>

🚀 We've added new community writeups and a Web3 section! Click here to see what's new.

🐛 Bug Bounty Hunting Search Engine

Made with ❤️ by @payloadartist
NEW
Example search: http://bugbountyhunting.com/?q=keyword
Showing 1337 random writeups. Use the search bar to find more.
✍️ Scary Tickets😨
✍️ Extracting Clear-Text Credentials Directly From Chromium’s Memory
✍️ Conditional Love for AWS Metadata Enumeration
✍️ From Multiple IDORs leading to Code Execution on a different Host Container
✍️ Error Based MSSQL Injection | Everything Vulns
✍️ How I used a simple Google query to mine passwords from dozens of public Trello boards
✍️ Insecure Authentication Tokens leading to Account Takeover
✍️ Stored XSS Via Alternate Text At Zendesk Support
✍️ SAMLjacking a poisoned tenant
✍️ Alternative link
✍️ Touch ID Authentication Bypass on Evernote and Dropbox IOS Apps
✍️ A Misconfiguration in techprep.fb.com REST API allowed me to modify any user profile.
✍️ ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717)
✍️ 2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3
✍️ Refocusing in bug hunting, Bonus: An interestingly simple to test CSRF bypass
✍️ Access Control Violation – Wiki Page Creation
✍️ A tale of Html to Pdf converter ssrf and various bypasses
✍️ Bypassing an IDOR A couple of times — $$$$
✍️ Alternative link
✍️ Privilege Escalation In Ibm Spectrum Virtualize
✍️ How I caught Multiple vulnerabilities in Udemy.com, But not rewarded for serious XSS vulnerability :(
✍️ Oracle Retail Xstore Suite: Pre-authenticated Path Traversal
✍️ Finding hidden gems vol. 1: forging OAuth tokens using discovered client id and client secret
✍️ Simple Bugs 0x02: Overwritting Uploaded Files
✍️ CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]
✍️ How I got $4000 from Visma for RCE
✍️ Ok Google! bypass ‘flag_secure’
✍️ RCE By Code Injection | Perl Reverse Shell
✍️ How could I Tag Photo to any user’s Scrapbook on Facebook
✍️ Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC
✍️ How I was able to see Private Video Uploader Via Facebook Rights Manager.[Responsible Disclosure]
✍️ Weird (im)possible XSS on error page
✍️ $600 for IDOR (File or Folder Download)
✍️ CVE-2020–1088 — Yet another arbitrary delete EoP
✍️ I Love Lucee: Building Lucee Extensions for Remote Code Execution
✍️ Getting access to prompt debug dialog and serialized tool on main website facebook.com
✍️ Type Juggling and PHP Object Injection, and SQLi, Oh My!
✍️ Kanboard - Spraying Malicious Tasks Across all Projects
✍️ OOB XXE in PrizmDoc (CVE-2018–15805)
✍️ I discovered a browser bug
✍️ PHP fopen() function to local file inclusion
✍️ Hacking Smartwatches for Spear Phishing
✍️ An attempt to escalate a low-impact hidden input XSS
✍️ Mass Account takeover by bypassing 2 FA
✍️ How I was able to remove your Instagram Phone number
✍️ CVE-2022-47966 SAML ShowStopper
✍️ Gitlab Project Import RCE Analysis (CVE-2022-2185)
✍️ A Tale of Confusing IDOR
✍️ My Experience with the PayPal Bug Bounty Programme
✍️ How I earned 5040$ from Twitter by showing a way to Harvest other users IP address
✍️ Bypassing API Restrictions for Fun and Profit
✍️ ImageMagick: The hidden vulnerability behind your online images
✍️ Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform
✍️ Playing Dominos with Moodle's Security (1/2)
✍️ Bad regex used in Facebook Javascript SDK leads to account takeovers in websites that included it
✍️ Java Exploitation Restrictions in Modern JDK Times
✍️ Hacking a Secure Industrial Remote Access Gateway
✍️ Dangling DNS: Announcekit
✍️ How I accessed the Sensitive document which I had already deleted
✍️ Hacking into Toyota’s global supplier management network
✍️ A Simple IDOR which should not be missed on dating site ;)
✍️ Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts
✍️ ATO without any interaction [aws cognito misconfiguration]
✍️ Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.app
✍️ [web3] Discovering and Fixing a Critical Vulnerability in Polygon zkEVM
✍️ How I earned $$$$ by Amazon S3 Bucket misconfigurations?
✍️ The Danger of Falling to System Role in AWS SDK Client
✍️ Disclosing wifi password via content provider injection in Xiaomi
✍️ Operation Crack: Hacking IDA Pro Installer PRNG from an Unusual Way
✍️ ASP.NET Boilerplate Multiple Vulnerabilities
✍️ GKE Autopilot Node Compromise via startup-script
✍️ From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR
✍️ Using Burp Suite match and replace settings to escalate your user privileges and find hidden features
✍️ Download predictions details of ads plans of any business.
✍️ Getting Secret Key to Building Custom Burp Extension
✍️ [Writeup][Bug Bounty][Tokopedia] Manipulate Other User’s Cart and Wishlist on Tokopedia [EN]
✍️ Microsoft Store free purschase vulnerabilites
✍️ How i hijacked 12 Subdomains in one Program
✍️ Multiple xss in *.skype.com
✍️ Finding a P1 in one minute with Shodan.io (RCE)
✍️ Access control worth $2000 (everyone missed this IDOR+Access control between two admins.)
✍️ Quasar: Compromising Electron Apps
✍️ Automate Cross-Site Scripting (XSS) exploitation with unusal events and Burp Intruder
✍️ Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3
✍️ JMX Exploitation Revisited
✍️ [web3] Report: Scroll Mainnet Emergency Upgrade on 2025-04-25 - General - Scroll
✍️ Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
✍️ Duplicate CSRF… Leads to
✍️ Prezi (map.prezi.com) Path Traversal
✍️ Exposure of Facebook object type by knowing the object ID
✍️ From Self-Hosted GitHub Runner to Self-Hosted Backdoor
✍️ 3 Vulnerabilities worth $2500 | by Hacking articles
✍️ [Twitter Bug Bounty] Misconfigured JSON endpoint on ads.twitter.com lead to Access control issue and Information Disclosure of role privileged users.
✍️ Password Not Provided - Compromising Any Flurry User’s Account [Yahoo Bug Bounty]
✍️ Analysis and Discovery of CVE-2020-13693
✍️ Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts
✍️ Exploiting padding oracles with fixed IVs
✍️ Facebook Groups Hack
✍️ Exploiting a hidden and forgotten Bug
✍️ Hacking CloudKit - How I accidentally deleted your Apple Shortcuts
✍️ ELECTRONizing macOS privacy
✍️ How I Hacked Dutch Government in 5 Minutes? Twitter Account Takeover
✍️ how I found a tricky XSS
✍️ No keys attached: Exploring GitHub-to-AWS keyless authentication flaws
✍️ [No Bounty] Bug Bounties in Sri Lanka
✍️ How I was Able to see someone’s all private files with a single file share link through Atom feed & Never Give Up #togetherwehitharder HackerOne
✍️ Reflected XSS on a Public Program
✍️ chonked pt.2: exploiting cve-2023-33476 for remote code execution
✍️ Local File XSS Vulnerability in Wordpress.com (Write Up)
✍️ How I made 300 GitHub repos point to my blog using Azure subdomains takeover
✍️ Exploiting Parameter Pollution in Golang Web Apps
✍️ Escalating SSRF to RCE
✍️ Facebook SMS Captcha Was Vulnerable to CSRF Attack
✍️ How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables
✍️ The curl quirk that exposed Burp Suite & Google Chrome
✍️ My First Bug on VDP & BBP - Bug Bounty
✍️ Unexpected IDOR Vulnerability in [REDACTED] - [redacted].net (Write Up)
✍️ What the Function: Decrypting Azure Function App Keys
✍️ IDOR leads to leak Private Details
✍️ [web3] Synthetix Logic Error Bugfix Review. This is a postmortem of a vulnerability… | by Immunefi | Jun, 2022 | Medium
✍️ Reflected Swf XSS at ( https://plugins.svn.wordpress.org )
✍️ From Disclosure to High Severity: Leveraging Dyte API Key for Maximum Impact
✍️ Bypassing Link Sharing Protection in Messenger Kids Parent’s Control Feature | Meta Bug Bounty
✍️ API secret key Leakage leads to disclosure of Employee’s Information
✍️ CVE-2024-38213: Copy2pwn Exploit Evades Windows Web Protections
✍️ SSRF on PDF generator.
✍️ Laravel debug mode left on at Zouikwatzeggen.nl leaks admin credentials & potentially submitted reports of improper behaviour at Amsterdam University Medical Centers
✍️ [UNPATCHED] Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloading
✍️ CSV injection at Comment Section.
✍️ JS is l0ve ❤️.
✍️ Broken Access Control - IDOR
✍️ Error-Based SQL Injection on a WordPress website and extract more than 150k user details
✍️ How I was able to take over any account via the Password Reset Functionality.
✍️ Bug: Cisco IOS SNMPv3 ACL Issues
✍️ Exploiting a Microsoft Edge Vulnerability to Steal Files
✍️ Design Flaws - Scenario One and Fix
✍️ Don’t Follow The Masses: Bug Hunting in JavaScript Engines
✍️ Asus Cross Site Scrpting And Directory Listing Vulnerability
✍️ Redstrom Denial Of Service — Write Up
✍️ Cacti: Unauthenticated Remote Code Execution
✍️ How I got my first swag on Edmodo with a simple XSS.
✍️ Discovering a Hidden Security Loophole: Rent luxury Cars for a Single Dollar
✍️ How I was able to find Reflected XSS | by omarzu
✍️ Unvalidated Open Redirect Bol.com
✍️ OTP Leaking Through Cookie Leads to Account Takeover
✍️ I can see the dislikes count even though is hidden by YouTube | YouTube ($500)
✍️ The Printer Goes Brrrrr, Again!
✍️ Local File Inclusion in peering.google.com
✍️ XSS in Large Messenger and Payment App - a Shout Out to Parameter Guessing
✍️ Alternative link
✍️ Unauthenticated Account Takeover Through Forget Password
✍️ Breaking TikTok: Our Journey to Finding an Account Takeover Vulnerability
✍️ Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS
✍️ A Big company Admin Panel takeover $4500
✍️ External Trusts Are Evil
✍️ [1/3] Brute-Force Protection Bypass @ GitLab
✍️ Stored XSS by bypassing signature
✍️ How I Found XSS In Another Govt. Site :: NCIIPC VDP !!
