Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3673External XML Entity via File Upload (SVG) XXE Unrestricted file upload NA Atul (@atul_hax) Bug Bounty2020-02-082023-06-13
3672A step-by-step walk-through of an Invalid Endpoint Information disclosure NA Mohammed Israil (@mdisrail2468) Bug Bounty2020-02-092023-06-13
3671How I discovered an SSRF leading to AWS Metadata Leakage SSRF NA Amey Anekar (@ameyanekar) Bug Bounty2020-02-102023-06-13
3670Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches Information disclosure NA Ozgur Alp (@ozgur_bbh) Bug Bounty2020-02-112023-06-13
3669A Simple IDOR to Account Takeover IDOR Account takeover NA Swapnil Maurya (@swapmaurya20) Bug Bounty2020-02-112023-06-13
3668CVE-2019-18426 - WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE RCE Stored XSS CSP bypass Arbitrary file read Open redirect Security code review Meta / Facebook (WhatsApp) Gal Weizman (@WeizmanGal) Bug Bounty2020-02-142023-06-13
3666Open-redirect Vulnerability on Facebook Open redirect Meta / Facebook dw1 Bug Bounty2020-02-162023-06-13
3664Uploading Backdoor For Fun And Profit. Unrestricted file upload RCE NA Mohammed Abdul Raheem (@mohdaltaf163) Bug Bounty2020-02-172023-06-13
3663How I Gain Unrestricted File Upload Remote Code Execution Bug Bounty Unrestricted file upload NA Shay Grant (@kidshay) Bug Bounty2020-02-172023-06-13
3662Exploiting WebSocket [Application Wide XSS / CSRF] XSS CSRF NA Osama Avvan (@osamaavvan) Bug Bounty2020-02-172023-06-13
3659My First Bounty From Google. Self-XSS HTML injection Google Syahri Ramadan (@adonkidz7) Bug Bounty2020-02-182023-06-13
3658From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World Information disclosure RCE NA YoKo Kho (@YokoAcc) Bug Bounty2020-02-182023-06-13
3657A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell XXE RCE Directory Traversal NA Eugene Lim (@spaceraccoonsec) Bug Bounty2020-02-182023-06-13
3656Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC Information disclosure Hardcoded credentials NA Muhammad Khizer Javed (@khizer_javed47) Bug Bounty2020-02-192023-06-13
3653Tale of Account Takeovers (Part-1) Account takeover HTTP parameter pollution Password reset OTP bypass NA Vijaysimha Reddy Bathini (@fatratfatrat) Bug Bounty2020-02-222023-06-13
3649Stored-XSS-on-groups-google-com Stored XSS Google Alessandro Rumampuk (@Rando02355205) Bug Bounty2020-02-252023-06-13
3647How i found 3 SSRF in one day on different bug bounty targets SSRF NA - Bug Bounty2020-02-252023-06-13
3646How I Get my first P1 (Sensitive Information Disclosure) using WPScan Information disclosure NA Harrmahar (@harrmahar) Bug Bounty2020-02-262023-06-13
3645Long String DoS DoS NA Shrey Shah (@ShreySh43332033) Bug Bounty2020-02-262023-06-13
3644Write-up: AWS Document Signing Security Control Bypass AWS misconfiguration NA Ozgur Alp (@ozgur_bbh) Bug Bounty2020-02-262023-06-13
3643RCE via Apache Struts2 - Still out there. RCE NA Abhishek (@abhishake100) Bug Bounty2020-02-272023-06-13
3641The Tricky XSS XSS NA Smaran Chand (@smaranchand) Bug Bounty2020-02-282023-06-13
3639Account Hijack using Authorization bypass $$$$ Account takeover Authorization flaw NA Bhavesh Thakur (@Bhavesh_Thakur_) Bug Bounty2020-02-282023-06-13
3638A mysterious bug in the firmware of Google%27s Titan M chip (CVE-2019-9465) Cryptographic issues Google Alexander Bakker Bug Bounty2020-02-292023-06-13
3635SSRF on PDF generator. SSRF NA John Michael (@michan2514) Bug Bounty2020-03-022023-06-13