>

🚀 We've added new community writeups and a Web3 section! Click here to see what's new.

🐛 Bug Bounty Hunting Search Engine

Made with ❤️ by @payloadartist
NEW
Example search: http://bugbountyhunting.com/?q=keyword
Showing 1337 random writeups. Use the search bar to find more.
✍️ How I Hacked Instagram Again
✍️ Bypassing OGNL sandboxes for fun and charities
✍️ [web3] Bitswift Unlimited Mint Bugfix Postmortem. This is a postmortem of a vulnerability… | by Immunefi | Dec, 2021 | Medium
✍️ How I was able to find the P4 vulnerability in the United States Department of Agriculture by phone.
✍️ Google Cloud Shell - Command Injection
✍️ Local File Inclusion in peering.google.com
✍️ CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)
✍️ Bypassing Google Maps API Key Restrictions
✍️ Removing Covers Images on Friendship Pages, on Facebook
✍️ Expose the email address of Workplace users
✍️ Stored XSS via Exif Data
✍️ Bullied by Bugcrowd over Kape CyberGhost disclosure
✍️ Hacking your own antivirus for fun and profit (Safe browsing gone wrong)
✍️ Play the music and bypass TCC aka CVE-2020-29621
✍️ ‘Websocket Hijacking’ to steal Session_ID of victim users
✍️ Exploit Archeology - Exploiting an old unknown Server Side Browser
✍️ Blind XSS to full control of forum [worth $$$] | by Hacking articles
✍️ Canary Token OSS Security Audit Report (Q2 2024)
✍️ Reflected XSS at https://photos.shopify.com/
✍️ Rewriting a photo not owned by the session user in Moments App (Revisited)
✍️ [web3] Yield Protocol Logic Error Bugfix Review. This is a postmortem of a vulnerability… | by Immunefi | Apr, 2023 | Medium
✍️ OTP Verification Bypass
✍️ API DOCS takeover on Readme.io
✍️ Accessing Grofers Grafana Instance Using Shodan
✍️ Collecting Shells by the Sea of NAS Vulnerabilities
✍️ A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: WD PR4100 Edition
✍️ ESEA Server-Side Request Forgery and Querying AWS Meta Data
✍️ Pwn2Own 2021: Parallels Desktop Guest To Host Escape
✍️ AWS SSRF to Root on production instance — A bug worth 1.75Lacs
✍️ The Story Of A Strange / Stored IDOR.
✍️ CORS Misconfiguration leading to Private Information Disclosure
✍️ Escaping Parallels Desktop with Plist Injection
✍️ My First Bug ($500)
✍️ 0 click Facebook Account Takeover and Two-Factor Authentication Bypass
✍️ One Cloud-based Local File Inclusion = Many Companies affected
✍️ Collabora Online Stored XSS (CVE-2024-29182)
✍️ Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com ) with Steps
✍️ 2022 Microsoft Teams RCE
✍️ Reflective XSS and Open Redirect on Indeed.com subdomain
✍️ Cannot Delete Post on Facebook Group: Facebook Bug Bounty
✍️ One-click DOS via Response Manipulation
✍️ Disclose Ad Accounts linked with Instagram Accounts
✍️ Blind IDOR in LinkedIn iOS application
✍️ $3133.7 Google Bug Bounty Writeup- XSS Vulnerability!
✍️ Practical Example Of Client Side Path Manipulation
✍️ SQL injection to Remote Command Execution (RCE)
✍️ Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain
✍️ Exploiting A Remote Heap Overflow With A Custom TCP Stack
✍️ How I downed acronis.com in 2 minutes — Lucky bug write up
✍️ Hijacking a Facebook Account with SMS
✍️ Bypassing Cloudflare WAF: XSS via SQL Injection
✍️ Finding and exploiting race condition vulnerability on facebook server
✍️ My First RCE (Stressed Employee gets me 2x bounty)
✍️ Improper Implementation of My Status video time limit in WhatsApp
✍️ Triple Threat: Breaking Teltonika Routers Three Ways
✍️ Exploiting CVE-2022-24816: A Code Injection In The Jt-jiffle Extension Of Geoserver
✍️ Multiple xss in *.skype.com (2)
✍️ CSRF 'protection' bypass on xvideos
✍️ CVE-2021-44790: Code Execution On Apache Via An Integer Underflow
✍️ Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console
✍️ Gaining access through error-based SQLi using WebSockets
✍️ Breaking Appointments and Job Interview Schedules With Malformed Times
✍️ Facebook Invitees Email Address Disclosure
✍️ Google Sites: A Tale of Five Vulnerabilities
✍️ How I got Owned A Multi-Billion Dollar Retailer’s MySQL Databases Using Simple SQL Injection
✍️ A Small Tale of Account Takeover …
✍️ Owning half of a government assets through AWS
✍️ Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat
✍️ $1.000 SSRF in Slack
✍️ Story Of My First Bounty by a Low Hanging Fruit! | by Liferacer
✍️ Password Reset Token Leak via X-Forwarded-Host
✍️ Create post on any Facebook page
✍️ Accessing to Data Sources of any Facebook Business account via IDOR in GraphQL
✍️ [web3] Critical NFT Bridge Vulnerability: Potential Theft of Deposited NFTs. | by Heuss | Jun, 2023 | Medium
✍️ Taking over Facebook Page Tabs
✍️ Complete User Account Takeover on an Android Application
✍️ Unrestricted File Upload to RCE | Bug Bounty POC
✍️ The Secret sauce of bug bounty
✍️ PII Disclosure Worth $750
✍️ AWS takeover through SSRF in JavaScript
✍️ LFI - An Interesting Tweak
✍️ Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services
✍️ Microsoft Office 365 - Outlook XSS
✍️ XSS Through Parameter Pollution
✍️ The Buffer Curse: A tale of unusual exploitation in Web Application
✍️ Symantec Messaging Gateway authentication bypass
✍️ How I hacked 74k users of a website.
✍️ Bypassing the Confirmation Email for Newsletter (bof.nl)
✍️ How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL
✍️ Two Factor Authentication Bypass [ $50 ]
✍️ Disclose Full Admin List of any Facebook Applications
✍️ Blind SQL injection with a little WAF
✍️ Playing With iframes: Bypassing Content-Security-Policy
✍️ Reflected XSS In AT&T
✍️ How i could take over any Account on a USA Department of Defense Website due to a simple IDOR
✍️ User Account takeover in India’s largest digital business company
✍️ Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story)
✍️ ONEPLUS XSS vulnerability in Customer Support Portal
✍️ Contrast discovers zero-day flaw in popular Quarkus Java framework
✍️ XSS, RCE & HTML File Upload in same endpoint
✍️ Write Up – Google Bug Bounty: XSS To Cloud Shell Instance Takeover (Rce As Root) – $5,000 USD
✍️ CSRF through URL with # tag parameter
✍️ Disclose private attachments in Facebook Messenger Infrastructure
✍️ Securing Open-Source Solutions: A Study of osTicket Vulnerabilities
✍️ Found SQL Injection Vulnerability on Government Organization Website!
✍️ CVE-2023-20864: Remote Code Execution In VMware Aria Operations For Logs
✍️ Joomla Password Reset Vulnerability And A Stored XSS For Full Compromise
✍️ CVE-2023-1906 - Heap-based Buffer Overflow in ImageMagick
✍️ Video PoC
✍️ ebay bug bounty
✍️ How I was able to takeover the company’s LinkedIn Page
✍️ Spoof All Domains Containing ‘d’ in Apple Products [CVE-2018-4277]
✍️ CSV injection at Comment Section.
✍️ Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
✍️ Parallels Desktop Toolgate Vulnerability
✍️ Microsoft Teams – CSV Injection
✍️ How I was able to see Private Video Uploader Via Facebook Rights Manager.[Responsible Disclosure]
✍️ Change payment account of any Facebook commerce page
✍️ Magento Template Engine, A Story Of CVE-2022-24086
✍️ Abusing Facebooks `Call To Action` To Launch Internal Deeplinks
✍️ Exploiting Out Of Band XXE using internal network and php wrappers
✍️ Getting a RCE — CTF Way
✍️ How I Hacked Everyone’s Resume/CV’s and Got €€€
✍️ Broken links hijacking and CDN takeover
✍️ Uploading the Webshell using filename of Content-Disposition Header Story!