✍️ How I got RCE In The World Largest Russian Company
✍️ 1-800-Flowers Credentials and message log leak via facebook.com/facebook
✍️ A simple Account takeover misusing JWT late expiration
✍️ Finding Basic Authtoken in JAVASCRIPT file BY Full Automation
✍️ Rewriting a photo not owned by the session user in Moments App (Revisited)
✍️ Walid Hossain (@NoobWalid)
✍️ Zero-day in Sign in with Apple
✍️ Horizontal Privilege Escalation on Quora which can compromise all users on Quora
✍️ Hassan Khan Yusufzai
✍️ LocalPotato - When Swapping The Context Leads You To SYSTEM
✍️ The Time I Hacked Google’s Manual Actions Database
✍️ How I was able to modify and delete any user’s data file (filestack API)
✍️ A tale of 0-Click Account Takeover and 2FA Bypass.
✍️ WordPress Privilege Escalation through Post Types
✍️ How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber
✍️ $10000 Facebook SSRF (Bug Bounty)
✍️ How I found (and fixed) a vulnerability in Python
✍️ Fastest Fix on Open Bug Bounty Platform
✍️ Retrieve Archived Stories Of Any Public Instagram Account.
✍️ Whatsapp user’s IP disclosure with Link Preview feature
✍️ Please email me your password
✍️ Reflective XSS via search box [Bypassing Cloudflare WAF].
✍️ The trouble with Microsoft’s Troubleshooters
✍️ Weird “Subdomain Take Over” pattern of Amazon S3
✍️ Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services
✍️ Device Code Phishing – Add Your Own Sign-In Methods on Entra ID
✍️ [web3] Medium bug in Polygon zkEVM found by iczc
✍️ Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
✍️ GitLab Arbitrary File Read & Write through Kroki - CVE-2021-22203
✍️ Secret Key Exposure in API Config Directory
✍️ Removing profile pictures for any Facebook user
✍️ Hacked Instagram Handle Of Samsung….
✍️ I Obtained ADMIN access via the Account Activation link [In 30 seconds]
✍️ A short tell of LFI from PDF link → Professor the Hunter
✍️ How did I get 200$ with WordPress vulnerability!!!
✍️ Admin Panel Accessed Via SQL Injection… (Ezy Boooom…😅)
✍️ Clickjackings in Google worth 12644.7$
✍️ The Silent Spy Among Us: Modern Attacks Against Smart Intercoms
✍️ Exploiting thousands of Domains for XSS
✍️ Watch Paint Dry: How I got a game on the Steam Store without anyone from Valve ever looking at it.
✍️ [Business Logic] Bypassing Nickname Feature
✍️ A Fight For Duplicate Marked Bug: Story of BBC Hall Of Fame
✍️ How I bypassed disable_functions in php to get a remote shell
✍️ Knocking on the Front Door (client side desync attack on Azure CDN)
✍️ Easy bounties with subdomain discovery - Using Project Sonar for bug bounty
✍️ How I earned $$$ by bypassing 2FA
✍️ Exploiting the HP Printer without the printer (Pwn2Own 2022)
✍️ Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
✍️ Open Redirect Scanner with Uber.com
✍️ WonderCMS 3.1.3 - Authenticated RCE & Blind SSRF Vulnerability
✍️ OTP Verification Bypass
✍️ Emotional Rollercoaster: A Unique Case Study of Bypassing Antivirus and Firewall by Abusing PostgreSQL
✍️ Easy 2000$ Race Condition
✍️ Hacking your own antivirus for fun and profit (Safe browsing gone wrong)
✍️ Private giant chat app – Send message to victim while sender blocked
✍️ How I find Open-Redirect Vulnerability in redacted.com (One of the top online payment processing service website)
✍️ How I bypassed 403 forbidden domain using a simple trick
✍️ Turning cookie based XSS into account takeover
✍️ Privilege Escalation to remove the owner from the organization
✍️ Reverse Engineering the Apple Multipeer Connectivity Framework
✍️ How we made $120k bug bounty in a year with good automation
✍️ DNS Recursion Leads to DoS Attack Vivo Play (IPTV) — CVE-2023–31893
✍️ Tricky Oracle SQL Injection Situation
✍️ From parameter pollution to XSS
✍️ Bypassing a restrictive JS sandbox
✍️ Traccar 5 Remote Code Execution Vulnerabilities
✍️ CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM
✍️ Open Redirect Vulnerability On Zapier: An Accidental Find
✍️ Jasper Reports Library Code Injection
✍️ How I was able to take over accounts in websites deal with Github as an SSO provider
✍️ Instagram GitHub Token with public_scope found In Travis CI Build Logs
✍️ An XSS Story
✍️ Alternative link
✍️ [web3] High bug in Across V3 found by Zach Obront & deadrosesxyz
✍️ SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE
✍️ Achieving Remote Code Execution By Exploiting Variable Check Feature
✍️ Story of a $1,500 worth IDOR
✍️ Stored XSS in Yahoo mail IOS app($3500)
✍️ Attack of the week: Airdrop tracing
✍️ Hackerone Bug Bounty Report: Hinge
✍️ UNCONTAINED: Uncovering Container Confusion in the Linux Kernel
✍️ Threat Evasion for aws:multifactorAuthPresent condition using Cloudshell
✍️ Bypass Premium Account Payment (GetPocket)
✍️ How I Reported a DoS Vulnerability to AWS
✍️ AWS Chain Attack- Thousands of Vulnerable EKS Clusters
✍️ Unlimited report user in Instagram (Facebook) leads to abuse risk.
✍️ Nokia email app pwnage
✍️ Can I See Your “USER AGENT” Please?
✍️ Moderation Filter Bypass in support.mozilla.org
✍️ Phishing with history.back() open redirect
✍️ Frappé Technologies ERPNext Server Side Template Injection
✍️ Leaking Browser URL/Protocol Handlers
✍️ How MarkMonitor left >60,000 domains for the taking
✍️ Bypass Rate Limit — A blank space leads to this random encounter!
✍️ P1 Bug — PII information disclosure
✍️ ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
✍️ Cookie Tossing to RCE on Google Cloud JupyterLab
✍️ How I Got +1000$ by Clickjacking
✍️ BrokenPrint: A Netgear stack overflow
✍️ Deep understand ASPX file handling and some related attack vectors
✍️ SSD Advisory – NETGEAR R7800 AFPD PreAuth
✍️ A story about a not-so-direct SSRF
✍️ XSS “403 forbidden” bypass write up
✍️ Security Feature Bypass In ASP.NET and Visual Studio – Race Condition
✍️ How I could have mass uploaded from every Flickr account!
✍️ Shopping Products For Free- Parameter Tampering Vulnerability
✍️ Discovering and Exploiting a Vulnerability in Android’s Personal Dictionary (CVE-2018-9375)
✍️ Calling Home, Get Your Callbacks Through RBI
✍️ Web Cache Poisoning in Postmates [$1500]
✍️ Stored XSS in Bug Bounty
✍️ File Upload to RCE
✍️ #BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account”
✍️ Malicious redirect on mailroom.prezi.com
✍️ SSRF & Google HOF(Hall of Fame)
✍️ Using Default Credential to Admin Account Takeover
✍️ How I Was Able To View Private Tweets Of Any Private Twitter Account
✍️ Tumblr Bug Bounty ( $200)
✍️ How do I get cross site scripting(“xss”) in “Nokia”
✍️ How two dead accounts allowed remote crash of any instagram android user
✍️ 31k$ SSRF in Google Cloud Monitoring led to metadata exposure
✍️ How I Scored 2K Bounty via an IDOR
✍️ Access private information about SparkAR effect owners who has a publicly viewable portfolio
✍️ Full Account Takeover via Open Redirection
✍️ Takeover seller accounts worth billions & millions
✍️ CVE-2022-0540 - Authentication bypass in Seraph
✍️ Video
✍️ Uncovering a Critical Vulnerability in Samsung Mobile Security: A Bug Bounty Journey
✍️ Cache-Key Normalization - What could go wrong?
✍️ [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE
✍️ Disclose WhatsApp Number of Instagram Accounts Despite Setting Set to be Hidden
✍️ [web3] Unprotected Swap Function: A ERC777 Reentrancy Vulnerability. Introduction | by Heuss | Jun, 2023 | Medium
✍️ Accidental IDOR
✍️ Part 2 - ProxyOracle!
✍️ Facebook $750 Reward for a Simple Bug
✍️ Client-Side SSRF to Google Cloud Project Takeover [Google VRP]
✍️ How I get my first SWAG from SIDN (Sensitive Data Exposer)
✍️ Code execution as root via AT commands on the Quectel EG25-G modem
✍️ XXE with Auto-Update in install4j
✍️ Log4shell in google $1337.00
✍️ Chaining Two Vulnerabilities to Break Facebook Appointment Times For the Second Time
✍️ Self-XSS to ATO via Site Features
✍️ UN United Nations Host Header Injection leads to any Full Account Takeover (ATO)
✍️ Opera Browser VPN Bypass
✍️ IDOR revealing Images cdn links | by Susan wagle
✍️ Hacking My ISP Part 1: Exposing a Critical Bug Allowing SIM Swapping
✍️ How I Prevented a Mass Data Breach - $15,000 bounty - @bxmbn
✍️ Account Takeover [It Looked Secure at First]
✍️ Broken Access Control Leads To Change Of Admin Details
✍️ RCE Vulnerabilite in Yahoo Subdomain! ( Yahoo! RCE via Spring Engine SSTI ) By tghawkins
✍️ A journey from XML External Entity (XXE) to NTLM hashes!
✍️ Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB
✍️ Hinge Hackerone Writeup
✍️ Google sites and exploiting same origin policy
✍️ Publish tweets by any other user
✍️ Using App Ads Helper as an Analytic User
✍️ Auth Bypass in com.google.android.googlequicksearchbox
✍️ How I Could Steal Money from Instagram, Google and Microsoft
✍️ PenTales: “User enumeration is not a vulnerability” – I beg to differ
✍️ A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State
✍️ Get your Microsoft account hijacked by simply clicking connect button -Adesh Kolte
✍️ Advisory: Western Digital My Cloud Pro Series PR4100 RCE
✍️ How I Made $16,500 Hacking CDN Caching Servers — Part 1
✍️ Heroku Directory Transversal
✍️ Manipulating Encrypted Traffic for Manual and Automation
✍️ How I was able to delete Google Gallery Data [IDOR]
✍️ Two-Factor Authentication Bypass
✍️ How I Got Paid $0 From the India’s largest online gifting portal — Bug Bounty Program
✍️ Bypass HackerOne 2FA requirement and reporter blacklist
✍️ This domain is my domain — G Suite A record vulnerability
✍️ A Weird Price Tampering Vulnerability
✍️ Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashes
✍️ How I Hacked A Crypto Company And Could Steal 1 Million Dollars Worth of Bitcoin
✍️ Owning half of a government assets through AWS
✍️ Chaining a self XSS to Account Takeover
✍️ How I found my first RCE?
