Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3409Cmd Hijack - a command/argument confusion with path traversal in cmd.exe OS command injection Path traversal Microsoft Julian Horoszkiewicz Bug Bounty2020-06-102023-06-13
3371API Token Hijacking Through Clickjacking Clickjacking NA DarkLotus (@darklotuskdb) Bug Bounty2020-06-222023-06-13
3245Apache Example Servlet leads to $$$$ Clickjacking NA Debangshu Kundu (@debangshu_kundu) Bug Bounty2020-08-062023-06-13
3148You can’t stop me. MS Teams session hijacking and bypass Insecure storage of sensitive information Microsoft Bandit Pingu (@FlyingPhishy) Bug Bounty2020-09-202023-06-13
3130P1: Critical - Discovering and Foiling a Threat Actor Information disclosure NA Jackson Henry (@JacksonHHax) Bug Bounty2020-09-272023-06-13
3070Manual broken link monitoring Broken link hijacking NA GrumpinouT (@RVerwilghen) Bug Bounty2020-10-292023-06-13
2993Hacking — Always check out the Images Information disclosure GitLab Jack Bug Bounty2020-12-022023-06-13
2977Hacking — Tamper with the URL Parameters, especially if they modify the page HTTP parameter pollution NA Jack Bug Bounty2020-12-092023-06-13
2943[Google VRP] Hijacking Google Docs Screenshots postMessage XSS Google Sreeram KL (@kl_sree) Bug Bounty2020-12-272023-06-13
2908UNEP Breached, 100K+ Employee Records Accessed Information disclosure United Nations Jackson Henry (@JacksonHHax) Bug Bounty2021-01-112023-06-13
2895How I hijacked the top-level domain of a sovereign state Domain takeover Internet Bug Bounty Fredrik N. Almroth (@Almroot) Bug Bounty2021-01-152023-06-13
2863Hijacking Google Drive Files (Documents, Photo & Video) Through Google Docs Sharing Clickjacking Google santuySec (@santuySec) Bug Bounty2021-01-272023-06-13
2814OAuth Misconfiguration Leads to Full Account takeover OAuth Clickjacking CSRF Account takeover NA Yasser Mohammed (@boomneroli) Bug Bounty2021-02-132023-06-13
2773CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux Unencrypted storage Keybase John Jackson (@johnjhacking) Bug Bounty2021-02-222023-06-13
2770Hijacking Reset Password Link in https://www.niteflirt.com/ via Host Header Poising (Write Up) Host header injection Account takeover Password reset Niteflirt Evan Ricafort (@evanricafort) Bug Bounty2021-02-252023-06-13
2726Chain of Low Level Bugs and Misconfigurations Leads to Account Takeover Reflected XSS Clickjacking Account takeover NA pleorqy (@pleorqy) Bug Bounty2021-03-102023-06-13
2673Play a game, get Subscribed to my channel - YouTube Clickjacking Bug | #GoogleVRP Clickjacking Google Sriram Kesavan (@sriramoffcl) Bug Bounty2021-04-022023-06-13
2551How i hijacked 12 Subdomains in one Program Subdomain takeover NA Naveen kumawat (@nvk0x) Bug Bounty2021-05-172023-06-13
2549Clickjacking in Nearby Devices Dashboard Clickjacking Google David Schütz (@xdavidhu) Bug Bounty2021-05-172023-06-13
2422Whose app are you downloading? Link hijacking Binance’s shortlinks through AppsFlyer Broken link hijacking Chess.com Sam Curry (@samwcyo) Bug Bounty2021-07-102023-06-13
2406Logical Flaw Resulting Path Hijacking Namespace attack NA Veshraj Ghimire (@GhimireVeshraj) Bug Bounty2021-07-162023-06-13
2351Detecting Jackson deserialization vulnerabilities with CodeQL Insecure deserialization GitHub Artem Smotrakov (@artem_smotrakov) Bug Bounty2021-08-022023-06-13
2335Multiple Vulnerabilities In cPanel/WHM XXE Stored XSS Privilege escalation CSRF Cross-Site WebSocket Hijacking (CSWH) cPanel Adrian Tiron (@adrian__t) Bug Bounty2021-08-102023-06-13
2322Second Order Subdomain Takeovers – They DO Exist! Subdomain takeover Broken link hijacking Microsoft Alun Jones (@ftp_alun) Bug Bounty2021-08-152023-06-13
2292Websocket Hijacking’ to steal Session_ID of victim users Cross-Site WebSocket Hijacking (CSWH) NA Sunil Yedla (@sunilyedla2) Bug Bounty2021-08-252023-06-13