✍️ Full structure takeover to many brands of company
✍️ Old new email attacks
✍️ API based IDOR to leaking Private IP address of 6000 businesses
✍️ Microsoft Remote Desktop Web Access Authentication Timing Attack
✍️ Security Implications of URL Parsing Differentials
✍️ Multiple Open URL Redirection Vulnerability in Facebook Worth $1500
✍️ Mass Assignment Leading to Pre Account Takeover
✍️ Security teams Internal attachments can be exported via “Export as .zip” feature on HackerOne
✍️ Post-Exploitation: Abusing the KeePass Plugin Cache
✍️ Account Takeover by OTP bypass
✍️ XSS in hidden input field
✍️ Shambles: The Next-Generation IoT Reverse Engineering Tool to Discover 0-Day Vulnerabilities
✍️ An Interesting Account Takeover Vulnerability
✍️ Source Code Analysis in YSurvey — Luminate bug
✍️ When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
✍️ How I was able to make users loss of money on Google Pay
✍️ Race Condition vulnerability in Azure Video Indexer allowed trial account users use Advance / Premium feature
✍️ Reflected Cross Site Scripting (Awards 3500$ bounty)
✍️ Hack ZTE router's admin panel
✍️ Sudoedit bypass in Sudo <= 1.9.12p1 (CVE-2023-22809)
✍️ Stealing money from one account to another account
✍️ Zero to Account Takeover: How I ‘Impersonated’ Someone Else Using Auth0
✍️ The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
✍️ Code execution as root via AT commands on the Quectel EG25-G modem
✍️ Vulnerability Causing Deletion of All Users in CrushFTP Admin Area
✍️ Bypassing restricted port protection in WebKit
✍️ Edmodo XSS Bug
✍️ Alternative link
✍️ [IDOR] $400 — Deleting Other Project in Shopee
✍️ Determine a Facebook user from an email address
✍️ Proof Of Concept Nokia Cross Site Scripting
✍️ Code Vulnerabilities Put Proton Mails at Risk
✍️ Hacking HackerOne: How computer vision helped uncover hidden vulnerabilities?
✍️ CVE-2022-32223 Discovery: DLL Hijacking via npm CLI
✍️ Facebook Vulnerability: $1500 for Removing Document Cover
✍️ How i found credential enriched redis dump
✍️ An inconsistent CSRF
✍️ Cross-Tenant Information Disclosure: Unraveling Microsoft Connections, Custom Connectors, and OAuth 2.0 in Power Automate
✍️ A tale of 0-Click Account Takeover and 2FA Bypass.
✍️ From JS to another JS files lead to authentication bypass
✍️ CVE-2021-22555: Turning \x00\x00 into 10000$
✍️ Takeover seller accounts worth billions & millions
✍️ [Google VRP] Hijacking Google Docs Screenshots
✍️ Traversing the Path to RCE
✍️ Inf0rM@tion Disclosure via IDOR
✍️ IDOR — Account Takeover
✍️ Unauthenticated SSRF on Havoc C2 teamserver via spoofed demon agent
✍️ Stealing HttpOnly Cookie via XSS
✍️ Microsoft Edge Browser For IOS - Address Bar Spoofing Vulnerability
✍️ Cross Site Port Attack - A Stranger’s Call
✍️ From AngularJS CSTI to credentials theft
✍️ Critical Bug Bounty Reports: Part 1
✍️ Story of Account Takeover : Using Social Login with Mass Assignment Vulnerability to hack accounts !
✍️ Remote Command Execution in Visual Studio Code Remote Development Extension
✍️ How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit
✍️ Bypassing An Industry-Leading WAF and Exploiting SQLi
✍️ DOM XSS – auth.uber.com
✍️ BlackBerry MDM Has Some Authentication Flaws
✍️ IDOR via Websockets allow me to takeover any users account
✍️ Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service
✍️ Google Adwords(Privilege Escalation): Read-only user able to add YouTube channels via Linked accounts
✍️ SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC
✍️ Exploiting a “Useless” Cookie-Based XSS and Making it Useful
✍️ Unleashing the Power of Recon: How I Earned $2500 in 5 Minutes
✍️ Operation Crack: Hacking IDA Pro Installer PRNG from an Unusual Way
✍️ The Tale of a Command Injection by Changing the Logo
✍️ Some Tips to Finding IDORs more easily and Fixing them
✍️ How I found 5 store XSS on a private program. Each worth "1,016.66$"
✍️ Mixed Messages: Busting Box’s MFA Methods
✍️ Spend more time doing recon, you’ll find more BUGS.
✍️ The Tale Of SSRF To RCE on .GOV Domain
✍️ AEM Bug in Adobe
✍️ [VDP] Open Redirection Bug on LinkedIn Sales Navigator Login Panel
✍️ How I Found A Simple Stored XSS
✍️ ADCS ESC13 Abuse Technique
✍️ My First Account Takeover
✍️ [Open redirect] Developers are lazy(or maybe busy)
✍️ Exploiting Misconfigured CORS on popular BTC Site
✍️ How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber
✍️ Patch. Bypass. Repeat: Story of a FaceBook Page Admin Disclosure bug worth $5000
✍️ Let’s Hack Citizens Bank
✍️ CSRF Attack!!!
✍️ [BugBounty] how do I get a premium tier account without paying a penny
✍️ Traccar 5 Remote Code Execution Vulnerabilities
✍️ Story of 5000$ bounty for Grafana Panel Access in Apple
✍️ Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP
✍️ googlesource.com access_token leak (Awarded $7500)
✍️ XSS Because of wrong Content-type Header
✍️ CVE-2023-29298: Adobe ColdFusion Access Control Bypass
✍️ SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction
✍️ Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)
✍️ Reflected XSS at Philips.com
✍️ Exposing Millions of Voter ID card users’ details.
✍️ Sleep SQL injection on Name Parameter While Updating Profile
✍️ CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS
✍️ Multiple xss in *.skype.com
✍️ Simple Remote Code Execution Vulnerability Examples for Beginners
✍️ SSRF Vulnerability in https://app.[REDACTED].com
✍️ Weblogic Remote Code Execution (Exploiting CVE-2019-2725)
✍️ CVE-2022-35405 Manage engines RCE (Password Manager Pro, PAM360 and Access Manager Plus)
✍️ An IDOR vulnerability often hides many others
✍️ Stored XSS Leads to Plaintext Password Disclosure
✍️ Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations
✍️ Abusing Azure Hybrid Workers for Privilege Escalation – Part 1
✍️ How I access other domains in infinityfree.net using Directory Traversal
✍️ Hijacking GitHub Runners To Compromise The Organization
✍️ OLX Reflected XSS on Resend Code link !!
✍️ How I gained commit access to Homebrew in 30 minutes
✍️ Victim’s Anti CSRF Token could be exposed to Third-party Applications installed on user’s Device (500$)
✍️ Two weeks of securing Samsung devices: Part 1
✍️ IDOR on bitdefender.com
✍️ Simple Bugs 0x01: Password Changing to Account Takeover!
✍️ Insecure Toyota CRM exposed Mexican customer information
✍️ Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3)
✍️ From ChatBot To SpyBot: ChatGPT Post Exploitation
✍️ Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite
✍️ Take Advantage of Out-of-Scope Domains in Bug Bounty Programs
✍️ A-Salt: attacking SaltStack
✍️ How i was able to get free money via sending negative tokens
✍️ Exploiting an HTML injection with dangling markup
✍️ gif it time it’ll come to you - Finding More Holes in The Hub
✍️ Dell KACE K1000 Remote Code Execution — the Story of Bug K1–18652
✍️ Bypassing the AWS WAF protection with an 8KB bullet
✍️ Unlock any blur text/picture without membership/subscription on Scribd.com |By Neuchi
✍️ Account takeover by OTP bypass
✍️ Cryptographic Side-Channels (Timing Leaks) in JSBN
✍️ DoubleTrouble
✍️ [web3] Zapper Arbitrary Call Data Bug Fix Postmortem. This is a postmortem of a vulnerability… | by Immunefi | Oct, 2021 | Medium
✍️ Exploit Development – A Sincere Form of Flattery
✍️ HackenProof Customer Story: Uklon
✍️ Clickjackings in Google worth 12644.7$
✍️ 1day to 0day(CVE-2022-30024) on TP-Link TL-WR841N
✍️ Amazon Cognito misconfiguration lead to account takeover
✍️ Sending ephemeral message to any Facebook user
✍️ CVE-2020–5842 Stored XSS Vulnerability in Codoforum 4.8.3
✍️ Abusing the SeRelabelPrivilege
✍️ Bug Bounty Stories #1: Tale of CSP bypass in an electron app!
✍️ Web Cache Deception Escalates!
✍️ How I was able to bypass OTP code requirement in Razer [The story of a critical bug]
✍️ Disclose any main and 3rd party contributors email address and movie local path thru XML file in Plex TV - plex.tv (Write Up)
✍️ Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1
✍️ Flickr XSRF to Change Photo Details
✍️ The ART of Chaining Vulnerabilities
✍️ Bounty Tip !! Easiest way to bypass API’s Rate Limit.