✍️ CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)
✍️ Account takeover CSRF Misconfiguration
✍️ How I made $31500 by submitting a bug to Facebook
✍️ Reposted [2019]: Hacking YouTube for #fun and #profit
✍️ Duo Finds SAML Vulnerabilities Affecting Multiple Implementations
✍️ Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story)
✍️ CVE from 2018 Strikes Again
✍️ Full Account Takeover through CORS with connection Sockets
✍️ Repo Jacking: The Great Source-code Swindle
✍️ $1600 Bounty on a Main Domain
✍️ How I was able to get private ticket response panel and FortiGate web panel via blind XSS
✍️ [BAC/IDOR] How my father credit card help me to find this access control issue
✍️ How I hacked a website integrated w/ Facebook having 1.1 mil. users under 45 seconds.
✍️ Type confusion attacks in ProseMirror editors
✍️ SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897)
✍️ CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux
✍️ XSS in Dynamics 365
✍️ Exploiting misconfigured Google Cloud Service Accounts from GitHub Actions
✍️ URL whitelist bypass in https://cxl-services.appspot.com
✍️ Contact Point Deanonymization Vulnerability in Meta
✍️ RCE In AddThis
✍️ [Writeup — FB] Crash web — app through application form of job application pages
✍️ Apple XAR – Arbitrary File Write (CVE-2021-30833)
✍️ How I could have been the administrator for all Dutch companies and create invoices. And still can be…
✍️ Access Any Owner Account without Authentication (Auth bypass + 2FA bypass)
✍️ CVE-2023-36844 And Friends: RCE In Juniper Devices
✍️ Self XSS To Evil XSS
✍️ Unusual 403 Bypass to a full website takeover [External Pentest]
✍️ GitHub Gist - Account takeover via open redirect - $10,000 Bounty
✍️ [XSS] Reflected XSS Bypass Filter
✍️ Lab by @SecCodeWarrior
✍️ I helped a top Indian health benefits management platform from major PII leak by hacking their SQL Servers, AWS instance, DCs etc.
✍️ Attack of the clones: Git clients remote code execution
✍️ Clickjacking on Google MyAccount Worth 7,500$
✍️ Using 0days to Protect the United Nations
✍️ Attacking PowerShell CLIXML Deserialization
✍️ Stories Of IDOR
✍️ (POC) Disclose members in any closed Facebook group
✍️ Security issues with cloudflare/odoh-server-go and the ODoH RFC draft
✍️ Exploiting an N-day vBulletin PHP Object Injection Vulnerability
✍️ How I earned $500 from Google - Flaw in Authentication
✍️ Application Level Denial of Service [DoS] using SVG file in https://[REDACTED].com (Write Up)
✍️ IDOR “Insecure direct object references”, my first P1 in Bugbounty
✍️ Security Implications of URL Parsing Differentials
✍️ The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
✍️ Attacking Android Antivirus Applications
✍️ How to hack Github Actions
✍️ Another “Fappening” on the Horizon?
✍️ How an Open Redirection Leads to an Account Takeover?
✍️ Desperate XSS
✍️ Don’t Reply: A Clever Phishing Method In Apple’s Mail App
✍️ One Scheme to Rule Them All: OAuth Account Takeover
✍️ Exposed Jenkins to RCE on 8 Adobe Experience Managers
✍️ We Hacked Ourselves With DNS Rebinding
✍️ How I stumbled upon a Stored XSS(My first bug bounty story).
✍️ DNN CMS Server-Side Request Forgery (CVE-2021-40186)
✍️ Sensitive data leak using IDOR in integration service
✍️ Weak Cryptography to Account Takeover’s
✍️ How I CSRF’d My First Bounty!
✍️ How I Earned $750 Bounty Reward From AT&T bug Bounty -Adesh Kolte
✍️ Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear Text
✍️ Old GitHub Profile Takeover!
✍️ Escaping well-configured VSCode extensions (for profit)
✍️ Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes
✍️ CVE-2021-30481: Source engine remote code execution via game invites
✍️ Winning QR with DOM-Based XSS | Bug Bounty POC
✍️ Got Another XSS using Double Encoding
✍️ From an Innocent Client-Side Path Traversal to Account Takeover
✍️ Arbitrary email forgery in Webflow
✍️ How I got RCE in one of Bugcrowd's Public Programs
✍️ Disclose page’s admins and its Monetization payout details
✍️ How Attacker could have suffocated the company staff
✍️ From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API
✍️ 3 Symfony (RCE): A Peek Behind the Curtain
✍️ Outdated PHP Version leads to RCE
✍️ Create hidden comment by blocking an Admin: Facebook Bug Bounty 2020
✍️ Out of Band XXE in an E-commerce IOS app
✍️ VoIP Spoofing (Intigriti) 1,250€
✍️ Gitpod remote code execution 0-day vulnerability via WebSockets
✍️ VMware Official VCDX Reflected XSS
✍️ PayPal IDOR via billing Agreement Token (closed Informative, payment fraud)
✍️ Access Twitter blue features using deeplink without a subscription.
✍️ DoS worth $650 ? Interesting right!
✍️ Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique)
✍️ Story of a stored xss to full account takeover vulnerability(N/A to accepted)
✍️ Password Reset Token Leak via X-Forwarded-Host
✍️ How I was able to see likes and dislikes count even though is hidden by victim | YouTube #2
✍️ Alternative link
✍️ Remote Code Execution in Tutanota Desktop due to Code Flaw
✍️ Exploiting the Source Engine (Part 1)
✍️ [web3] Med: Morpho Finance Logic - Contract Can Be Destroyed via Controlled `delegatecall` | Trust
✍️ How did I find Log4j vulnerability via Static Code Analysis and receive €€€ bounty?
✍️ The Android kernel mitigations obstacle race
✍️ How I Was Able To TakeOver Any Account On One Of Europe's Largest Media Companies
✍️ IDOR (Insecure Direct Object Reference) leads to listing all valid Users and edit their Profiles
✍️ Post Account Takeover? Account Takeover of Internal Tesla Accounts
✍️ “GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs
✍️ Server-side Template Injection Leading to RCE on Google VRP
✍️ How I was able to takeover any account (Zero-click ATO)
✍️ CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster
✍️ A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection
✍️ DOS & Stored HTML Injection Bug Bounty Writeup
✍️ GitHub Security Lab audited DataHub: Here’s what they found
✍️ Account Takeover by Chaining Two IDORs
✍️ Account Take Over Vulnerability in Google acquisition [Famebit]
✍️ Lenovo database of root user credentials exposed
✍️ Stored XSS to Account Takeover : Going beyond document.cookie | Stealing Session Data from IndexedDB
✍️ Nokia Asha Series Lock Screen Bypass
✍️ Shambles: The Next-Generation IoT Reverse Engineering Tool to Discover 0-Day Vulnerabilities
✍️ Hijacking Over 100k GoDaddy Websites
✍️ macOS Sandbox Escape vulnerability via Terminal
✍️ ZombieVPN, Breaking That Internet Security
✍️ 4 Google Cloud Shell bugs explained
✍️ [web3] Cronos: Theft of Transactions Fees Bugfix Postmortem. This is a postmortem of a vulnerability… | by Immunefi | Sep, 2022 | Medium
✍️ Smuggling an (Un)exploitable XSS
✍️ Reflected XSS in Ebay.com
✍️ Privileged Escalation in Facebook Messenger Rooms
✍️ CVE-2024-21111 – Local Privilege Escalation in Oracle VirtualBox
✍️ You can add extra zeroes. XSS bypass on a private bug bounty program
✍️ Patch Diffing CVE-2023-28121 to Compromise a WooCommerce
✍️ ABC-Code Execution for Veeam (CVE-2022-26503)
✍️ Facebook account takeover due to a wide platform bug in ajaxpipe responses
✍️ My First CSRF to Account Takeover worth $750
✍️ Exploiting ASP.NET TemplateParser — Part II: SharePoint (CVE-2023-33160)
✍️ IDOR Leads To Leak Any Uber Eats Restaurant Analytics
✍️ How I Bypassed 2FA while Resetting Password
✍️ Applying a small bypass to steal Facebook Session tokens in Uber
✍️ Bug HTML Injection On Tokopedia !
✍️ Hacking Google Drive Integrations
✍️ Chromium: Same Origin Policy bypass within a single site a.k.a. "Google Roulette"
✍️ How spending our Saturday hacking earned us 20k
✍️ Add users to roles on Facebook pages without an invitation consent
✍️ How we was able to takeover whole organization via Privilege Escalation
✍️ Simple IBM I (AS/400) Hacking
✍️ How I got access to millions of [redacted] accounts
✍️ Hemant Singh Manral
✍️ Analysis of Adobe Acrobat Reader Javascript Doc.print() Use-After-Free Vulnerability (CVE-2022-34233)
✍️ Race conditions on Facebook, DigitalOcean and others (fixed)
✍️ IDOR vulnerability on invoice and weak password reset leads to account take over
✍️ Abusing the SeRelabelPrivilege
✍️ Reverse RDP Attack: Code Execution on RDP Clients
✍️ How to have free Internet WIFI on United Airlines flights
✍️ XSS Vulnerability in Twitter [https://twitter.com] (Write Up)
✍️ The AccountTakeOver Killing Chain
✍️ P1 Vulnerability in 60 seconds
✍️ [web3] Mt Pelerin Double Transaction Bugfix Review. This is a postmortem of a vulnerability… | by Immunefi | May, 2022 | Medium
✍️ Subdomain Takeover leading to Full Account Takeover
✍️ Hacking Dutch Government For a lousy T-shirt
✍️ PHP Filter Chains: File Read From Error-based Oracle
✍️ One Electron to Rule Them All
✍️ An interesting Account Takeover | by Mayank
✍️ Sorting Your Way to Stolen Passwords
✍️ Beyond XSS: Edge Side Include Injection
✍️ SSD Advisory – Rocket.Chat Client-side Remote Code Execution
✍️ Exploiting Redash instances with CVE-2021-41192
✍️ The Story of My First Reflected XSS
✍️ Abusing Microsoft Teams Direct Routing
✍️ Securing the Computer Security Course: Discovering a Session Hijacking Vulnerability in EPFL's COM-301 Website
✍️ Facebook Vulnerability – a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings
✍️ HackenProof Customer Story: Uklon
✍️ UnOAuthorized: Privilege Elevation Through Microsoft Applications
✍️ Information Disclosure to Account Takeover
✍️ Jumping Over The Fence
✍️ Write Up – XSS Stored In files.slack.com Via XML/SVG File (iOS) – $1,000 USD
✍️ Missing Authentication in ZKTeco ZEM/ZMM Web Interface
✍️ Stored XSS] with arbitrary cookie installation
✍️ The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise
✍️ Vine User’s Private information disclosure
✍️ Teleport Security Whitepaper - Practical Analysis of and Hardening Against Compromised IdP Scenarios
✍️ Cracking the lens: targeting HTTP's hidden attack-surface
✍️ Yet another bug into Netfilter
✍️ Bypass Apple Corp SSO on Apple Admin Panel
✍️ View Other User Private Livestream Data
✍️ Collabora Online Stored XSS (CVE-2024-29182)
✍️ Chaining rate limiting for account lockout
✍️ Blog: OmniSpace, from automated 0day XSS to RCE
✍️ Detecting Server-Side Prototype Pollution
✍️ Vulnerabilities in Online Payment Systems
✍️ One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies!
