1te) Bug Bounty2015-07-202023-06-13
5198An XSS on Facebook via PNGs & Wonky Content Types XSS Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2016-01-272023-06-13
5189Uber Bug Bounty: Turning Self-XSS into Good-XSS XSS Uber Jack Whitton (@fin1te) Bug Bounty2016-03-222023-06-13
5186Obtaining Login Tokens for an Outlook, Office or Azure Account CSRF Microsoft Jack Whitton (@fin1te) Bug Bounty2016-04-032023-06-13
5182Facebook ClickJacking – How we put a new dress on Facebook UI Clickjacking Meta / Facebook Mohamed A. Baset Bug Bounty2016-04-222023-06-13
5181Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak Clickjacking Telegram Mohamed A. Baset Bug Bounty2016-04-282023-06-13
5180WhatsApp Clickjacking Vulnerability – Yet another web client failure! Clickjacking Meta / Facebook Mohamed A. Baset Bug Bounty2016-05-042023-06-13
5177FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones! Clickjacking Mozilla Mohamed A. Baset Bug Bounty2016-05-122023-06-13
5171Microsoft Yammer Clickjacking – Exploiting HTML5 Security Features Clickjacking Microsoft Mohamed A. Baset Bug Bounty2016-05-182023-06-13
5162TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking CSRF Account takeover Topcoder.com Mohamed A. Baset Bug Bounty2016-06-282023-06-13
5154BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service! Clickjacking CSRF BMW Mohamed A. Baset Bug Bounty2016-07-242023-06-13
5153Messenger.com Site-Wide CSRF CSRF Meta / Facebook Jack Whitton (@fin1te) Bug Bounty2016-07-262023-06-13
5065Stored XSS, CSRF And Clickjacking Vulnerabilities in Opera Stored XSS CSRF Clickjacking Opera Rafay Baloch (@rafaybaloch) Bug Bounty2017-06-012023-06-13
5033ctrl+c & ctrl+v to Steal SESSIONID Clickjacking NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-07-182023-06-13