Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2540Third-Party Apps were still getting your private Facebook data even after their access expiry. Logic flaw Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2021-05-202023-06-13
253713 Nagios Vulnerabilities, #7 will SHOCK you! RCE Local Privilege Escalation XSS Security code review Nagios Samir Ghanem (@sam0x21r) Bug Bounty2021-05-202023-06-13
2497How I could have accessed all your private videos/photos saved inside your device without even unlocking it? Authorization flaw Logic flaw Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2021-06-062023-06-13
2490Two weeks of securing Samsung devices: Part 1 Arbitrary file write Insecure intent Android Samsung Oversecured (@OversecuredInc) Bug Bounty2021-06-102023-06-13
2459Stored XSS via Invite leading to Mass Account Takeover at Opera. Stored XSS Opera Samrat Gupta (@Sm4rty_) Bug Bounty2021-06-202023-06-13
2422Whose app are you downloading? Link hijacking Binance’s shortlinks through AppsFlyer Broken link hijacking Chess.com Sam Curry (@samwcyo) Bug Bounty2021-07-102023-06-13
2417Broken Access control bug : Bypassing 403’s by finding another endpoint that do the same thing. Broken Access Control 403 bypass NA tomorrowisnew (@tomorrowisnew_) Bug Bounty2021-07-122023-06-13
2359Multi Domain DOM Cross Site Scripting DOM XSS NA Sam Paredes (@caffeinevulns) Bug Bounty2021-08-012023-06-13
2358Blind XXE Leads to Internal Port Scanning Through SSRF XXE SSRF NA Sam Paredes (@caffeinevulns) Bug Bounty2021-08-012023-06-13
2340Size Matters — CVE-2021–0485 (High) Local Privilege Escalation Android Google Dimitrios Valsamaras (@Ch0pin) Bug Bounty2021-08-072023-06-13
2318Two weeks of securing Samsung devices: Part 2 Arbitrary file write Arbitrary file read Vulnerable Android content provider Android Samsung Oversecured (@OversecuredInc) Bug Bounty2021-08-162023-06-13
2277Two account takeover bugs worth $4300 🎁 Account takeover Privilege escalation 403 bypass IDOR NA Usama Varikkottil (@usama_dev) Bug Bounty2021-08-292023-06-13
2160Account Takeover — Story of 2 same issues in a single program but different sub-domains. Account takeover NA Himanshu Pdy (@himanshu_pdy) Bug Bounty2021-10-102023-06-13
2087Simple SSRF Allows Access To Internal Assets SSRF NA Sam Paredes (@caffeinevulns) Bug Bounty2021-11-112023-06-13
1960How I Am Able To Crash Anyone’s Mozilla Firefox Browser By Sending An Email DoS Mozilla Sam Bug Bounty2021-12-302023-06-13
1947How i was able to bypass a Pin code Protection Authorization flaw NA Kerolos sameh (@xko2xx) Bug Bounty2022-01-032023-06-13
1941thisclosed_#1 - Full Account Takeover of ANY user via Insecure Direct Object Reference (IDOR) on reset password functionality IDOR Password reset Account takeover NA Samuele Gugliotta (@indevi0us) Bug Bounty2022-01-042023-06-13
1934A Tale Of 5250$: How I Accessed Millions Of User’s Data Including Their National ID’s AWS misconfiguration Information disclosure NA Sam (@__Sam0_0) Bug Bounty2022-01-072023-06-13
1915XXE in SAML SSO Writeup - Bug Bounty XXE NA Aditya Singh / rook1337 (@imrook1337) Bug Bounty2022-01-162023-06-13
1865CVE-2021-44142: Details On A Samba Code Execution Bug Demonstrated At Pwn2Own Austin Memory corruption RCE NA Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) Bug Bounty2022-02-012023-06-13
1792How I could’ve bypassed the 2FA security of Instagram once again? MFA bypass Logic flaw Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2022-02-212023-06-13
1703When Equal is Not, Another WebView Takeover Story Android NA Dimitrios Valsamaras (@Ch0pin) Bug Bounty2022-03-222023-06-13
1669Hacked Instagram Handle Of Samsung…. Broken link hijacking Samsung Amit Kumar (@Amitlt2) Bug Bounty2022-04-032023-06-13
1611Adobe Acrobat hollowing out same-origin policy XSS SOP bypass Open redirect postMessage Adobe Wladimir Palant (@WPalant) Bug Bounty2022-04-192023-06-13
1593Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) SSRF VMware Keiran Sampson (@hpy_downunder) Bug Bounty2022-04-272023-06-13