Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5026Self XSS to Good XSS Clickjacking XSS Clickjacking NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-07-202023-06-13
5003Password Not Provided - Compromising Any Flurry User%27s Account [Yahoo Bug Bounty] Authentication flaw Account takeover Yahoo! / Verizon Media Jack Cable (@jackhcable) Bug Bounty2017-08-152023-06-13
4981Chaining Self XSS with UI Redressing is Leading to Session Hijacking (PWN users like a boss) Self-XSS Clickjacking NA Armaan Pathan (@armaancrockroax) Bug Bounty2017-09-182023-06-13
4943Get your Microsoft account hijacked by simply clicking connect button -Adesh Kolte Stored XSS Microsoft Adesh Nandkishor kolte (@AdeshKolte) Bug Bounty2017-11-062023-06-13
4914Don%27t Trust the Host Header for Sending Password Reset Emails Password reset Account takeover Mavenlink Jack Cable (@jackhcable) Bug Bounty2017-12-132023-06-13
4845Re-dressing Instagram – Leaking Application Tokens via Instagram ClickJacking Vulnerability! Clickjacking Meta / Facebook Mohamed A. Baset Bug Bounty2018-02-252023-06-13
4840Clickjackings in Google worth 12644.7$ Clickjacking Google Raushan Raj (@raushan_rajj) Bug Bounty2018-03-062023-06-13
4807Hijacking User’s Private Information access_token from Microsoft Office360 facebook App Logic flaw Microsoft Mohamed A. Baset Bug Bounty2018-04-132023-06-13
4744How I Earned $750 Bounty Reward From AT&T bug Bounty -Adesh Kolte RCE Clickjacking XSS Same Origin Method Execution AT&T Adesh Nandkishor kolte (@AdeshKolte) Bug Bounty2018-06-012023-06-13
4733Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper DOM XSS Universal XSS Clickjacking Browser extension hacking NA Matthew Bryant (@IAmMandatory) Bug Bounty2018-06-082023-06-13
4704The $12,000 Intersection between Clickjacking, XSS, and Denial of Service Clickjacking XSS DoS Bustabit Sam Curry (@samwcyo) Bug Bounty2018-07-042023-06-13
4680Unclaimed Medium Publication takeover in WeTransfer Medium publication takeover Broken link hijacking WeTransfer Prial Islam Khan (@prial261) Bug Bounty2018-07-212023-06-13
4672Binary.com ClickJacking Vulnerability — Exploiting HTML5 Security Features Clickjacking Binary.com Ameer Assadi (@AmeerAssadi) Bug Bounty2018-07-282023-06-13
4589Reflected DOM XSS and CLICKJACKING on https://silvergoldbull.de/bt.html DOM XSS Clickjacking Silver Gold Bull Daniel Maksimovic Bug Bounty2018-09-132023-06-13
4586How I hijacked your account when you opened my cat picture Logout CSRF NA Matti Bijnens (@MattiBijnens) Bug Bounty2018-09-142023-06-13
4547Clickjacking in Google Docs and Voice typing feature. Clickjacking Google Raushan Raj (@raushan_rajj) Bug Bounty2018-10-052023-06-13
4507Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable CSRF Clickjacking NA Zseano (@zseano) Bug Bounty2018-10-292023-06-13
4484Clickjacking on Google MyAccount Worth 7,500$ Clickjacking Google apapedulimu / Nosa Shandy (@LocalHost31337) Bug Bounty2018-11-112023-06-13
4482Chain exploitation of XSS DOM XSS Clickjacking CSRF NA Mikhail Klyuchnikov (@__Mn1__) Bug Bounty2018-11-122023-06-13
4440Remotely Hijacking Zoom Clients Logic flaw Zoom David Wells Bug Bounty2018-12-032023-06-13
4439[BBP系列三] Hijack the JS File of Uber%27s Website JS file hijacking Uber Chaobin Zhang Bug Bounty2018-12-032023-06-13
4398How I accidentally found a clickjacking “feature” in Facebook Clickjacking Meta / Facebook Lasq (@lasq88) Bug Bounty2018-12-212023-06-13
4372When Cookie Hijacking + HTML Injection become dangerous Cookie hijacking HTML injection NA Daniel V. (@d4niel_v) Bug Bounty2019-01-072023-06-13
4359Oauth Misconfiguration lead to complete account takeover CSRF OAuth Account takeover NA Jackson kv (@Jacksonkv22) Bug Bounty2019-01-202023-06-13
4335Hijacking accounts by retrieving JWT tokens via unvalidated redirects Open redirect Token leak NA Shawar Khan (@ShawarkOFFICIAL) Bug Bounty2019-01-272023-06-13