✍️ Stormshield SNS cleartext password leak
✍️ [web3] Critical bug in Scroll found by Pavel Shabarkin worth 1k
✍️ Stored XSS To Other Users Via Messages
✍️ One Bug To Rule Them All: Modern Android Password Managers and FLAG_SECURE Misuse
✍️ How I escalate my Self-Stored XSS to Account Takeover with the help of IDOR
✍️ Exploiting Open Redirect - Whitelist Bypass Using Salesforce Environment
✍️ Git Arbitrary Configuration Injection (CVE-2023-29007)
✍️ OVE-20210809-0001 Visual Studio Code .ipynb Jupyter Notebook XSS (Arbitrary File Read)
✍️ My first two valid and rewarded Web Cache Deceptions, earning $2250
✍️ SSD Advisory – MacOS Mozilla Firefox Download Protections Were Bypassed By .atloc / .ftploc Files
✍️ Shipt Subdomain TakeOver via HeroKu ( test.shipt.com )
✍️ Executing scripts in Safari Reader Mode to CSP Bypass
✍️ Why you shouldn't use a commercial VPN: Amateur hour with Windscribe
✍️ Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data
✍️ gcp-dhcp-takeover-code-exec
✍️ Captcha Bypass Techniques | by Akshat Honey
✍️ Finding XSS in a million websites (cPanel CVE-2023-29489)
✍️ SSD Advisory – KerioControl Remote Code Execution
✍️ IDOR Vulenebility with empty response still exposing sensitive details of customers!
✍️ How I can take over any user’s account with their mobile number
✍️ Uncovering Web Cache Deception: A Missed Vulnerability in the Most Unexpected Places
✍️ Shodan Recon to $1000 bounty in 2 mins
✍️ Business logic vulnerabilities — Low-level logic flaw
✍️ Obtaining XSS Using Moodle Features and Minor Bugs
✍️ Weird bug to steal users credentials
✍️ Unusual Cache Poisoning between Akamai and S3 buckets
✍️ Anchor Tag XSS Exploitation in Firefox with Target=”_blank”
✍️ This popular Facebook app publicly exposed your data for years
✍️ [web3] Enzyme Finance Missing Privilege Check Bugfix Review. This is a postmortem of a vulnerability… | by Immunefi | Aug, 2022 | Medium
✍️ Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
✍️ Snap Trap: The Hidden Dangers Within Ubuntu’s Package Suggestion System
✍️ 3 Easy cash via cache
✍️ How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
✍️ Your Amiibo’s Haunted
✍️ Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670
✍️ [Bug Bounty] 600$ Info Disclosure: obtain any user’s backup data
✍️ Bypass rate limit to enumeration users through Google Drive
✍️ How I was able to see likes and dislikes count which is hidden by victim | YouTube #1
✍️ Accidental IDOR in eLearnSecurity to Knowing Your Address and Cert You Bought.
✍️ Vulnerability in Hangouts Chat: from open redirect to code execution
✍️ Amazon Quickly Fixed A Vulnerability In Ring Android App That Could Expose Users’ Camera Recordings
✍️ Hacking a .NET API in the real world
✍️ PoC: The easiest 125 Euro’s I Ever made
✍️ How I alert(1) in Azure DevOps
✍️ Simple logical Bug turned into a bounty
✍️ How I was able to Takeover Accounts on Foxit.com
✍️ How I accidentally found Bug in Google Search Console
✍️ Securing our home labs: Home Assistant code review
✍️ Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)
✍️ Tapping into a telecommunications company’s office cameras
✍️ Privilege Escalation in AKS Clusters
✍️ Bypassing DOMPurify with good old XML
✍️ Identify a Facebook user by his phone number despite privacy settings set
✍️ Cross-Origin Resource Sharing (CORS) Misconfiguration leads to User’s PII leaks.
✍️ Detectify Labs
✍️ PowerShell script, Unicode quotes and ウィンドウズ - a story of uncommon command injection
✍️ How We Found Another XSS in Google with Acunetix
✍️ From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response
✍️ A Practical Guide to PrintNightmare in 2024
✍️ 500$: MFA bypass By Race Condition
✍️ Content-Security-Policy Bypass to perform XSS using MIME sniffing
✍️ Hacking Microsoft and Wix with Keyboard Shortcuts
✍️ The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022
✍️ My Journey To The Google Hall Of Fame
✍️ Autodesk Fusion 360 <= 2.0.12887 “Insert SVG” Blind XXE
✍️ One Cloud-based Local File Inclusion = Many Companies affected
✍️ Reflected XSS In AT&T
✍️ Anatomy of an IoT Exploit, from Hands-On to RCE
✍️ From http:// domain to res:// domain xss by using IE Adobe’s PDF ActiveX plugin
✍️ First bounty, time to step up my game
✍️ The story of my first ever, 1500$, bounty from Facebook.
✍️ Hacking into Admin Panel of U.S Federal government system C.A.R.S — without credentials.
✍️ Staff and Triage can modify the initial post of a report
✍️ How I found my first RCE | by Vrushabh Lakhani
✍️ How I found a bug in Apple within just in 5min.
✍️ PII-nacles of Discovery: Deep Recon, Fourth-Level Subdomains, and Abusing Exposed .git Repositories
✍️ Dependency Confusion Vulnerability Found in an Archived Apache Project
✍️ Bypassing Access Control in a Program on Hackerone !!
✍️ Send request to Martians. Earthlings are already your friends.
✍️ How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
✍️ How I got $$$ from AT&T
✍️ Stored XSS in message.alibaba.com ($2,000)
✍️ Unauthenticated GraphQL Introspection and API calls
✍️ Breaking Business Logic via Coupons — The Story of my 1st Valid Bug Bounty
✍️ Phantom Secrets: Undetected Secrets Expose Major Corporations
✍️ Remediation Archeology — Finding and Decoding an Ancient XSS
✍️ Attacking the Android kernel using the Qualcomm TrustZone
✍️ Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
✍️ Facebook Creator Studio Misconfiguration $$$$
✍️ Subdomain Takeover: Yet another Starbucks case
✍️ Stored Iframe Injection & Permanent Open Redirection - Zero Day
✍️ How I Found an Insecure Direct Object Reference in TikTok
✍️ Hunting for bugs in Telegram's animated stickers remote attack surface
✍️ Naufal Septiadi
✍️ Oracle Server Side Request Forgery (SSRF) Metadata
✍️ My 2nd 4digit Bug Bounty From Facebook
✍️ Your NAS is not your NAS !
✍️ CVE-2022-32206: HTTP compression denial of service
✍️ How I took over an admin panel and got $500
✍️ Darrell Damstedt
✍️ Reflected XSS at https://photos.shopify.com/
✍️ [RCE] Remote code execution at api.PrivateProgram.com (CVE-2017-5638)
✍️ Csrf Bypass Using Cross Frame Scripting
✍️ Intro to Open-source Bug Bounty
✍️ Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
✍️ Exploiting an SSRF: Trials and Tribulations
✍️ Join Facebook Group With Unpublish Page
✍️ Abusing the Replicator: Silently Exfiltrating Data with the AWS S3 Replication Service
✍️ Intigriti XSS Challenge July 2024 — Finding a new DOMPurify bug
✍️ Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
✍️ How I Hacked Exam Portal and got access to 10k users data including webcams?
✍️ Google Cloud Shell XSS
✍️ HigherLogic Community RCE Vulnerability
✍️ Reflected Cross Site Scripting at Paypal.com
✍️ Fetch Diversion
✍️ Multiple vulnerabilities in Nokia BTS Airscale ASIKA
✍️ Introducing Aladdin
✍️ How I could access your internal servers, steal and modify your image repository
✍️ Tampering with Conditional Access Policies Using Azure AD Graph API
✍️ Uber Bug Bounty: 1000$ for two “high severity” issue
✍️ Remote Code Execution in .tgz File Upload
✍️ Vulnerability in Linux containers – investigation and mitigation
✍️ Yes I can see your OTP
✍️ Uploading Backdoor For Fun And Profit.
✍️ The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…
✍️ [web3] L2 WormholeGateway Vulnerability Post-Mortem
✍️ CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers
✍️ Got Bounty with Account takeover (ATO ) Unicode-Case Mapping Collision !
✍️ How I was able to make users loss of money on Google Pay
✍️ Ransacking your password reset tokens
✍️ Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237
✍️ Story Of My First RCE :)
✍️ CVE-2023–1410 : Stored XSS in the Graphite Function Description tooltip
✍️ How I found Command Injection via Obsolete PHPThumb
✍️ Forging OAuth tokens using discovered client id and client secret
✍️ Stored XSS at Trello.com
✍️ Subdomain takeover and Text injection on a 404 error page-$100 bounty
✍️ Hiding from a custom list is possible on who sees our post is possible making victim not remove them from the list.
✍️ How I could’ve bypassed the 2FA security of Instagram once again?
✍️ Microsoft Azure Site Recovery DLL Hijacking
✍️ reCAPTCHA bypass via HTTP Parameter Pollution
✍️ Medium Content Spoofing Leads to XSS
✍️ IDOR Vulnerability: A Journey to Full Account Takeover
✍️ PeckShield
✍️ Facebook Page Admin Disclosure
✍️ CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data
✍️ PHP Development Server <= 7.4.21 - Remote Source Disclosure
✍️ The story of exposed service, SSRF, CSP bypass and credentials stealing via XSS
✍️ The Army Of The Headless Browsers
✍️ Binary.com ClickJacking Vulnerability — Exploiting HTML5 Security Features
✍️ Netskope Client Service Local Privilege Escalation
✍️ Two weeks of securing Samsung devices: Part 2
✍️ Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms
✍️ XSS on account.leagueoflegends.com via easyXDM [2016]
✍️ How i Hacked into a bugcrowd. public program
✍️ Talal Haj Bakry (@parasarora06)
✍️ GraphQL introspection leads to sensitive data disclosure
✍️ How we have pwned Root-Me in 2022
✍️ Encrypted Payload -> Decrypted Execution ($600) : Stored XSS
✍️ Write Up – Google VRP Bug Bounty: /etc/environment Local Variables Exfiltrated On Linux Google Earth Pro Desktop App – $1,337 USD
✍️ Stealing user passwords through a VPN’s SSO
✍️ [No Bounty] Git Exposed: How a Government Website Left Its Secrets Open | by Sachin Kewat
✍️ 23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite
✍️ Huawei LTE USB Stick E3372: From File Overwrite to Code Execution
✍️ Bypass Apple’s redirection process with the dot (“.”) character
✍️ Control Your Types Or Get Pwned: Remote Code Execution In Exchange Powershell Backend
✍️ Command Injection in Asus M25 NAS
✍️ Generate valid signatures for FBCDN urls
✍️ Stored XSS To Cookie Exfiltration
✍️ Non-Production Endpoints as an Attack Surface in AWS
✍️ Exploiting Business Logic — Wallet Money
✍️ The 3 Day Account Takeover
✍️ Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed.