✍️ Information Disclosure through Signup Endpoint
✍️ Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirect great again
✍️ How I was able to access a properly Configured S3 Bucket
✍️ ModSecurity: Path Confusion and really easy bypass on v2 and v3
✍️ CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux
✍️ An unusual way to find XSS injection in one minute
✍️ [web3] Crit: Brahma.fi Fee Collection Does Not Take Previous Losses Into Account | Trust
✍️ Accessing 2 million Verizon Pay Monthly contracts
✍️ Arbitrary File Corruption: End - to - End Encrypted Messaging Application
✍️ Chain the vulnerabilities and take your report impact on the moon (CSRF to HTML INJECTION which results OPEN REDIRECT and could steal USER CREDENTIALS)
✍️ Bypass instructions to manipulate Google Bard AI (Conversational generative AI chatbot) to reveal its security vulnerability i.e. configuration file details exposure
✍️ Escalating Privileges like a Pro
✍️ ServiceNow Insecure Access Control To Full Admin Takeover
✍️ HackerOne report
✍️ XSS In sports.tw.campaign.yahoo.net
✍️ Cache Poisoning via SelfXSS + Path Parameter
✍️ An Obscure Actions Workflow Vulnerability in Google’s Flank
✍️ Exploiting American Conquest
✍️ OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect
✍️ [Writeup][Bug Bounty][Tokopedia] Manipulation of Likes in Product Reviews [EN]
✍️ CVE-2022-34265
✍️ Ability To Backdoor Facebook For Android
✍️ Sensitive Information Disclosure: Web Cache Deception Attack
✍️ How I Earned €150 in 2 Minutes | HTML injection in email
✍️ This popular Facebook app publicly exposed your data for years
✍️ Exploiting a Tricky Blind SQL Injection inside LIMIT clause
✍️ Memcached Command Injections at Pylibmc
✍️ Bypass confirmation to add payment method.
✍️ Unsecure time-based secret and Sandwich Attack - Analysis of my research and release of the “Reset Tolkien” tool
✍️ Steal authentication token with one-click on misconfigured WebView.
✍️ Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
✍️ SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts
✍️ Write-up - Love story, from closed as informative to $3,500 USD, XSS stored in Yahoo! iOS MaiL app
✍️ #BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection
✍️ Obtaining XSS Using Moodle Features and Minor Bugs
✍️ GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink
✍️ How I Was Able To Take Over One Of Dell’s Subdomains
✍️ RCE via Account Takeover
✍️ Multiple HTTP Redirects to Bypass SSRF Protections
✍️ [Responsible Disclosure] How we could have deleted any Linkedin post
✍️ Inf0rM@tion Disclosure via IDOR
✍️ HackerOne report
✍️ Beyond XSS: Edge Side Include Injection
✍️ How I was able to reveal page admin of almost any page on Facebook
✍️ From Discovery to Disclosure: ReCrystallize Server Vulnerabilities
✍️ Improper Privilege Management in Grails Spring Security Core <= 5.1.0 (CVE-2022-41923)
✍️ Stealing 0Auth Token (MITM)
✍️ Introducing Aladdin
✍️ CVE-2020-6519 - Chromium 83 Zero Day Full CSP Bypass Cross Platforms
✍️ Hacking Unity Games with Malicious GameObjects, Part 2
✍️ Replying Comments On Someone’s Livestream From Page Is Posted As Personal Identity
✍️ "CI Knew There Would Be Bugs Here" — Exploring Continuous Integration Services as a Bug Bounty Hunter
✍️ SSD Advisory – NETGEAR D7000 Authentication Bypass
✍️ I got emails — G Suite Vulnerability
✍️ The Secret sauce of bug bounty
✍️ Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO
✍️ [2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
✍️ AWS SageMaker Jupyter Notebook Instance Takeover
✍️ How we breached ZDFheute live on television
✍️ [UNPATCHED] Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloading
✍️ Unusual 403 Bypass to a full website takeover [External Pentest]
✍️ SATisfying our way into remote code execution in the OPC UA industrial stack
✍️ [VDP] Reflected XSS in Facebook’s Mirror Websites | by Hacking articles
✍️ Microsoft’s first bug
✍️ My First Bug Bounty From Bug Bounty Platform redstorm.io
✍️ Variant Cloud Analysis
✍️ Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net
✍️ Yahoo Bug Bounty: Exploiting OAuth Misconfiguration To Takeover Flickr Accounts
✍️ Official extension spoofing attacks: when trusted add-ons are not so trusted
✍️ Hacking Apple: Two Successful Exploits and Positive Thoughts on their Bug Bounty Program
✍️ Advanced CSRF Exploitation
✍️ An Interesting Account Takeover Vulnerability
✍️ mysqlnd/pdo password buffer overflow leading to RCE (CVE 2022-31626)
✍️ How i was able to steal private files of any user on Larksuite
✍️ SSH key injection in Google Cloud Compute Engine [Google VRP]
✍️ BatBadBut: You can't securely execute commands on Windows
✍️ Subdomain Take Over Worth 100£
✍️ Bypass Apple Corp SSO on Apple Admin Panel
✍️ A vulnerability on Patreon, and their elusive bounty program.
✍️ IDOR via Websockets
✍️ Stored XSS on Edmodo
✍️ Story Of Unexpected Bugs
✍️ Subdomain Misconfiguration lead to AWS S3 Buckets Reader
✍️ Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read
✍️ [Bug Bounty] 600$ Info Disclosure: obtain any user’s backup data
✍️ Pre-Auth Remote Code Execution - Web Page Test
✍️ Alternative link
✍️ Broken session management leads to bypass 2FA and Permanent access to Facebook user’s
✍️ Facebook Marketing Confidential Call Transcript
✍️ Two account takeover bugs worth $4300 🎁
✍️ Using Dark Web in Bug Bounty
✍️ How do I get cross site scripting(“xss”) in “Nokia”
✍️ How I hacked 23.900.000 tumblr domains at once :)
✍️ Simple & Sweet: Bypass email update restriction to change emails of team members
✍️ Cookie-based-injection XSS making exploitable with-out exploiting other Vulns
✍️ Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes
✍️ Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS
✍️ IDOR in session cookie leading to Mass Account Takeover
✍️ Improper Spring @Query Usage Allows N1QL Injection
✍️ Remote Code Execution by Bypassing Cloudflare: CVE-2022–29464 Analysis
✍️ Misconfiguration-Whatsapp Messenger
✍️ How I bypassed the registration validation and logged-in with the company email
✍️ Just another XSS | by lnxcs
✍️ CVE-2022-23835: A security analysis of Visual Voicemail
✍️ The Secret Parameter, LFR, and Potential RCE in NodeJS Apps
✍️ Story of a really cool SSRF bug.
✍️ Stealing Google Drive OAuth tokens from Dropbox
✍️ Open Redirect at Nvidia
✍️ Finding DOM Polyglot XSS in PayPal the Easy Way
✍️ XS-Leak: Deanonymize Microsoft Skype Users by any 3rd-party websites
✍️ CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services
✍️ Access Twitter blue features using deeplink without a subscription.
✍️ DOM-Based XSS at accounts.google.com by Google Voice Extension.
✍️ Google Security Misconfiguration Leads to Account Takeover !
✍️ Stealing your Paytm information using XSS
✍️ Abusing autoresponders and email bounces
✍️ Bypassing Safe Links in Exchange Online Advanced Threat Protection
✍️ Spip Preauth RCE 2024: Part 1, The Feather
✍️ Admin ,Editor can disclose personnel email of other editor, admin on page(who created shop)
✍️ Make recruiting referrals on behalf of employees
✍️ Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)
✍️ CS-Cart PDF Plugin Unauthenticated Command Injection
✍️ AliExpress XSS vulnerability - take over any seller account
✍️ Authentication Bypass | Easy P1 in 10 minutes
✍️ #BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!
✍️ The Bug That Kept On Giving :: PaymentBypass :: QR CODE
✍️ Getting Root - A Technical Walkthrough
✍️ Are you sure this is a trusted email?
✍️ [Tips & Tricks] Exfiltrating User's Data Through CSV Injection
✍️ How I could access your internal servers, steal and modify your image repository
✍️ Authenticated Arbitrary File Download (Path Traversal)
✍️ How I hacked Google’s bug tracking system itself for $15,600 in bounties
✍️ The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer
✍️ Exploiting QUIC's Path Validation
✍️ How An API Misconfiguration Can Lead To Your Internal Company Data
✍️ Blind XSS in Spotify's Salesforce Integration
✍️ Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)
✍️ GKE Autopilot Node Compromise via startup-script
✍️ How I made $1500 dollars using base64 decoder :)
✍️ How i hacked help desk of a Company
✍️ G Suite - Device Management XSS
✍️ Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd
✍️ An exciting journey to find SSRF , Bypass Cloudflare , and extract AWS metadata !
