Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
4740Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected) SOP bypass Browser extension hacking NA Matthew Bryant (@IAmMandatory) Bug Bounty2018-06-052023-06-13
4709Take Advantage of Out-of-Scope Domains in Bug Bounty Programs XSS NA Abdullah Hussam (@Abdulahhusam) Bug Bounty2018-06-272023-06-13
4704The $12,000 Intersection between Clickjacking, XSS, and Denial of Service Clickjacking XSS DoS Bustabit Sam Curry (@samwcyo) Bug Bounty2018-07-042023-06-13
4687Oracle WebLogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933) SAML Authentication bypass Oracle (WebLogic) Denis Andzakovic Bug Bounty2018-07-182023-06-13
4562Just another tale of severe bugs on a private program. Open redirect SSRF IDOR Logic flaw NA Siva Krishna Samireddi (@le4rner) Bug Bounty2018-09-282023-06-13
4555Applying a small bypass to steal Facebook Session tokens in Uber XSS CSP bypass OAuth Uber Samuel (@saamux) Bug Bounty2018-10-022023-06-13
4519Google sites and exploiting same origin policy SOP bypass Google Raushan Raj (@raushan_rajj) Bug Bounty2018-10-222023-06-13
4465Edmodo XSS Bug XSS Edmodo Sameer Phad (@sameerphad72) Bug Bounty2018-11-182023-06-13
4426My first bug bounty writeup XSS HTML injection Indeed Sampanna Chimoriya Bug Bounty2018-12-102023-06-13
4424How I was able to generate Access Tokens for any Facebook user. IDOR Information disclosure Meta / Facebook Youssef Sammouda (@samm0uda) Bug Bounty2018-12-112023-06-13
4407Reading ASP secrets for $17,000 Local file disclosure (LFD) NA Sam Curry (@samwcyo) Bug Bounty2018-12-162023-06-13
4393RCE in nokia.com RCE Nokia Sampanna Chimoriya Bug Bounty2018-12-272023-06-13
4268Fixed : Brute-force Instagram account’s passwords Bruteforce Rate limiting bypass Meta / Facebook Sameer Rao Bug Bounty2019-03-052023-06-13
4267Fixed : Register any email address on Facebook Account Authorization flaw Meta / Facebook Sameer Rao Bug Bounty2019-03-052023-06-13
4218Same-Origin Policy: From birth until today SOP bypass Browser hacking CSRF CORS Mozilla Google (Chrome) Opera Alex Nikolova (@AaylaSecura1138) Bug Bounty2019-04-042023-06-13
4102Stealing Cookies to Login in any Account Cookie theft NA Osama Avvan (@osamaavvan) Bug Bounty2019-06-162023-06-13
4098Bypassing XSS filter and Stealing User Payment Data XSS NA Osama Avvan (@osamaavvan) Bug Bounty2019-06-172023-06-13
4091Account Takeover with Clickjacking Clickjacking NA Osama Avvan (@osamaavvan) Bug Bounty2019-06-192023-06-13
4084$1800 worth Clickjacking Clickjacking NA Osama Avvan (@osamaavvan) Bug Bounty2019-06-212023-06-13
4074CORS To CSRF Attack CORS misconfiguration CSRF NA Osama Avvan (@osamaavvan) Bug Bounty2019-06-272023-06-13
4044Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program Blind XSS Tesla Sam Curry (@samwcyo) Bug Bounty2019-07-142023-06-13
3953How i was able to exploit the same endpoint 2 times ( multiple xss & open Redirection on 10 subdomain) XSS Open redirect Sanity.io Ratnadip Gajbhiye (@scspcommunity) Bug Bounty2019-08-262023-06-13
3936Exploiting JSONP and Bypassing Referer Check Information disclosure JSONP NA Osama Avvan (@osamaavvan) Bug Bounty2019-09-072023-06-13
3900Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure Path traversal Atlassian Sam Curry (@samwcyo) Bug Bounty2019-09-252023-06-13
3887How “Recon” helped Samsung protect their production repositories of SamsungTv, eCommerce / eStores Information disclosure Samsung Prateek Tiwari Bug Bounty2019-10-052023-06-13