✍️ Vimeo SSRF with code execution potential.
✍️ A Simple bypass of Registration Activation that Lead to many Bug -
✍️ Worth $1,500 IDOR (Access Unauthorize Data)
✍️ OpenEMR - Remote Code Execution in your Healthcare System
✍️ XSS to XXE in Prince v10 and below (CVE-2018-19858)
✍️ Bypass password confirmation in Facebook “DYI” feature
✍️ Microsoft’s first bug
✍️ How I Hacked the Dutch Government: Exploiting an Innocent Image for Remote Code Execution
✍️ Part 2
✍️ An analysis of logic flaws in web-of-trust services
✍️ CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1
✍️ Blinding Snort: Breaking The Modbus OT Preprocessor
✍️ Critical SSRF on Evernote
✍️ Overwriting Banner Images on Etsy
✍️ How i got easy $$$ for SQL Injection Bug
✍️ Google Bug Bounty: Clickjacking on Google Payment (1337$)
✍️ SSD Advisory – Apple Safari IDN URL Spoofing
✍️ Arbitrary Upload Any File Extensions - Xelkomy's blog
✍️ Disclosing the members of private Facebook Group as a non-member.
✍️ Piercing the Veal: Short Stories to Read with Friends
✍️ Google Ads — Information Disclosure via null pointer exception
✍️ From Wayback to Account Takeover
✍️ CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera
✍️ IDOR FACEBOOK: malicious person add people to the “Top Fans”
✍️ How i got 200$ with an out of the box open redirect vulnerability
✍️ Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability
✍️ How I Hacked Fotor & Got “Nothing”
✍️ Clickjacking DOM XSS on Google.org
✍️ Advisory | NetModule Router Software Race Condition Leads to Remote Code Execution
✍️ How i HACKED admin account via password reset IDOR function of one private currency exchanger site
✍️ How I bypassed PHP functions to read sensitive files on server
✍️ Business Logic Ratings Bug
✍️ The Story Of A Strange / Stored IDOR.
✍️ AntiHack.me Multiple Vulnerabilities
✍️ Discovering a zero day and getting code execution on Mozilla’s AWS Network
✍️ How I hacked Vending Machine
✍️ Why dynamic code loading could be dangerous for your apps: a Google example
✍️ Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution
✍️ CVE-2020-9759 - Getting root on webOS
✍️ SQl Injection
✍️ How i got my First Bug Bounty in Intersting Target (LFI to SXSS)
✍️ Luminate Internal Privilege Escalation — Admin to Owner
✍️ How I hacked into a government e-learning website
✍️ Hunting for SSRF Bugs in PDF Generators
✍️ From data leak to account takeover
✍️ How a Single Vulnerability Can Bring Down the JavaScript Ecosystem
✍️ [web3] Critical bug in Polygon PoS found by Barracuda3172
✍️ Hacking Apple - SQL Injection to Remote Code Execution
✍️ Google Bug Bounty: CSRF in learndigital.withgoogle.com
✍️ IDOR leads to account takeover
✍️ Uncursing the ncurses: Memory corruption vulnerabilities found in library
✍️ Pre-Auth RCE with CodeQL in Under 20 Minutes
✍️ Yes I can see your OTP
✍️ 2fa Bypass by changing Request method
✍️ How I could have stolen your photos from Google
✍️ Write Up – Apple N/A: PII Information, Full Contact List, Main Phone No. And Main Icloud Email Extracted; Bug Patched: Arbitrary Local File Read Via Zip File And Symlinks On Ios Files App.
✍️ Bypassing SSRF Protections
✍️ Finding vulnerabilities in Swiss Post's future e-voting system - Part 2
✍️ CVE-2022-29885 - Don't Open That Port - A Denial Of Service vulnerability on Apache Tomcat Cluster Service Listener
✍️ How I found 5 store XSS on a private program. Each worth "1,016.66$"
✍️ Blind XSS via SMS Support Chat — $1100 Bug Bounty!
✍️ MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135)
✍️ User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264)
✍️ Leak of internal categorySets names and employees test accounts.
✍️ Google OAuth is broken (sort of)
✍️ You’ve Crossed the Line — Disturbing a Host’s Rest
✍️ Upgrade from LFI to RCE via PHP Sessions
✍️ Chaining Self Blind XSS with Broken Access Control To Make it Non Self Blind XSS
✍️ Luminate Store Basics defacement and potential takeover
✍️ Bypassing WAFs to Exploit CSPT Using Encoding Levels
✍️ Drupal Insecure Default Leads To Password Reset Poisoning
✍️ Exploitation of Openfire CVE-2023-32315
✍️ Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service
✍️ Alias file to rule them all — One click code execution with alias file in macOS
✍️ Leveraging Template injection to takeover an account.
✍️ Simple IDOR to reject a to-be users invitation via their notification
✍️ [web3] Critical NFT Bridge Vulnerability: Potential Theft of Deposited NFTs. | by Heuss | Jun, 2023 | Medium
✍️ Pop-Ups in a good-world
✍️ Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
✍️ How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook
✍️ Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
✍️ XSS Stored On Messages In [ Outlook Web — Outlook Android App ]
✍️ Discovering 5 XSS Vulnerabilities In a Simple Way With Xssor.go
✍️ Google Maps API (Not the Key) Bugs That I Found Over the Years
✍️ Breaking Down Barriers: Exploiting Authenticated IPC Clients
✍️ Using Inspect Element to Bypass Security restrictions | Bug Bounty POC
✍️ My Hall of Fame at United Nations Success Story
✍️ [web3] Redacted Cartel Custom Approval Logic Bugfix Review. This is a postmortem of a vulnerability… | by Immunefi | Jun, 2022 | Medium
✍️ Papyal XML Upload Cross Site Scripting Vulnerability
✍️ BitLocker Lockscreen bypass
✍️ Tale of Account Takeovers (Part-1)
✍️ Server side prototype pollution, how to detect and exploit
✍️ Exploiting embedded mitel phones for unauthenticated remote code execution
✍️ Unrar Path Traversal Vulnerability affects Zimbra Mail
✍️ Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program
✍️ How I got your phone number through Facebook
✍️ Facebook account takeover due to unsafe redirects after the OAuth flow
✍️ Exploiting Application-Level Profile Semantics (APLS)
✍️ Just another XSS | by lnxcs
✍️ Next.js and cache poisoning: a quest for the black hole
✍️ Un3xpected DoS Attack on Profile Pictur3
✍️ A tale of critical account take over
✍️ 403 Forbidden Bypass Leading to Admin Endpoint Access.
✍️ Account Takeover by OTP bypass
✍️ Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
✍️ [Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I]
✍️ How i got 7000$ in Bug-Bounty for my Critical Finding.
✍️ New Vulnerability in protobufjs: Prototype Pollution - CVE-2023-36665
✍️ [Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application
✍️ SQL injections in Nokia sites.
✍️ How I got a lousyT-Shirt from the Dutch Government.
✍️ Get your Microsoft account hijacked by simply clicking connect button -Adesh Kolte
✍️ Change home directory and bypass TCC aka CVE-2020-27937
✍️ Stored XSS Vulnerability in H1C Private site
✍️ PHP Supply Chain Attack on Composer
✍️ Bug or Feature? GitHub Adventure #001
✍️ Cryptographic Side-Channels (Timing Leaks) in JSBN
✍️ The story of a fuzzing integration reward
✍️ Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties
✍️ H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress
✍️ ProtoBuffer ReUtilization “New Way to Security Test GoogleCaptcha”
✍️ MSRC – Joint security research write up – Azure AD Consent bypass disclosure with Kim Jamia – Q1/2022
✍️ Flickr XSS (Stored / DOM XSS)
✍️ Race Condition Authentication Bypass leads to Full Account Takeover
✍️ How I found my first RCE!
✍️ My write-up in hacking IBM’s administration panel and getting SQLi on it
✍️ Redwood Report2Web XSS and Frame injection
✍️ LLM Pentest: Leveraging Agent Integration For RCE
✍️ (POC) Untrim any live video on Facebook
✍️ Bypassing XSS filter and Stealing User Payment Data
✍️ Yeah! I got P2 in 1 minute - Stored XSS via Markdown Editor
✍️ Oracle Cross Site Scripting Vulnerability -Adesh Kolte
✍️ CVE-2023-4039: GCC's -fstack-protector fails to guard dynamic stack allocations on ARM64
✍️ Race Condition About The User Version and Ignored
✍️ Skype for Business Audit Part 1 - SKYPErsistence
✍️ DOM XSS – auth.uber.com
✍️ Traversing the Path to RCE
✍️ User’s email disclosure via invalid password reset link [$250]
✍️ Hacking a Large Company in MINUTES by Reading Docs
✍️ Idor in google product
✍️ Cool Vulns Don't Live Long - Netgear And Pwn2Own
✍️ Open-redirect Vulnerability on Facebook
✍️ UBER Wildcard Subdomain Takeover | BugBounty POC
✍️ How I bypassed the registration validation and logged-in with the company email
✍️ Exploits Explained: 5 Unusual Authentication Bypass Techniques
✍️ Another image removal vulnerability on Facebook
✍️ 500$ bounty: Man in the Middle on Slack
✍️ XSS in Google Colaboratory + CSP bypass
✍️ The neglected bug that can infect All Facebook users who pay for leads ads.
✍️ Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis
✍️ Uber XSS via Cookie
✍️ SQL Injection in The HTTP Custom Header
✍️ How I got access to critical data of a Company in no time ?
✍️ How i was able to hack a Company via watching a YouTube video
✍️ Groovy Template Engine Exploitation – Notes from a real case scenario
✍️ My First Account Takeover
✍️ [No Bounty] India’s Aadhar Card Source Code Disclosure via Exposed .svn/wc.db
✍️ My Disclosed Report about Basic auth Api details at Reverb.com
✍️ Cloudflare WAF XSS
✍️ The $16,000 Dev Mistake
✍️ BigQuery SQL Injection Cheat Sheet
✍️ Subdomain Takeover via Campaignmonitor.com
✍️ Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable
✍️ Link injection on 2 Twitter Subdomain
✍️ CVE-2022-22655 - TCC - Location Services Bypass
✍️ Attacking The Software Supply Chain With A Simple Rename
✍️ CVE-2022–36446 — Webmin 1.996 — Remote Code Execution (RCE — Authenticated) During Install New Packages
✍️ TypeORM Prototype Pollution Leading To SQL Injection (CVE-2022-36531)
✍️ Never Give Up, The Story Behind a Dupe-To-Triaged
✍️ Bypassing Amazon Kids+ Parental Controls
✍️ How i bypassed AKAMAI KONA WAF , XSS in overstock.com !