✍️ CSRF + Stored XSS Leading to Full Account Takeover
✍️ Type confusion attacks in ProseMirror editors
✍️ Zero-day in Sign in with Apple
✍️ How I Takeover Wordpress Admin fiiipay.my
✍️ Facebook Group Members Disclosure.
✍️ IP spoofing and SQL injection in Textcube
✍️ The unexpected bounty: A story of Zendesk takeover on REDACTED.com
✍️ Kubernetes pentest — Bypassing load balancer
✍️ [Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application
✍️ IDOR leads to account takeover
✍️ IDOR FACEBOOK: malicious person add people to the “Top Fans”
✍️ Tale of Easy P1 Bugs in Wild
✍️ Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2)
✍️ Hacking into the worldwide Jacuzzi SmartTub network
✍️ Alternative link
✍️ Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
✍️ External Trusts Are Evil
✍️ A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: Synology DS920+ Edition
✍️ Finding My First Critical Vulnerability
✍️ Defeating Length Filters to Dump the Database - SQLi
✍️ QRCDR ZeroDay Path Traversal Vulnerability
✍️ Subdomain takeover via pantheon
✍️ DNS Rebinding, The treacherous attack it can be
✍️ Understanding GitLab EE/CE Account TakeOver (CVE-2023-7028)
✍️ [VDP] How a lazy bug bounty hunter got a place on NASA HOF, an XSS story | by TRFFNSEC
✍️ 2FA Bypass via Logical Rate Limiting Bypass
✍️ XSS On Twitter [Worth 1120$]
✍️ Gaps in Azure Service Fabric’s Security Call for User Vigilance
✍️ Bug Hunting Journey of 2021
✍️ [VDP] How I Found My First SQL Injection In NASA | by Kapeka
✍️ #bugbounty How I Takeover Microsoft Store.
✍️ CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE
✍️ Chains on Chains: Chaining multiple low-level vulns into a Critical.
✍️ Svg XSS in Unifi v5.0.2
✍️ Exploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty program
✍️ How I found the Grafana zero-day Path Traversal exploit that gave me access to your logs
✍️ Latex to RCE, Private Bug Bounty Program
✍️ How I hacked a bank their application using it for hacking another bank company — 10K XSS
✍️ A Creative Way To Get Someones YouTube Videos Deleted + A Copyright Strike Against Their YouTube Channel
✍️ how I found a tricky XSS
✍️ CVE-2023-36844 And Friends: RCE In Juniper Devices
✍️ 10 golden minutes for taking over a Chess.com account
✍️ Bypass Apple’s redirection process with the dot (“.”) character
✍️ Password Bypass and Something Else…
✍️ Google Maps API Key Unauthorized Use Case
✍️ [Business Logic Bug] Bypassing Nickname Feature
✍️ Hacking My Helium Crypto Miner
✍️ Stealing User’s PII info by visiting API endpoint directly
✍️ Zoom RCE from Pwn2Own 2021
✍️ FlowscreenComponents Basepack, Version 3.0.7 Advisory
✍️ Reflected XSS In AT&T
✍️ Discovery of CVE-2022-35406
✍️ HTTP Request Smuggling CL.TE
✍️ Walid Hossain (@NoobWalid)
✍️ How I was able to take over any account via the Password Reset Functionality.
✍️ XSS on Facebook-Instagram CDN Server bypassing signature protection
✍️ The Nightmare of Apple's OTA Update: Bypassing the Signature Verification and Pwning the Kernel
✍️ Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 Bounty
✍️ Password Reset Poisoning leading to Account Takeover
✍️ How I got my first big bounty payout with Tesla
✍️ Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty
✍️ How I earned 500$ by uploading a file: write-up of one of my first bug bounty
✍️ Dropping root shell in a Crypto Exchange for Fun and Profitn't
✍️ Escalating Open Redirect to XSS
✍️ Hacking Facebook accounts using CSRF in Oculus-Facebook integration
✍️ The Importance of keeping up to date, or how I found an interesting bug thanks to a tweet
✍️ Technical Advisory – Multiple Vulnerabilities in Nagios XI
✍️ How I Gain Unrestricted File Upload Remote Code Execution Bug Bounty
✍️ Introducing Wrapwrap: Using PHP Filters To Wrap A File With A Prefix And Suffix
✍️ Obtained a bunch of sensitive data in just few steps — Hacking
✍️ Reverse Engineering Coin Hunt World’s Binary Protocol
✍️ How I got RCE in + 10 websites…
✍️ How I was Able to see someone’s all private files with a single file share link through Atom feed & Never Give Up #togetherwehitharder HackerOne
✍️ 500$ Bounty in just 5 minutes through Recon!!!!
✍️ Open Redirect In Flock | My First Swag pack
✍️ Twitter Denial of Service bug or How i could prevent all followers from reading or accessing literally ANY tweets!
✍️ How i found a 1500$ worth Deserialization vulnerability
✍️ How i was able to get 29 free products. | Bug Bounty
✍️ Another “TicketTrick” story
✍️ Leak Private Videos [Vimeo Bug Bounty]
✍️ Remote Code Execution in Melis Platform
✍️ LAN-Based Blind SSRF Attack Primitive for Windows Systems (switcheroo)
✍️ A tale of exploitation in spreadsheet file conversions
✍️ Write Up – Google VRP N/A: SSRF Bypass With Quadzero In Google Cloud Monitoring
✍️ reCAPTCHA Exploits
✍️ Abusing MySQL clients to get LFI from the server/client
✍️ #BugBounty — How I could book cab using your wallet money in India’s largest auto transportation company!
✍️ Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
✍️ Discovering Zero-Day Vulnerabilities in McAfee Products
✍️ (CRITICAL) Blind Storage XSS — My first Bug Bounty 💰
✍️ How i was able to get Account Takeover via Insecure Data Storage and WebView With Exported Activity
✍️ Hertzbleed Attack
✍️ See whether a Hackercup Facebook participant allows recruitment contact
✍️ ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717)
✍️ ~/BugBounty/IDOR/”How I was able to exfiltrate any user’s credit coupons”
✍️ Making the Facebook app more secure - $8500 bounty
✍️ From Wayback Machine To Account Takeover
✍️ Chaining Self XSS with UI Redressing is Leading to Session Hijacking (PWN users like a boss)
✍️ I discovered a browser bug
✍️ Authentication bypass on Uber’s Single Sign-On via subdomain takeover
✍️ My First Critical Bug In HackerOne Platform
✍️ My Story With XSS
✍️ Exploiting Parameter Pollution in Golang Web Apps
✍️ Frappé Technologies ERPNext Server Side Template Injection
✍️ HTTP Parameter Pollution - It’s Contaminated Again
✍️ Exploits Explained: Using APIs to Execute a Server-Side Request Forgery
✍️ Story of a stored xss to full account takeover vulnerability(N/A to accepted)
✍️ Lets Learn English - Hacking 10M+ Users
✍️ The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
✍️ Generate valid signatures for FBCDN urls
✍️ Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
✍️ My first Google HOF
✍️ Discovering Headroll (CVE-2023–0704) in Chromium
✍️ Blinding Snort: Breaking The Modbus OT Preprocessor
✍️ From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys
✍️ Time-Based SQL Injection to Dumping the Database
✍️ CVE-2023-42929: Why do we need the App Container Protection
✍️ Paranoids Vulnerability Research: Ivanti Issues Security Alert
✍️ Full account takeover vulnerability in Minecraft
✍️ Cloning internal Google repos for fun and… info?
