Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1029“Hey Siri, follow that car!” - How traffic cameras expose your location through parking apps. Information disclosure Session hijacking NA Inti De Ceukelaire (@securinti) Bug Bounty2022-09-262023-06-13
921Broken Link Hijacking — My Second Finding on Hackerone! Broken link hijacking NA mehedishakeel (@mehedishakeel) Bug Bounty2022-10-232023-06-13
902Attacking The Software Supply Chain With A Simple Rename Repojacking Supply chain attack GitHub Aviad Gershon (@aviadgershon) Bug Bounty2022-10-262023-06-13
899Hijacking AUR Packages by Searching for Expired Domains Subdomain takeover Supply chain attack NA Joren Vrancken Bug Bounty2022-10-262023-06-13
869Invitation Hijacking Authorization flaw Privilege escalation NA vFlexo (@vflexo) Bug Bounty2022-11-032023-06-13
809SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover Account takeover Azure AD Cloud Microsoft Tomer Nahum (@TomerNahum1) Bug Bounty2022-11-182023-06-13
802Email Graffiti: hacking old email Broken link hijacking Google (Youtube) Dylan Ayrey (@insecurenature) Bug Bounty2022-11-202023-06-13
730Hijacking GitHub Repositories by Deleting and Restoring Them Repojacking GitHub Joren Vrancken Bug Bounty2022-12-042023-06-13
674How I got a 4 digits(₹) bounty from an Indian company Broken link hijacking NA RV Sharma Bug Bounty2022-12-202023-06-13
634Subdomain Hijacking Of Any Qwilr’s Customer Subdomain takeover NA Prial Islam Khan (@prial261) Bug Bounty2023-01-012023-06-13
632$500 in 5 minutes Broken link hijacking Dropbox CoffeeAddict Bug Bounty2023-01-012023-06-13
554CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage Thick client Insecure data storage Local Privilege Escalation Signal John Jackson (@johnjhacking) Bug Bounty2023-01-222023-06-13
484How I Got +1000$ by Clickjacking Clickjacking NA W13DOM Bug Bounty2023-02-072023-06-13
480Chaining Bugs to get my First Bug Bounty CSRF Open redirect Clickjacking Account takeover NA ag3n7 (@ag3n7apk) Bug Bounty2023-02-082023-06-13
453LPE via StorSvc Local Privilege Escalation DLL Hijacking Microsoft (Windows) Antón Ortigueira (@antuache) Bug Bounty2023-02-132023-06-13
375Broken links hijacking and CDN takeover Broken link hijacking Subdomain takeover NA Bartłomiej Bergier (@_bergee_) Bug Bounty2023-02-282023-06-13
371Gitpod remote code execution 0-day vulnerability via WebSockets RCE Websockets Cross-Site WebSocket Hijacking (CSWH) Cloud Samesite cookie bypass Account takeover Gitpod Elliot Ward Bug Bounty2023-03-012023-06-13
261Dynamic Linking Injection and LOLBAS Fun DLL Hijacking Dynamic-linking injection Local Privilege Escalation NA Joseph Henry Bug Bounty2023-03-282023-06-13
212Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories Repojacking Supply chain attack NA Joren Vrancken Bug Bounty2023-04-102023-06-13
139Azure Devops CICD Pipelines - Command Injection With Parameters, Variables And A Discussion On Runner Hijacking CI/CD OS command injection RCE Microsoft (Azure DevOps Pipelines) Sana Oshika (@bigshika) Bug Bounty2023-05-012023-06-13
101Rendezvous with a Chatbot: Chaining Contextual Risk Vulnerabilities Chatbot Websockets Cross-Site WebSocket Hijacking (CSWH) Captcha bypass NA Abeer Banerjee (@bugasur) Bug Bounty2023-05-112023-06-13
96CS:GO: From Zero to 0-day Game hacking RCE Memory corruption Arbitrary file download Arbitrary file write DLL Hijacking Privilege Escalation Valve (CS:GO) Felipe Bug Bounty2023-05-132023-06-13
81DLL Hijacking Strikes Back: Exploiting Windows on ARM RDP Client (CVE-2023-24905) DLL Hijacking Local Privilege Escalation Microsoft (Windows) Dor Dali Bug Bounty2023-05-172023-06-13