✍️ Bug Chain leads to Mass Account Takeover!
✍️ [web3] Diving Deep into a Critical Protocol Insolvency Bug in Fringe.fi Lending Platform | Trust
✍️ From Wayback Machine To Account Takeover
✍️ CVE-2022-32898: ANE_ProgramCreate() multiple kernel memory corruption
✍️ The Linux Kernel and the Cursed Driver
✍️ Turning Your Computer Into a GPS Tracker With Apple Maps
✍️ AWS Cognito pitfalls: Default settings attackers love (and you should know about)
✍️ Exploiting URL Parsers: The Good, Bad, And Inconsistent
✍️ Super Blind SQL Injection- $20000 bounty | Thousands of targets still vulnerable
✍️ How I got stored XSS using file upload
✍️ No-Rate and Input limitations on password reset page chained into Denial Of Service attack on one of US Dept of Defense website.
✍️ A great weekend hack(worth $8k)
✍️ Java applet + serialization in 2024! What could go wrong?
✍️ DoS and BugBounties :A series of DoS attacks on HackerOne
✍️ Reflected Cross Site Scripting on User Agent-Dependent Response
✍️ Write Up – Private Bug Bounty: Firebase Database Exposed By Misconfiguration – $2,000 USD
✍️ How I Chained an Information Disclosure Bug with SQL Injection
✍️ Microsoft Remote Desktop Web Access Authentication Timing Attack
✍️ How I turned 0000 into $600: Phone Verification Bypass
✍️ Xss in Microsoft
✍️ How I snooped into your private Slack messages [Slack Bug bounty worth $2,500]
✍️ How a simple bug in Facebook Lite let me win my first bug bounty from Facebook
✍️ SATisfying our way into remote code execution in the OPC UA industrial stack
✍️ [web3] Breaking Fluidity for Glory (and $50k) | Trust
✍️ Easy $$$ via API params manipulation leading to bypassing the email verification block
✍️ Wikimedia/svgtranslate 2.0.1 Remote Code Execution
✍️ Story About OTP Bypass To Stored XSS
✍️ How i was able to chain bugs and gain access to internal okta instance
✍️ DOM-based race condition: racing in the browser for fun
✍️ Third Party Android App Storing Facebook Data Insecurely (Facebook Data Abuse Program)
✍️ Cross Site Port Attack - A Stranger’s Call
✍️ Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
✍️ Stored XSS on Product Description [HIGH] — $400
✍️ Exfiltrating Data from Sandboxed Documents
✍️ Escaping misconfigured VSCode extensions
✍️ Bypass Uppercase filters like a PRO (XSS Advanced Methods)
✍️ Razer mobile PIN verification bypass $1k Bug
✍️ Variant Cloud Analysis
✍️ DLL Hijacking Strikes Back: Exploiting Windows on ARM RDP Client (CVE-2023-24905)
✍️ Hacking Admin Panel & Getting free subscription
✍️ Easy Bounty With Exposed Buckets & Blobs
✍️ Security Study of Service Worker Cross-Site Scripting.
✍️ ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792
✍️ [2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
✍️ CVE-2021-43798 - Path Traversal Vulnerability In Grafana
✍️ SSRF via DNS Rebinding (CVE-2022–4096)
✍️ Confirm if an invitation is sent to a specific email in Partners Portal / Possibility to resend the invitation
✍️ You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities
✍️ I got emails - G Suite Vulnerability
✍️ XSS to Database Credential Leakage & Database Access — Story of total luck!
✍️ How We Escaped Docker in Azure Functions
✍️ Apple Safari & Microsoft Edge Browser Address Bar Spoofing - Writeup
✍️ My First Bug ($500)
✍️ How I could have Hacked IIT Guwahati’s website
✍️ WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)
✍️ $9240 Bounty in 30 days Hunt Challenge
✍️ Hacking thousands of companies through their helpdesk
✍️ Business logic vulnerabilities
✍️ Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd
✍️ How I bypassed Reflected XSS in well-known platform
✍️ sqlol (CVE-2023-32422) - a macOS TCC bypass
✍️ Account Takeover via Response Manipulation worth 1800$..
✍️ How I Hacked the Voting System: A Deep Dive into Firebase and Firestore Security Vulnerabilities
✍️ CVE-2022-35256 - HTTP Request Smuggling in NodeJS
✍️ [CONFIRMATION BYPASS ]
✍️ Every XSS is different
✍️ Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough
✍️ Hacking ISP CPE equipment: FiberHome
✍️ XSSing Google Code-in thanks to improperly escaped JSON data
✍️ Firmware Security: Alcatel-Lucent ALE-DeskPhone
✍️ GitHub - RCE via git option injection (almost) - $20,000 Bounty
✍️ Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)
✍️ First Bug Bounty from DoS - Taking the service down | by BugBountyWriteup
✍️ Reflected XSS on www.zomato.com By Mustafa Hasan
✍️ The Bug That Kept On Giving :: PaymentBypass :: QR CODE
✍️ [web3] Exploiting Signature Verification Vulnerabilities in Smart Contracts | by Heuss | Jan, 2024 | Medium
✍️ My Story With XSS
✍️ How you can find your first bug using google
✍️ From Google Dorking to Information Disclosure
✍️ Symlinks as mount portals: Abusing container mount points on MikroTik's RouterOS to gain code execution
✍️ Make recruiting referrals on behalf of employees
✍️ How Race Condition helped me break Business Logic of the application
✍️ How I found RCE But Got Duplicated
✍️ Look at what i found in Comodo
✍️ Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit
✍️ Privilege Escalation: From being a normal user to admin
✍️ Insecure Comments
✍️ ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC
✍️ CVE-2021-40662 Chamilo LMS 1.11.14 RCE
✍️ Pwn2Own Vancouver 2021 :: Microsoft Exchange Server Remote Code Execution
✍️ Hunting for Android Privilege Escalation with a 32 Line Fuzzer
✍️ Android Reddit App leaks images
✍️ How I hacked a Crypto Exchange (Bug Bounty Writeup)
✍️ RCE on admin panel of web3 website
✍️ NTLM Credential Theft in Python Windows Applications
✍️ HackerOne report
✍️ Partially disable Cybereason EDR as low privileges user on Windows
✍️ All about Single Sign-On (SSO) | by sl4x0
✍️ All About Hackerone Private Program Terapeak
✍️ CVE-2020-24427: Adobe Reader CJK Codecs Memory Disclosure Vulnerability
✍️ Pwn2Own Miami: Aveva Edge Arbitrary DLL Loading Vulnerability
✍️ Breaking SIP With Apple-signed Packages
✍️ Exploiting post message to steal and replace user’s cookies
✍️ Bug Hunting Journey of 2021
✍️ One more Parameter manipulation bug (🤑)
✍️ Godaddy XSS affects parked domains redirector/processor!
✍️ P5 to P1: Interesting Account Takeover
✍️ Hunting Tesla Model Y Secrets in the Parts Catalog
✍️ Hiding ourself in close friend’s list and avoiding victim to remove us from his close friend’s list.
✍️ Paypal stored XSS + Security bypass
✍️ Subscribe to typing notifications for any Instagram user
✍️ XSS attacks on Googlebot allow search index manipulation
✍️ Auth Bypass Round Two
✍️ [Bug Bounty] Exploiting Cookie Based XSS by Finding RCE
✍️ Two Minor Cross-Tenant Vulnerabilities in AWS App Runner
✍️ How I Was Able To Take Over One Of Dell’s Subdomains
✍️ GGvulnz — How I hacked hundreds of companies through Google Groups
✍️ Two RCEs are better than one: write-up of an interesting lateral movement
✍️ Security Advisory: NETGEAR Routers FunJSQ Vulnerabilities
✍️ Edmodo XSS Bug
✍️ Device Authorization Bypass!
✍️ Account takeover through password reset
✍️ CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
✍️ Genie Aladdin Connect Retrofit Garage Door Opener: Multiple Vulnerabilities
✍️ Information Disclosure through Signup Endpoint
✍️ A Developer's Nightmare
✍️ Site Wide CSRF On Glassdoor
✍️ Authorization bug that every bug hunter missed on a popular program
✍️ Zoom RCE from Pwn2Own 2021
✍️ Facebook email disclosure and account takeover
✍️ CVE-2024-37079:
✍️ Multiple Denial of Service (DoS) Vulnerabilities in GoProxy, Smokescreen libraries
✍️ Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins (CVE-2024-23897 & CVE-2024-23898)
✍️ SEC-596
✍️ XSS to OAuth access token leak in office online which can be used to account takeover
✍️ Stored XSS via Exif Data
✍️ [web3] Med: Brahma.fi Curve Miscalculations May Cause User Withdraws to Fail | Trust
✍️ Simple CORS misconfig leads to disclose the sensitive token worth of $$$
✍️ Hacking 6.5+ million websites => CVE-2022-29455 (Elementor)
✍️ How I was able to find easy P1 just by doing Recon
✍️ We discovered major vulnerabilities in Control Web Panel. Here’s how we found them.
✍️ From file upload to email:pass
✍️ Tokopedia Account Takeover Bug Worth 8 Million IDR
✍️ API Token Hijacking Through Clickjacking
✍️ Server-side prototype pollution: Black-box detection without the DoS
✍️ Open Redirect vulnerability found using link parameter
✍️ Using Dark Web in Bug Bounty
✍️ Bypassing Brand Collabs Manager Eligibility on Facebook
✍️ WRITE UP – GOOGLE BUG BOUNTY: LFI ON PRODUCTION SERVERS in “springboard.google.com” – $13,337 USD
✍️ Pwning your assignments: Stored XSS via GraphQL endpoint
✍️ Contentful Access Token Disclosure in Android APK
✍️ [web3] Critical bug in OpenZeppelin found by Ashiq Amien
✍️ Add draft subtitles to any Facebook video and Full Path Disclosure
✍️ Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
✍️ CVE-2023-23525: Get Root via A Fake Installer
✍️ $2,373
✍️ Information Disclosure Vulnerability in Adobe Experience Manager affecting multiple companies including Microsoft, Apple, Amazon, McDonald’s and many more.
✍️ How I was able to get your facebook private friend list [Responsible Disclosure]
✍️ User Account takeover in India’s largest digital business company
✍️ How I get Pre-Auth Remote Code Execution (CVE-2021–42237) on one of the Vendors
✍️ [web3] Sewer Pass Flash-claim Vulnerability & Fix. A bug in the Sewer Pass claiming contract… | by BendDAO | Feb, 2023 | Medium
✍️ Leaking Credit card Activity in logs? Yes Sir!