✍️ Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969)
✍️ Exfiltration via CSS Injection
✍️ From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225)
✍️ Bugcrowd report
✍️ The story of becoming a Super Admin
✍️ How I Hacked Dutch Government in 5 Minutes? Twitter Account Takeover
✍️ 1500$: CR/LF Injection
✍️ Blind XSS on Admin Portal Leads to Information Disclosure
✍️ Race Condition About The User Version and Ignored
✍️ Reflected XSS Through Insecure Dynamic Loading
✍️ P1: Critical - Discovering and Foiling a Threat Actor
✍️ Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms
✍️ Account takeover through register functionnality
✍️ Account Takeover via Access Token Leakage
✍️ AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
✍️ Mama Always Told Me Not to Trust Strangers without Certificates
✍️ This Man Thought Opening A TXT File Is Fine, He Thought Wrong. MacOS CVE-2019-8761
✍️ Critical Foswiki Vulnerablities: A Logic Error Turned Remote Code Execution
✍️ [web3] Sewer Pass Flash-claim Vulnerability & Fix. A bug in the Sewer Pass claiming contract… | by BendDAO | Feb, 2023 | Medium
✍️ Worth $1,500 IDOR (Access Unauthorize Data)
✍️ [manager.paypal.com] Remote Code Execution Vulnerability
✍️ SSTI to Local File Read
✍️ Path Traversal Vulnerability in Payara Platform
✍️ Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)
✍️ One Way to Find Hidden IDOR Vulnerability
✍️ How Netgear meshed(*) up WiFi for Business
✍️ eBay XSS demo and guide to spear phishing
✍️ Disclose leads form details of any Facebook Business Account or Facebook Page (Bug Bounty)
✍️ Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
✍️ What the Function: Decrypting Azure Function App Keys
✍️ How I Earned $750 Bounty Reward From AT&T bug Bounty -Adesh Kolte
✍️ Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bounty
✍️ Security and Privacy Failures in Popular 2FA Apps
✍️ Workplace by Facebook | Unauthorized access to companies environment — $27,5k
✍️ Securing our home labs: Frigate code review
✍️ Stored XSS in Yahoo!
✍️ Reflected Cross Site Scripting BillMeLater
✍️ Cookie worth a fortune
✍️ Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak
✍️ Bypassing Brand Collabs Manager Eligibility on Facebook
✍️ Hacking Google Bard - From Prompt Injection to Data Exfiltration
✍️ Captcha Bypass Techniques | by Akshat Honey
✍️ From . in regex to SSRF — part 1
✍️ XSS to Database Credential Leakage & Database Access — Story of total luck!
✍️ Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI
✍️ This is why you shouldn’t trust your Federated Identity Provider
✍️ Account Takeover by chaining two vulnerabilities.
✍️ Exploiting XSS via Markdown on Xiaomi
✍️ Don’t just alert(1) , Because XSS is for fun…!!
✍️ Argument injection vulnerability in multiple Atos Unify OpenScape products
✍️ Whitepaper & Slides
✍️ How I found Cross-Site-Scripting (Reflected) on more than 300 systems!
✍️ How I could view any Facebook Groups Notes media, and they paid me a $10,000
✍️ How to Harpon Big Blue!
✍️ You can add extra zeroes. XSS bypass on a private bug bounty program
✍️ Simple IDOR to reject a to-be users invitation via their notification
✍️ Taking over Azure DevOps Accounts with 1 Click
✍️ Regular expression injection, a code review low hanging fruit
✍️ Subdomain Takeover via Unsecured S3 Bucket Connected to the Website
✍️ Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
✍️ How Automation Detected Default Admin Credential Worth $500
✍️ Part 2 - Exploiting a blind format string
✍️ [web3] Tidal Finance Logic Error Bug Fix Postmortem. This is a postmortem of a vulnerability… | by Immunefi | Nov, 2021 | Medium
✍️ Adobe Reader - XFA - ANSI-Unicode Confusion Information Leak
✍️ [BugTales] UnZiploc: From 0-click To Platform Compromise
✍️ Account Takeover in KAYAK
✍️ Cannot Delete Post on Facebook Group: Facebook Bug Bounty
✍️ Tagged User Could Delete Facebook Story
✍️ Pwning Admin Panel To Change Movie Ticket Prices at Disney
✍️ Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle's Shibboleth
✍️ CVE-2020–9854: “Unauthd” - (three) logic bugs ftw!
✍️ How I Bought a £240.00 Annual Subscription for Bargain £0.01
✍️ How to Hack Apple ID
✍️ [VDP] How HTML injection in email got me my first swag! | by SpoopyHost
✍️ Ghost In The Ppl Part 1: Byovdll
✍️ An XSS Story
✍️ DOM based open redirect to the leak of a JWT token
✍️ IDOR (Insecure Direct Object Reference) leads to listing all valid Users and edit their Profiles
✍️ Idor in google product
✍️ Privilege escalation in Partners Portal to Admin access
✍️ $9240 Bounty in 30 days Hunt Challenge
✍️ How i Hacked BASF Company !!
✍️ CVE-2021-43798 - Path Traversal Vulnerability In Grafana
✍️ [web3] A Very Helpful Sign - zzykxx's blog
✍️ CVE-2023-38146: Arbitrary Code Execution via Windows Themes
✍️ SQL injection for $50 bounty, but still worth reading!!
✍️ Arbitary File Upload too Stored XSS - Bug Bounty
✍️ Turning cookie based XSS into account takeover
✍️ Open Redirection
✍️ Cool Vulns Don't Live Long - Netgear And Pwn2Own
✍️ Hacking the Nintendo DSi Browser
✍️ Weird Email Verification Bypass
✍️ How I hacked a website integrated w/ Facebook having 1.1 mil. users under 45 seconds.
✍️ 500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any account of India’s Biggest College Ever.👨‍💻
✍️ Bypassing Google Authentication on Periscope’s Administration Panel
✍️ Stored XSS Vulnerability in Jotform and H1C Private Site
✍️ CVE-2022-26712: The POC for SIP-Bypass Is Even Tweetable
✍️ Journeys in Quoteless and Multi Reflection XSS
✍️ Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org
✍️ Kaspersky Password Manager: All your passwords are belong to us
✍️ SSD Advisory – VhdmpiValidateVirtualDiskSurface LPE
✍️ Bug Hunting Journey of 2019
✍️ Lightning Components: A Treatise on Apex Security from an External Perspective
✍️ 3 ways to get Remote Code Execution in Kafka UI
✍️ Stored XSS in Microsoft outlook
✍️ Stored Cross-Site Scripting in MediaWiki
✍️ Easily leaking passenger information on an Airline
✍️ How OAuth Implicit Flow Led To Hundreds Of User Accounts Being Accessed?
✍️ Abusing url handling in iTerm2 and Hyper for code execution
✍️ Linux IPv6 "Route of Death" 0day
✍️ Bypass Cognito Account Enumeration Controls
✍️ AWS Security Flaw which can grant admin access!
✍️ crewjam/saml - IdP XSS Via Missing Binding Syntax Validation In ACS Location
✍️ Unlimited report user in Instagram (Facebook) leads to abuse risk.
✍️ Spotted: How we discovered Privilege Escalation, missing CloudTrail data and a race condition in AWS Directory Service
✍️ XSS with HTML and how to convert the HTML into charcode()
✍️ SQL injection in an UPDATE query - a bug bounty story!
✍️ HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from waybackurls
✍️ GCP AI Notebooks Vulnerability - Remediation
✍️ CSP bypass on PortSwigger.net using Google script resources
✍️ Facebook Groups Hack
✍️ Bypassing default visibility for newly-added email in Facebook(Part I - Submitting I.D)
✍️ The Unknown Hero-App Logic Bugs
✍️ Part-1 Dive into Zoom Applications
✍️ Tail of IDOR
✍️ A simple Account takeover misusing JWT late expiration
✍️ How a simple Directory Listing leads to PII Data Leakage, Remote Code Execution and many more vulnerabilities on a HR management subdomain
✍️ How to get RCE on AEM instance without Java knowledge
✍️ Ok Google, Give Me All Your Internal DNS Information!
✍️ My First And Second Bugs Are — 2FA Bypass
✍️ Instagram App Access Token
✍️ API Misconfiguration - No Swag of SwaggerUI
✍️ Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
✍️ $20,300 Bounties from a 200 Hour Hacking Challenge
✍️ [P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955)
✍️ Abusing feature to steal your tokens
✍️ Riding The Inforail To Exploit Ivanti Avalanche Part 2
✍️ Fun with header and forget password, with a twist:
✍️ How I XSS’ed Uber and Bypassed CSP
✍️ Exploiting Kubernetes through Operator Injection
✍️ My First Bounty From Google.
