Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3858Cross Site Request Forgery Critical Exploitable IN Infected Site? CSRF NA Hossam Mesbah Bug Bounty2019-10-292023-06-13
3853Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty Null byte buffer overflow Memory corruption NA Sam Curry (@samwcyo) Bug Bounty2019-11-012023-06-13
3806Reflected XSS in graph.facebook.com leads to account takeover in IE/Edge Reflected XSS Account takeover Meta / Facebook Youssef Sammouda (@samm0uda) Bug Bounty2019-11-272023-06-13
3662Exploiting WebSocket [Application Wide XSS / CSRF] XSS CSRF NA Osama Avvan (@osamaavvan) Bug Bounty2020-02-172023-06-13
3593EN | Administrator level Privilege Escalation story Privilege escalation NA Samet Sahin (@sametsahinnet) Bug Bounty2020-03-192023-06-13
3547Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices Memory corruption Race condition Qalcomm Samsung Tamir Zahavi-Brunner (@tamir_zb) Bug Bounty2020-04-152023-06-13
3539Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts HTTP cache poisoning Open redirect Rocket League Sam Curry (@samwcyo) Bug Bounty2020-04-192023-06-13
3513Hacking Razer Pay Ewallet App IDOR Razer Richard Tan (@sambal0x) Bug Bounty2020-04-302023-06-13
3382A subtle stored-XSS in WordPress core Stored XSS RCE WordPress Sam Thomas (@_s_n_t) Bug Bounty2020-06-172023-06-13
3377Hacking Starbucks and Accessing Nearly 100 Million Customer Records Path traversal Starbucks Sam Curry (@samwcyo) Bug Bounty2020-06-202023-06-13
3269XSS, RCE & HTML File Upload in same endpoint XSS RCE Unrestricted file upload NA Tarikul Islam (@sa1tama0) Bug Bounty2020-07-292023-06-13
3217Open Sesame: Escalating Open Redirect to RCE with Electron Code Review Open redirect RCE Security code review NA Eugene Lim (@spaceraccoonsec) Bug Bounty2020-08-142023-06-13
3121Journey Of My First Bug Bounty (Nov 2018) Authentication bypass Samsung Harsh Tyagi (@harshtya9i) Bug Bounty2020-10-022023-06-13
3109We Hacked Apple for 3 Months: Here’s What We Found RCE Authentication bypass Authorization bypass SSRF XXE Blind XSS IDOR OS command injection SQL injection Apple Sam Curry (@samwcyo) Bug Bounty2020-10-072023-06-13
3082Samsung S20 - RCE via Samsung Galaxy Store App RCE Samsung F-Secure Bug Bounty2020-10-232023-06-13
3038User’s private watched videos/saved videos exposed through a messenger call from a locked smartphone. Information disclosure Authorization flaw Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2020-11-132023-06-13
3037How a simple bug in Facebook Lite let me win my first bug bounty from Facebook Information disclosure Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2020-11-132023-06-13
2958Broken Access Control on samsung.com subdomain leads to Mass Account Takeover of Samsung employees application accounts Information disclosure Account takeover Authorization flaw Samsung Gal Nagli (@naglinagli) Bug Bounty2020-12-182023-06-13
2869Chaining a self XSS to Account Takeover Self-XSS Reflected XSS Account takeover NA Arman Sameer (@ArmanSameer95) Bug Bounty2021-01-252023-06-13
2835Page Admin Disclosed In Groups Due To Improper Session Handling In Facebook Web Information disclosure Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2021-02-042023-06-13
2818Hacking Chess.com and Accessing 50 Million Customer Records Reflected XSS Information disclosure Account takeover Chess.com Sam Curry (@samwcyo) Bug Bounty2021-02-112023-06-13
2773CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux Unencrypted storage Keybase John Jackson (@johnjhacking) Bug Bounty2021-02-222023-06-13
2744The Invincible Kid Logic flaw Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2021-03-032023-06-13
2592Facebook account takeover due to unsafe redirects after the OAuth flow OAuth Open redirect Account takeover Meta / Facebook Youssef Sammouda (@samm0uda) Bug Bounty2021-04-302023-06-13
2590How I got $400 for my first SSRF bug? SSRF NA Usama Varikkottil (@usama_dev) Bug Bounty2021-05-012023-06-13