✍️ A Story About How I Found XSS in ASUS
✍️ Exploiting the Source Engine (Part 2) - Full-Chain Client RCE in Source using Frida
✍️ Telegram bug in terminated sessions
✍️ Escalating Privileges with Azure Function Apps
✍️ MSSQL linked servers: abusing ADSI for password retrieval
✍️ My First Critical Report
✍️ mXSS: The Vulnerability Hiding in Your Code
✍️ Open redirect in Instagram.com
✍️ Interesting case of SQLi
✍️ Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion
✍️ Scary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack Hackers
✍️ Technical Advisory – Multiple Vulnerabilities in Nagios XI
✍️ OAuth Misconfiguration found in small time-window of attack
✍️ Replying on LiveStream leading to Page Admin Disclosure: Facebook Bug Bounty
✍️ How I could have taken over any Pinterest account
✍️ Authenticated XXE vulnerability in IBM Tivoli Workload Scheduler CVE-2022-38389
✍️ OAuth 2.0 Authentication Misconfiguration
✍️ WordPress < 5.8.3 - Object Injection Vulnerability
✍️ SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege
✍️ How to Bypass Golang SSL Verification
✍️ Blind OS Command Injection via Activation Request
✍️ CVE−2022-3602: Punycode buffer overflow in OpenSSL
✍️ We Hacked Larksuite For 1 month and Here is what we found
✍️ How I broke into Google Issue Tracker
✍️ Hacking the Subway Android app
✍️ Vulnerabilities In CocoaPods Open The Door To Supply Chain Attacks Against Thousands Of iOS And MacOS Applications
✍️ Unauthorized access to all the user’s account.
✍️ How Twitch Helper Can Be Used for Privilege Escalation
✍️ The AccountTakeOver Killing Chain
✍️ Multiple xss in *.skype.com (2)
✍️ The Embedded YouTube Player Told Me What You Were Watching (and more)
✍️ Vulnerability in Dahua’s ONVIF Implementation Threatens IP Camera Security
✍️ Mistuned Part 1: Client-side XSS to Calculator and More
✍️ Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)
✍️ Taking over the Medium subdomain using Medium
✍️ Chaining Bugs to get my First Bug Bounty
✍️ XML XSS in *.yandex.ru by Accident
✍️ Stored XSS Vulnerability in Jotform and H1C Private Site
✍️ GCP AI Notebooks Vulnerability - Remediation
✍️ Remote code execution in BIRT Viewer ≤ 4.12.0 (CVE-2023-0100)
✍️ From Information Disclosure to interesting Privilege Escalation
✍️ Finding Initial Access on a real life Penetration Test
✍️ How I was able to Take over a support chat using leaked Keys
✍️ Abusing JSON Web Token to steal accounts — 3000$
✍️ PII Disclosure of Apple Users ($10k)
✍️ #BugBounty — ”I don’t need your current password to login into your account” - How could I completely takeover any user’s account in an online classified ads company.
✍️ Breaking Application’s Logic to DOS Attack
✍️ Recon only bugs are sweet!
✍️ Account Takeover via Stored XSS
✍️ Obtaining XSS Using Moodle Features and Minor Bugs
✍️ MEGA’s Unlimited Cloud Storage Vulnerability
✍️ Multi-factor Auth Bypass with Password Reset Function
✍️ Trim private live videos and access them (Meta bug bounty)
✍️ Stored XSS with two different parameters
✍️ CVE-2021-39165: A Bug Bounty Journey from a Laravel SQL Injection Vulnerability
✍️ I scanned every package on PyPi and found 57 live AWS keys
✍️ Slides
✍️ Write up – $1,000 usd in 5 minutes, xss stored in outlook.com (ios browsers)
✍️ Fullscreen API Attack’s Revisited and the FaceBook NA Story
✍️ Static Taint Analysis Using Binary Ninja: A Case Study Of MySQL Cluster Vulnerabilities
✍️ CVE-2018-13784: PrestaShop 1.6.x Privilege Escalation
✍️ Stored Cross-Site Scripting (XSS) in Zimbra version 8.8.15_GA_4059 CVE-2022-41348
✍️ How I Hacked Instagram Again
✍️ Hacking on a plane: Leaking data of millions and taking over any account
✍️ How I found Blind SQL Injection just by browsing and getting a unique URL
✍️ Password Reset Poisoning leading to Account Takeover
✍️ Chaining bugs for better bounties
✍️ CVE-2022-38108: RCE In Solarwinds Network Performance Monitor
✍️ The 5000$ Google XSS
✍️ Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure
✍️ Super Glamorous Recon with Intended Functionalities
✍️ Finding Hundreds of SSRF Vulnerabilities on AWS
✍️ Remote Code Execution by Abusing Apache Spark SQL
✍️ Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey
✍️ Coinbase AngularJS DOM XSS via Kiteworks
✍️ You Can’t Always Win Racing the (Key)cloak
✍️ Let’s know How I have explored the buried secrets in Xamarin application
✍️ Got Nice catch by Google
✍️ Hacking GTA V RP Servers Using Web Exploitation Techniques
✍️ Subdomain Take Over Worth 100£
✍️ How I access other domains in infinityfree.net using Directory Traversal
✍️ Deno: Digging Tunnels out of a JS Sandbox
✍️ Penetrating PornHub – XSS vulns galore (plus a cool shirt!)
✍️ My write up about UBER Cross-site scripting by help of KNOXSS
✍️ LedgerSMB – CVE-2024-23831: Privilege escalation through CSRF attack on “setup.pl”
✍️ Discovery of an XSS on Opera
✍️ Privilege Escalation — Playing with the various stages of a session state
✍️ Container security: Infecting images to establish backdoors
✍️ How I hacked Tinder accounts using Facebook’s Account Kit and earned $6,250 in bounties
✍️ My First NoSQL Injection Bug | by Burhanu Rasheed
✍️ 1 Program, 4 Business Logic Bugs and Cashing in 2300$.
✍️ Authorization bypass in Google’s ticketing system (Google-GUTS)
✍️ CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/deletion Vulnerability
✍️ XSS by tossing cookies
✍️ Self XSS To Stored Through IDOR/
✍️ Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
✍️ Old GitHub Profile Takeover!
✍️ Event Creator Is Not Able To Block The Attacker During Event Livestream
✍️ XSS will never die
✍️ Web Cache Deception to API endpoint attack using cached token header
✍️ User's email disclosure via invalid password reset link [$250]
✍️ Privilege Escalation in Microsoft Teams
✍️ Guest Blog: From File Upload to RCE
✍️ Azure Ad Kerberos Tickets: Pivoting To The Cloud
✍️ Hack Your Form-New vector for Blind XSS
✍️ [CVE-2022-34918] A crack in the Linux firewall
✍️ Authentication_token_bypass Leads Too_idor
✍️ How I Tracked You Around The Globe 🌎
✍️ How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain
✍️ Zimbra “zmslapd” Local Root Exploit.
✍️ Bug Bounty - Information Disclosure through error message + WAF Bypass led to Local File Inclusion
✍️ [XSS] survey.dropbox.com
✍️ Story of Account Takeover : Using Social Login with Mass Assignment Vulnerability to hack accounts !
✍️ Stealing Videos From VLC
✍️ Analyzing the SonicWall Custom Grub LUKS Encryption Modifications
✍️ [TOKOPEDIA] Site-wide CSRF through GraphQL request
✍️ Finding Deserialization Bugs In The Solarwind Platform
✍️ Account takeover worth $1000
✍️ RCE using Path Traversal
✍️ A Developer's Nightmare Part-2
✍️ Bypassing the Redirect filters with 7 ways
✍️ How I able to Takeover 10 subdomains in a Private Program ?
✍️ $10k host header
✍️ Exploitation of an SSRF vulnerability against EC2 IMDSv2
✍️ Shells And SOAP: Websphere Deserialization To RCE
✍️ How I Manipulated My Rank on the Bugcrowd Platform
✍️ Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
✍️ [$5K] Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO)
✍️ GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloads
✍️ CSRF account takeover in a company worth 1B$
✍️ DoubleTrouble
✍️ Decoding a $😱,000.00 htpasswd bounty
✍️ Vulnerability in Electron-based Application: Unintentionally Giving Malicious Code Room to Run
✍️ How I got Owned A Multi-Billion Dollar Retailer’s MySQL Databases Using Simple SQL Injection
✍️ The 5000$ Google XSS
✍️ How I was able to takeover Facebook account
✍️ Persistent Cross-Site Scripting on redacted worth $2,000
✍️ Stored XSS via Invite leading to Mass Account Takeover at Opera.
✍️ CVE-2022-20942: It's not old functionality, it's vintage
✍️ Email Graffiti: hacking old email
✍️ Blind IDOR in LinkedIn iOS application
✍️ Joomla! CVE-2023-23752 to Code Execution
✍️ Basic recon to RCE
✍️ Facebook Fizz integer overflow vulnerability (CVE-2019-3560)
✍️ FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
✍️ Unauthenticated Remote Command Execution in Multiple WAGO Products
✍️ Access Control Violation - Sensitive Data Exposure
✍️ Leveraging Android Permissions: A Solver Approach
✍️ CVE-2019–6238: Apple XAR directory traversal vulnerability
✍️ $5000 Google IDOR Vulnerability Writeup
✍️ How we hacked one of the worlds largest Cryptocurrency Website
✍️ Rooting Xiaomi WiFi Routers
✍️ Windows 10 RCE: The exploit is in the link
✍️ Banning users Race condition
✍️ Page Admin Disclosed In Groups Due To Improper Session Handling In Facebook Web
✍️ Bypassing Chrome's URL restrictions
✍️ Shell in the Ghost: Ghostscript CVE-2023-28879 writeup
✍️ Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer
✍️ Unauthenticated Access To Cloud Portal — A 🚪 Without 🗝️
✍️ Dynamic Linking Injection and LOLBAS Fun
✍️ Hacking Moodle Apps Via External Functions
✍️ PandoraFMS - Pre-Auth Remote Code Execution
✍️ Story of a very lethal IDOR.
✍️ Manual broken link monitoring
✍️ CVE-2023-38146: Arbitrary Code Execution via Windows Themes
✍️ "F**k you Thomas" - ToyTalk bug bounty writeup
✍️ Weak Password Setting function on practo.com
✍️ Microsoft Azure Synapse Pwnalytics
✍️ Reflected XSS in 360totalsecurity
✍️ The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
✍️ A vulnerability on Patreon, and their elusive bounty program.