✍️ How I Earned My First Bug Bounty Reward of $600
✍️ CVE-2024-0685 Ninja Contact Forms Data Export SQLi
✍️ IDOR Leads To Project Takeover
✍️ Escaping Adobe Sandbox: Exploiting an Integer Overflow in Microsoft Windows Crypto Provider
✍️ Wait Time Bypass for fun and Profit
✍️ Exploiting JSONP and Bypassing Referer Check
✍️ OTP Leaking Through Cookie Leads to Account Takeover
✍️ DOM-Based XSS for fun and profit $$$! | Bug Bounty POC
✍️ WordPress Privilege Escalation through Post Types
✍️ Neglected DNS records exploited to takeover subdomains
✍️ Disclose content of internal Facebook javascript modules ( Revisited )
✍️ Privilege Escalation: From being a normal user to admin
✍️ How I was able to see likes and dislikes count even though is hidden by victim | YouTube #2
✍️ Twitter - protected tweets exposure
✍️ Lightweight markup: a trio of persistent XSS in GitLab
✍️ GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty
✍️ MSSQL linked servers: abusing ADSI for password retrieval
✍️ LogicalDOC Vulnerability Disclosure
✍️ How I was able to see likes and dislikes count which is hidden by victim | YouTube #1
✍️ Apple Safari & Microsoft Edge Browser Address Bar Spoofing - Writeup
✍️ Flash XSS in ajax.googleapis.com
✍️ Bug Bounty Collaboration and Manual Exploitation of an Interesting Boolean SQL Injection
✍️ From NTAuthCertificates to “Silver” Certificate
✍️ A Easy Vertical Privilege Escalation via Session Storage
✍️ Local File XSS Vulnerability in Wordpress.com (Write Up)
✍️ JWT Refresh Token Manipulation
✍️ I had fun with this XSS
✍️ Stored XSS Leads to Plaintext Password Disclosure
✍️ Hijacking Google Drive Files (Documents, Photo & Video) Through Google Docs Sharing
✍️ Bypassing OTP via reset password
✍️ A commonly overlooked XSS vector
✍️ How I get Full Account Takeover via stealing action’s login form | XSS
✍️ Hacking a Tapo TC60 Camera
✍️ How I hacked worldwide Tiktok users
✍️ Sensitive Data Exfiltration through XSS ($450)
✍️ Security Vulnerabilities in Apex Code Could Leak Salesforce Data
✍️ Defeat the HttpOnly flag to achieve Account Takeover | RXSS
✍️ Attacking .NET Web Services
✍️ Popping the Pornhub Cherry
✍️ Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs
✍️ How I was able to find page/personal account disclosure on Instagram
✍️ Baking Flask cookies with your secrets
✍️ Spokeo Bug bounty Experience
✍️ CVE-2023-5372 - Post-auth blind Python code injection vulnerabilities in Zyxel’s NAS326 and NAS542 devices
✍️ How I found an XSS vulnerability via using emojis
✍️ SSD Advisory – XenForo RCE Via CSRF
✍️ Web-Cache Poisoning $$$? Worth it?
✍️ PoC
✍️ $4500 bounty - How I got lucky
✍️ JS is l0ve ❤️.
✍️ From an Innocent api-key to PII data
✍️ Exploiting a Single Request for Multiple Vulnerabilities
✍️ How can I access the members-only video comment? | YouTube ($5,000)
✍️ Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack
✍️ Download any organisation Data — S3 amazonaws Misconfiguration
✍️ Blind OS Command Injection via Activation Request
✍️ SQL Injection Via Stopping the redirection to a login page
✍️ CSRF ‘protection’ bypass on xvideos
✍️ How I was able to bypass WAF and find the origin IP and a few sensitive files
✍️ Automating SQL Injection On Encrypted Request
✍️ User's email disclosure via invalid password reset link [$250]
✍️ SQL Injection - The File Upload Playground
✍️ A step-by-step walk-through of an Invalid Endpoint
✍️ Atlassian Confluence - Remote Code Execution (CVE-2023-22527)
✍️ Using efficient tooling to hunt GraphQL security issues
✍️ [RCE] Remote Code Execution in Wordpress iOS Application (version 9.3)
✍️ EN | Administrator level Privilege Escalation story
✍️ How I Automatically Discovered SSRF in Hackerone Program
✍️ Directory Listing To Sensitive Files Exposure
✍️ Privileged account creation via Mass Assignment towards a full compromise using a Stored XSS
✍️ Remote code execution in Homebrew by compromising the official Cask repository
✍️ Finding Basic Authtoken in JAVASCRIPT file BY Full Automation
✍️ Analysing Crash Messages To Achieve Blind Root Command Injection
✍️ Business Logic Errors - Must Vote
✍️ Chain of Low Level Bugs and Misconfigurations Leads to Account Takeover
✍️ FFUF and my first bounty
✍️ SSRF in ColdFusion/CFML Tags and Functions
✍️ iOS Outlook Stored XSS Write-Up($3000)
✍️ Playing With s3 Leaks
✍️ Unauthenticated RSFTP to Command Injection
✍️ [web3] High bug in Retro+Thena+`unknown protocol` found by deadrosesxyz
✍️ Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account
✍️ Improper Authentication in Android App
✍️ Part 2: From Byovdll To Arbitrary Code Execution In Lsass
✍️ BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!
✍️ Awesome host header injection worth 2k
✍️ LedgerSMB – CVE-2024-23831: Privilege escalation through CSRF attack on “setup.pl”
✍️ #BugBounty — Rewarded by securing vulnerabilities in Bookmyshow (India’s largest online movie & event booking portal)
✍️ I got emails - G Suite Vulnerability
✍️ JSON CSRF attack on a Social Networking Site[Hackerone Platform]
✍️ SAMLjacking a poisoned tenant
✍️ Vine User’s Private information disclosure
✍️ Cross Site Request Forgery in Facebook
✍️ New Vulnerability in protobufjs: Prototype Pollution - CVE-2023-36665
✍️ A Story of an Epic Blind Remote Code Execution(RCE)
✍️ New technique 403 bypass lyncdiscover.microsoft.com
✍️ Blind (time-based) SQLi - Bug Bounty
✍️ Abusing CORS for an XSS on Flickr
✍️ Zoneminder – Web App Testing – Oct 2022
✍️ Authenticated CORS with Access-Control-Allow-Origin: *
✍️ Facebook Bug Bounty Reports
✍️ #BugBounty — How I was able to delete anyone’s account in an Online Car Rental Company
✍️ 5 Ways to do Account Takeover in a Single Website
✍️ [web3] Enzyme Finance Price Oracle Manipulation Bug Fix Postmortem. This is a postmortem of a vulnerability… | by Immunefi | Nov, 2021 | Medium
✍️ Stealing all your secrets using IPFS Mounts
✍️ [web3] Critical bug in Talent Protocol found by okkothejawa & 𝗌𝗂𝗀𝗁
✍️ Abusing Microsoft Teams rate limiting for DDoS
✍️ Code Injection and SQLi in WP ALL Export Pro
✍️ No Rate Limiting on OTP sending
✍️ Second bite on GitLab, and some interesting Ruby functions/features
✍️ reCAPTCHA bypass via HTTP Parameter Pollution
✍️ Bypassing SSO Authentication from the Login Without Password Feature Lead to Account Takeover
✍️ The PDF Trojan Horse: Leveraging HTML Injection for SSRF and Internal Resource Access
✍️ Account Takeover via XSS in e-signature feature worth 2500$
✍️ FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies
✍️ Broken access control + misconfiguration = Beautiful privilege escalation
✍️ Advisory | GLPI Service Management Software Multiple Vulnerabilities and Remote Code Execution
✍️ How I was able to see likes and dislikes count which is hidden by victim | YouTube #2
✍️ Exploiting the HP Printer without the printer (Pwn2Own 2022)
✍️ Link Injection Manipulation at admin.google.com
✍️ Bug Bounty: Broken API Authorization
✍️ DOM Based XSS In Microsoft
✍️ WRITE UP – TELEGRAM BUG BOUNTY – WHATSAPP N/A [“Blind” XSS Stored iOS in messengers twins, who really care about your security?]
✍️ Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation
✍️ Cache Deception: How I discovered a vulnerability in Medium and helped them fix it
✍️ The unexpected Google wide domain check bypass
✍️ How i was able to bypass a Pin code Protection
✍️ Attacking the Android kernel using the Qualcomm TrustZone
✍️ Weak Password Setting function on practo.com
✍️ Metadata service MITM allows root privilege escalation (EKS / GKE)
✍️ CVE-2023-35150: Arbitrary Code Injection In XWiki.Org XWiki
✍️ From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration
✍️ Breaking Application’s Logic to DOS Attack
✍️ IDOR on HackerOne Embedded Submission Form
✍️ Group Admin Can’t Able To Moderate Comments When Posted Through Page : Facebook Bug Bounty 2020
✍️ XSS Through SWF file!
✍️ A possibility of Account Takeover in Medium
✍️ New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
✍️ My First Swag Pack : A Logical Bug on Edmodo
✍️ Reflected XSS in Zomato
✍️ Phone number validation bypass through url path manipulation .
✍️ [web3] Critical bug in Polygon found by Ashiq Amien
✍️ A Tricky Open Redirect
✍️ Auth Bypass in https://nearbydevices-pa.googleapis.com
✍️ 7,500$ – IDOR on Apple [consultants.apple.com]
✍️ Web application firewall bypass
✍️ $500 for No Rate limit on forgot password page
✍️ From Host Header injection to SQL injection
✍️ P5 to P1: Interesting Account Takeover
✍️ $10k host header
✍️ Facebook Messenger exposing deleted messages using [Remove for Everyone]
✍️ Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
✍️ 700$ Denial of Service(DoS) vulnerability in script-loader.php (CVE-2018-6389)
✍️ XXE at Bol.com
✍️ Hello: I’m your ADCS server and I want to authenticate against you
✍️ Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB
✍️ How I bypassed disable_functions in php to get a remote shell
✍️ CVE-2018-11759 – Apache mod_jk access control bypass
✍️ Vulnerabilities in Facebook Login Approval Form
✍️ CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
✍️ Chaining Three Bugs to Access All Your ServiceNow Data
✍️ SOP Bypass
✍️ Bug Hunting: Xss On Cookie Popup Warning
✍️ Nothing new under the Sun – Discovering and exploiting a CDE bug chain
✍️ Mangobaaz hacked | XSS to credentials exposure to pwn
✍️ SecStory: How I Found Multiple P1 Vulnerabilities without Recon
✍️ Facebook hidden redirection vulnerability
✍️ Blind SQL Injection on Delete Request
✍️ Create living room polls as a Facebook page analyst
✍️ 2FA Bypass on private bug bounty program due to CSRF token misconfiguration
✍️ Blind-XSS in Chrome Experiments - Google (Write Up)
✍️ How I Tracked You Around The Globe 🌎
✍️ The beauty of chaining client-side bugs
✍️ CVE-2022-23088: Exploiting A Heap Overflow In The Freebsd Wi-fi Stack
✍️ [web3] Raydium Tick Manipulation Bugfix Review. This is a postmortem of a vulnerability… | by Immunefi | Jun, 2024 | Medium
✍️ {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
✍️ CVE-2022-0540 - Authentication bypass in Seraph
✍️ Facebook FBML DOM Traversal (Information Disclosure)
✍️ CVE-2024-20693: Windows cached code signature manipulation
✍️ Multiple vulnerabilities in Ivanti Connect Secure
✍️ suPHP - The vulnerable ghost in your shell
✍️ Hello Lucee! Let us hack Apple again?
✍️ Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth
✍️ How i found a vulnerability that leads to access any users’ sensitive data and got $500
✍️ Weird LFI and escalating the impact from High to Critical
✍️ Hacking Magento eCommerce For Fun And 17.000 USD
✍️ Fastest Fix on Open Bug Bounty Platform
✍️ Reversing UK mobile rail tickets
✍️ Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)
✍️ Account takeover through password reset
✍️ Oauth Misconfiguration Leads to 0-Click ATO
✍️ XSS Is Love <3 !
✍️ Unveiling Remote Code Execution in AI chatbot workflows 💵
✍️ [web3] Exploiting Signature Verification Vulnerabilities in Smart Contracts | by Heuss | Jan, 2024 | Medium
✍️ Just Gopher It: Escalating a Blind SSRF to RCE for $15k
✍️ [web3] The Graph Rounding Error Bugfix Review. This is a postmortem of a vulnerability… | by Immunefi | Apr, 2024 | Medium
✍️ Exploiting Lambda Functions for Fun and Profit
✍️ Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC
✍️ CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter
✍️ Stealing arbitrary GitHub Actions secrets
✍️ Atlassian Jira Align, Version 10.107.4 Advisory
✍️ Anatomy of an IoT Exploit, from Hands-On to RCE
✍️ Hacking CloudKit - How I accidentally deleted your Apple Shortcuts
✍️ How i Found Information Disclosure on Scribd.com
✍️ Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript
✍️ Session Expiration Bypass in Facebook Creator App
✍️ Not valid bug that leads to us a multiple Valid Report in Facebook
✍️ $500 for Cracking Invitation Code For Unauthorized Access & Account Takeover
✍️ SQL injection in an UPDATE query - a bug bounty story!
✍️ Device Authorization Bypass!
✍️ Hiding ourself in close friend’s list and avoiding victim to remove us from his close friend’s list.
✍️ [DOM based XSS] Or why you should not rely on Cloudflare too much
✍️ Write Up – Private Bug Bounty: Firebase Database Exposed By Misconfiguration – $2,000 USD
✍️ NO_WILDCARD: How I discovered the Organization ID of any AWS Account
✍️ PDFReacter SSRF to ROOT Level Local File Read which led to RCE
✍️ How I Discovered Authentication Bypass That Blocks Users from Accessing the Website ?
✍️ Escalating subdomain takeovers to steal cookies by abusing document.domain
✍️ Workplace Logo ID to workplace owner name Disclosure Facebook Bug Bounty
✍️ Zip Slip meets Artifactory: A Bug Bounty Story
✍️ Auth Bypass Via Exposed Credentials
✍️ Full account takeover through referral code.
✍️ How I got access to many PIIs through a source code leak
✍️ Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
✍️ Compromising Garmin’s Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine
✍️ IDOR in Facebook's Acquisition (Parse)
✍️ Stored XSS, and SSRF in Google using the Dataset Publishing Language
✍️ Security Implications of net/textproto.Reader Misuse
✍️ MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135)
✍️ How we abused Slack’s TURN servers to gain access to internal services
✍️ Alternative link
✍️ Client Side Path Manipulation
✍️ 4x CSRFs Chained For Company Account Takeover
✍️ Turning a boring file move into a privilege escalation on Mac
✍️ Microsoft Yammer Clickjacking – Exploiting HTML5 Security Features
✍️ Reflected Swf XSS at ( https://plugins.svn.wordpress.org )
✍️ How I found a Privilege Escalation Bug in a private Ecommerce?
✍️ Change Anyone’s profile picture-Exploiting IDOR
✍️ Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC
✍️ Pwning the portal: from database dump to session hijacking
✍️ An Out Of Scope domain Leads To a Critical Bug[$1500]
✍️ DOS attack in Yahoo, How i was able to deny new users from service?
✍️ API Endpoint leads to Account Takeover In Android Application
✍️ Unremovable Tags In Facebook Page Reviews
✍️ How I discovered an interesting account takeover flaw?
✍️ Part 3
✍️ Cross-site-scripting on one of the largest Dutch franchisors
✍️ SVG based Stored XSS
✍️ CVE-2024-21111 – Local Privilege Escalation in Oracle VirtualBox
✍️ Revisiting an Old Bug: File Upload to Code Execution
✍️ How I made it into the United Nations hall of fame as I slept
✍️ Iconv, Set The Charset To RCE: Exploiting The Glibc To Hack The PHP Engine (Part 1)
✍️ SQL Injection Bug Bounty POC!
✍️ Vulnerability To Bypass Clickjacking Protection In Youtube
✍️ How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale
✍️ WhatsApp Bug Bounty: Bypassing biometric authentication using voip
✍️ Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS)
✍️ Worth $1,500 IDOR (Access Unauthorize Data)
✍️ Bypassing rate limit abusing misconfiguration rules
✍️ Exploiting magic links, critical bugs are one line away
✍️ Weak private key generation in SSH.NET <= 2020.0.1
✍️ [web3] Optimism: Infinite Money Duplication Bugfix Review. This is a postmortem of a vulnerability… | by Immunefi | Feb, 2022 | Medium
✍️ “2022: A Year of Fascinating Discoveries”
✍️ A mysterious bug in the firmware of Google’s Titan M chip (CVE-2019-9465)
✍️ Sagar VD
✍️ How I managed to make a DDoS attack by exploiting a company’s service — Bug Bounty
✍️ Dumping a Database with an AI Chatbot
✍️ Internshala Bug in Internshala Student Partner
✍️ How I approached Dependency Confusion!
✍️ Android : SOP Bypass to steal system files.
✍️ Hyperlink Injection On IRC Cloud
✍️ How I hacked one of the biggest airlines group of the world
✍️ Yahoo Login Protection Seal – Stored CSS Injection
✍️ Recon to Sensitive Information Disclosure in Minutes
✍️ Prezi (map.prezi.com) Path Traversal
✍️ GHSL-2021-1053: Path traversal in Grafana REST API - CVE-2021-43813, CVE-2021-43815
✍️ $36k Google App Engine RCE
✍️ Bypassing E2E encryption leads to multiple high vulnerabilities.
✍️ How careless default credentials impact to massive account takeover
✍️ GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloads
✍️ Crowdsource Success Story: From an Out-of-Scope Open Redirect to CVE-2020-1323
✍️ CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?