✍️ Small bugs are more dangerous than you think
✍️ Broken access control in GoAnywhere Admin portal
✍️ Zero Click To Account Takeover (IDOR + XSS)
✍️ [web3] Critical bug in Cronos found by 0xDjango worth 1.6K
✍️ Facebook Workplace Privilege Escalation Vulnerability To Change The Post Privacy As Public
✍️ Messenger Rooms Bug Bounty Write-up
✍️ [demo.paypal.com] Node.js code injection (RCE)
✍️ IDOR on bitdefender.com
✍️ Using E-Notation to bypass Access Control restrictions to access arbitrary user PII-discussions
✍️ Pwning the portal: from database dump to session hijacking
✍️ Playing Dominos with Moodle's Security (2/2)
✍️ Abusing URI Parsers for fun and profit
✍️ Scan QR Code and Got Hacked (CVE-2021–43530 : UXSS on Firefox Android Version)
✍️ Account Takeover - Inside The Tenant
✍️ Chaining Open Redirect with XSS to Account Takeover
✍️ My first valid xss(@Hackerone)
✍️ Blind XSS and Time-Based SQL Injection to Admin Panel Control and Database Takeover
✍️ How i Find Database Credentials via Mass Recon & Recon Scoping on Gcash
✍️ From XSS to RCE (dompdf 0day)
✍️ Facebook Messenger exposing deleted messages using [Remove for Everyone]
✍️ The Short tale of two bugs on Google Cloud Product— Google VRP [Resolved]
✍️ “Like” Bypass on Customer Reviews — €500 bounty
✍️ #BugBounty — @Paytm Customer Information is at risk — India’s largest digital wallet company
✍️ SSRF in PDF renderer using SVG
✍️ Tenda AC15 AC1900 Vulnerabilities Discovered and Exploited
✍️ DownNotifier SSRF
✍️ A Story of mishandling the Chunked Data (CVE-2018-17082)
✍️ CRLF Injection Shenanigans
✍️ We Hacked Google A.I. for $50,000
✍️ When not to rely on Automated Tools
✍️ Command Injection Through BLH
✍️ The Speckle Umbrella story — part 2
✍️ Apple CoreText - An Unexpected Journey to Learn about Failure
✍️ Hacked Nokia With Reflected Cross-site Scripting Vulnerability….
✍️ Taking note: XSS to RCE in the Simplenote Electron client
✍️ Taking over Facebook Page Tabs
✍️ Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approval
✍️ White Hats - Nepal
✍️ Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication Component
✍️ 1-Click Account Takeover in Virgool.io — a Nice Case Study
✍️ Video PoC
✍️ How I acquired $XXX bounty by investing 99 cents
✍️ Path Traversal and Code Execution in CSLA.NET (CVE-2024-28698)
✍️ Exposing Millions of Voter ID card users’ details.
✍️ Atlassian Confluence - Remote Code Execution (CVE-2023-22527)
✍️ Youtube - Open redirection
✍️ Bruteforcing Instagram account’s passwords without limit.
✍️ Making the Facebook app more secure - $8500 bounty
✍️ Account Take Over (Via an API)
✍️ Rights Manager Graph API Disclosure of business employee to non business employee
✍️ What I Found on Sony Vulnerability Disclosure Program
✍️ Microsoft Office 365 Message Encryption Insecure Mode of Operation
✍️ CertPotato – Using ADCS to privesc from virtual and network service accounts to local system
✍️ Apollo Router Security Audit Report (Q2 2022)
✍️ Part 2 – Exfiltrating data (CVE-2020-3882)
✍️ Weird Email Verification Bypass
✍️ HackenProof Customer Story: Uklon
✍️ How I made my first $$$ from finding a bug in Facebook
✍️ Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net
✍️ EN | Administrator level Privilege Escalation story
✍️ What Bypassing Razer's DOM-based XSS Patch Can Teach Us
✍️ Solarwinds Serv-U 15.2.3 Share URL XSS (CVE-2021-32604)
✍️ CSRF Token Bypasss — A Tale of my $2k bug
✍️ XSS in WordPress via open embed auto discovery
✍️ Facebook New Account Verification Bypass
✍️ Chain of hacks leading to Database Compromise!
✍️ Broke limited scope with a chain of bugs (tips for every rider CORS)
✍️ CSRF PoC mistake that broke crucial functions for the end user/victim
✍️ $900 Blind XSS
✍️ Chaining Cache Poisoning To Stored XSS
✍️ An Unexpected Bounty — Email Bounce Issues
✍️ XSS with HTML and how to convert the HTML into charcode()
✍️ IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit
✍️ Microsoft Vancouver leaking website credentials via overlooked DS_STORE file
✍️ Gumtree – leaking your data and not really listening
✍️ Part 2
✍️ CVE-2024-27822: macOS PackageKit Privilege Escalation
✍️ How I Might Have Hacked Any Microsoft Account
✍️ Vulnerabilities in NodeJS C/C++ add-on extensions
✍️ Tricky 2FA Bypass Leads to 4 digit Bounty $$$$
✍️ Content Injection in DuoLingo’s TinyCards App for Android [CVE-2017-16905]
✍️ Hijacking GitHub Runners To Compromise The Organization
✍️ Admin Disclosure of Facebook Business all Pages by normal employees:
✍️ [BugBounty] XSS with Markdown — Exploit & Fix on OpenSource
✍️ Using CSRF I Got Weird Account Takeover
✍️ ServiceNow Insecure Access Control To Full Admin Takeover
✍️ Passive Recon with Spyse (Part-II)
✍️ Facebook WhiteHat: Able to access group plan even after leaving the group
✍️ Directory traversal in PDF viewing application. Leading to full database takeover
✍️ Symfony Debug Mode + Another Vector for AWS keys
✍️ Facebook – Send Notifications to any User Exploit
✍️ Limited freemarker ssti to arbitrary liql query and manage lithium cms
✍️ Paypal’s Security Check Bypassed
✍️ EN | Administrator level Privilege Escalation story
✍️ Directory Traversal, SQL Injection and Server-Side Request Forgery
✍️ JS file enumeration for bug bounty hunters
✍️ How I found a simple bug in Facebook without any Test
✍️ Exploiting File Uploads Pt. 2 – A Tale of a $3k worth RCE.
✍️ Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja
✍️ A web security story from 2008: silently securing JSON.parse
✍️ Free blockchain storage – Tale of a bug in Substrate’s FRAME runtime
✍️ Bug Hunting Journey of 2019
✍️ Subdomain Misconfiguration lead to AWS S3 Buckets Reader
✍️ WebView XSS, account takeover
✍️ Bug Bounty { How I found an Sensitive Information Disclosure( Reconnaissance ) }
✍️ CSRF Protection Bypass in Atlassian Confluence Server
✍️ Facebook Oauth bypass
✍️ Slides
✍️ Automating xss identification with Dalfox & Paramspider
✍️ CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution
✍️ 5 Different Vulnerabilities in Google’s Threadit
✍️ Disabling js for the win
✍️ Cache Deception Without Path Confusion
✍️ Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11284)
✍️ Fuzzing and Bypassing the AWS WAF
✍️ NCIIPC VDP Bug : Open Redirection Vulnerability In Govt. Site !!
✍️ Full account takeover worth $1000 Think out of the box
✍️ [Yahoo Bug Bounty] Unauthorized Access to Unisphere Management Server Debugging Facility on https://bf1-uaddbcx-002.data.bf1.yahoo.com/Debug/
✍️ Details about future collaboration profiles and pages have been revealed
✍️ SSRF That Allowed Us to Access Whole Infra Web Services and Many More
✍️ XSS On Twitter [Worth 1120$]
✍️ Cool paste jacking attack earned me $$$
✍️ Bypassing GitHub’s OAuth flow
✍️ Opera Browser (XSS)
✍️ The Art of IDOR: 7 IDORs in Edm0d0
✍️ Oh-Auth - Abusing OAuth to take over millions of accounts
✍️ CSRF in partners.facebook.com
✍️ Adding Descriptions to Instagram Posts on Behalf of Other Users
✍️ Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)
✍️ ECDSA Nonce Reuse
✍️ Adobe Acrobat hollowing out same-origin policy
✍️ MobSF Remote code execution (via CVE-2024-21633)
✍️ Back to the 90s: Fujitsu “IP series” Real-time Video Transmission Gear Hard Coded Credentials
✍️ Hacking — Tamper with the URL Parameters, especially if they modify the page
✍️ Hacked Google-Meet…??!
✍️ Chaining MFA-Enabled IAM Users with IAM Roles for Potential Privilege Escalation in AWS
✍️ *nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2
✍️ How a Simple CSRF Attack Turned into a P1 Level Bug
✍️ Blind CSS Exfiltration: exfiltrate unknown web pages
✍️ XSS to RCE in …
✍️ Critical Vulnerability through OSINT only
✍️ IDOR in session cookie leading to Mass Account Takeover
✍️ Unlock any blur text/picture without membership/subscription on Scribd.com |By Neuchi
✍️ Here’s How I Could Read Anyone’s Apple ID Metrics Remotely.
✍️ Bypass SameSite Cookies Default to Lax and get CSRF
✍️ Facebook BugBounty : Short story on Page admin disclosure
✍️ A subtle stored-XSS in WordPress core
✍️ XSS to Account Takeover

Frequently Asked Questions

The following are frequently asked questions about common vulnerabilities and security misconfigurations found during bug bounty hunting. Understanding these concepts is crucial for anyone starting their bug hunting journey.

What is an XSS vulnerability? Cross-Site Scripting (XSS) attacks are a type of injection attack in which malicious scripts are inserted into otherwise trustworthy and innocuous websites. XSS attacks occur when an attacker uses a web application to send malicious code to a particular end user, usually in the form of a browser side script. The flaws that enable these attacks to succeed are common and can be found wherever a web application uses input from a user within the output it generates without validating or encoding it.

There are mainly 3 types of XSS:

What is an IDOR vulnerability? When a web application or API exposes a reference to an internal implementation object, it is referred to as Insecure Direct Object Reference (IDOR). This method exposes the element's true identifier and the data format it uses. This is a common access control flaw.

An example would be an API that gives you access to data belonging to other users, through an endpoint - /api/users/:id where an attacker can fetch data of any user by manipulating the id parameter.
What is an SSRF vulnerability? In a Server-Side Request Forgery (SSRF) attack, the attacker can read or update internal resources by abusing server features. The attacker may supply or change a URL to which the server's code can read or send data, and by carefully choosing the URLs, the attacker might be able to read server configuration such as AWS metadata, connect to an internal service, or access sensitive files.
What is a SQLi vulnerability? A SQL injection attack involves inserting or "injecting" a SQL query into the application through the client's input data. An effective SQL injection exploit can read sensitive data from the database, alter database data (Insert/Update/Delete), and even perform database administration operations.
What is an RCE vulnerability? If user input is inserted into a File or a String and then executed (evaluated) by the backend programming language's parser, a remote code execution (RCE) vulnerability can be exploited. A Remote Code Evaluation will result in the entire web application and web server being compromised as it allows an attacker to execute arbitrary commands on the server.
How can I reach you? If you have any feedback or, concerns about this site, I can be reached on Twitter.