✍️ Microsoft Azure Synapse Pwnalytics
✍️ Unveiling RCE on Dutch Government Website
✍️ SQL Injection via hidden parameter | by Rutik Hajare
✍️ Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS
✍️ Failed Coding Assessment to Remote Code Execution - Part 1
✍️ NTLM Credential Theft in Python Windows Applications
✍️ My First Bug: How I Was Able to Bypass the WAF and Uncover a Reflected XSS
✍️ How I got $13337 bounty From Google
✍️ Auth Bypass in com.google.android.googlequicksearchbox
✍️ Domain Takeover Without Domain Admin Permissions
✍️ Mass Account takeover by bypassing 2 FA
✍️ Clipboard hazard with Google Sheets
✍️ Peeping through a Web-Socket
✍️ A simple post auth bypass leads to unauthorized web server access
✍️ De-anonymising Anonymous Animals in Google Workspace
✍️ Bug Bounty Experience: Unvalidated Redirection Vulnerability
✍️ One takeover to rule them all
✍️ Pwned Together: Hacking dev.to
✍️ Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
✍️ Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000]
✍️ Story of a 1000$ Open Redirect
✍️ CSRF to Full Account Takeover
✍️ Extracting Clear-Text Credentials Directly From Chromium’s Memory
✍️ How to hack a company by circumventing its WAF through the abuse of a different security appliance and win bug bounties
✍️ GitHub - RCE via git option injection (almost) - $20,000 Bounty
✍️ RCE via LFI Log Poisoning - The Death Potion
✍️ URL Redirection To DOM XSS on Hackerone Programs — Bug Bounty Tuesday
✍️ Dependency Confusion Attack: A Route to RCE
✍️ How I was able to takeover any users account on a major telecoms website
✍️ IDN Homograph Attack - Reborn of the Rare Case
✍️ Hiding from custom story privacy list is possible in FBlite making the victim unable to remove you from the list.
✍️ Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts
✍️ Unauthorized access to all the user’s account.
✍️ FortiNAC - Just a few more RCEs
✍️ Facebook/Workplace Bug Exposed Offsite Employee Events, Sensitive emails Putting Employees at Risk
✍️ Fun with Header and Forget Password
✍️ Non-Production Endpoints as an Attack Surface in AWS
✍️ Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen
✍️ Hey WAF! Better Luck Next Time! 👽
✍️ Jit-Picking: Differential Fuzzing of JavaScript Engines
✍️ Persistent Cross-Site Scripting on redacted worth $2,000
✍️ CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage
✍️ Security assessment on the staging domains
✍️ EXIF Geolocation Data Not Stripped From Uploaded Images
✍️ From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms
✍️ Chaining Tricky OAuth Exploitation To Stored XSS
✍️ SQL injection with load file and into outfile
✍️ How i Hacked into a bugcrowd. public program
✍️ Stealing administrative JWT's through post auth SSRF (CVE-2021-22056)
✍️ XSS in Facebook CDN due to improper filtering of uploaded files extensions
✍️ Cross-Site Request Forgery (CSRF) | by Hacking articles
✍️ Weaponizing XSS Attacking Internal System
✍️ Imperva Red Team Discovers Vulnerability in TikTok That Can Reveal User Activity and Information
✍️ Web Cache Deception to API endpoint attack using cached token header
✍️ Ribose — IDOR with Simple CSRF Bypass — Unrestricted Changes and Deletion to other Photo Profile
✍️ Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix
✍️ FakesApp: A Vulnerability in WhatsApp
✍️ Play a game, get Subscribed to my channel - YouTube Clickjacking Bug \| #GoogleVRP
✍️ United Nations bug bounty[writeup]
✍️ My first two valid and rewarded Web Cache Deceptions, earning $2250
✍️ SEC-596
✍️ 5 RCEs in npm for $15,000
✍️ Vulnerabilities in the TPM 2.0 reference implementation code
✍️ Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution )
✍️ Lexmark MC3224adwe RCE exploit
✍️ Magic XSS with two parameters
✍️ Another image removal vulnerability on Facebook
✍️ OpenOlat - XML external entity (XXE) injection (CVE-2024-28198)
✍️ Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded
✍️ Tampering with Conditional Access Policies Using Azure AD Graph API
✍️ Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
✍️ How I can take over any user’s account with their mobile number
✍️ Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk
✍️ MyBB 0day Authenticated Remote code execution
✍️ Hacking ISP CPE equipment: FiberHome
✍️ BugBounty | A Simple SSRF
✍️ Create hidden comment by blocking an Admin: Facebook Bug Bounty 2020
✍️ How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)
✍️ Crashing Industrial Control Systems at Pwn2Own Miami 2022
✍️ A New Vector For “Dirty” Arbitrary File Write to RCE
✍️ I figured out a way to hack any of Facebook’s 2 billion accounts, and they paid me a $15,000 bounty for it
✍️ Confirm an email address belonging to a specific user
✍️ Privilege Escalation with simple recon
✍️ Circumventing Browser Security Mechanisms For SSRF
✍️ Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information
✍️ Missing permission check for Facebook gaming community invites
✍️ Reflected XSS on Error Page
✍️ How I Escalated a Time-Based SQL Injection to RCE
✍️ How I managed to get an @Google.com email address, bypassing their previous patch!
✍️ Xss in Microsoft
✍️ Sandbox escape + privilege escalation in StorePrivilegedTaskService
✍️ How often do we overlook vulnerabilities?
✍️ Cross Site Scripting (XSS) Reflected in one of the subdomains of “General Motors”(Bugbounty)
✍️ Some ways to find more IDOR
✍️ Vulnerabilities in Tenda's W15Ev2 AC1200 Router
✍️ How I Found a Vulnerability in Paytm and Received a Bounty
✍️ Full Team Takeover
✍️ Vimeo upload function SSRF
✍️ DOM Based XSS in Private Program
✍️ How I was able to get private ticket response panel and FortiGate web panel via blind XSS
✍️ How i converted SSRF to XSS in Jira.
✍️ Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to stored
✍️ Exploiting XSS in hidden inputs and meta tags
✍️ Apple Bug bounty writeups XSS(2021)
✍️ From RSS to XXE: feed parsing on Hootsuite
✍️ GGvulnz — How I hacked hundreds of companies through Google Groups
✍️ Account hijacking using "dirty dancing" in sign-in OAuth-flows
✍️ Exploiting Broken Authentication Control In GraphQL
✍️ Story of Stored Xss
✍️ Hijacking AUR Packages by Searching for Expired Domains
✍️ Xss using dynamically generated js file
✍️ Persisting on Pornhub
✍️ Colorful Vulnerabilities
✍️ Bypassing Hotstar Premium with DOM manipulation and some JavaScript
✍️ runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465)
✍️ Bypass password confirmation in Facebook “DYI” feature
✍️ #BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get root user account!
✍️ How Token Misconfiguration can lead to takeover account
✍️ SQL Injection in Forget Password Function
✍️ Viewing Instagram live streams anonymously without notifying the host
✍️ Pwning a Cisco RV340 with a 4 bug chain exploit
✍️ [web3] Acala Block Production Shutdown Bug Fix Review
✍️ IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit
✍️ Admin capabilities around your ears
✍️ Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI
✍️ Tumblr Bug Bounty ( $200)
✍️ When Equal is Not, Another WebView Takeover Story
✍️ TypeORM Prototype Pollution Leading To SQL Injection (CVE-2022-36531)
✍️ Alternative link
✍️ Hacking the Medium partner program
✍️ Open Redirect Vulnerability On Zapier: An Accidental Find
✍️ Abusing Facebook’s feature for a permanent account confusion(logic vulnerability)
✍️ Testing Cookies worth $500
✍️ Adobe Acrobat hollowing out same-origin policy
✍️ A student's dream: hacking (then fixing) Gradescope's autograder
✍️ [web3] Crit: Brahma.fi L2 Position Handler Miscalculates Position Value, Leading to Severe Risks | Trust
✍️ A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF…
✍️ How I hacked into a Telecom Network
✍️ Persistent Distorted Posts Issue and Unremovable Content in Facebook Group
✍️ Broken Link Hijacking - Mr. User-Agent
✍️ mTLS: When certificate authentication is done wrong
✍️ CVE-2024-21115: An Oracle Virtualbox LPE Used To Win Pwn2Own
✍️ Beware of Java's String.getBytes
✍️ Git honours embedded bare repos, and exploitation via core.fsmonitor in a directory's .git/config affects IDEs, shell prompts and Git pillagers
✍️ Security vs Compliance-Cloudflare Password Policy Restriction Bypass
✍️ How a simple bug in Facebook Lite let me win my first bug bounty from Facebook
✍️ Chaining password reset link poisoning, IDOR, and information leakage to achieve account takeover at api.redacted.com
✍️ XXE in Public Transport Ticketing Mobile APP
✍️ Multiple vulnerabilities in UCOPIA <= 6.0.7 (CVE-2022-44719 / CVE-2022-44720)
✍️ Visual Studio Code - Remote Code Execution in Restricted Mode (CVE-2021-43908)
✍️ Using Cloudflare To Bypass Cloudflare
✍️ Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage
✍️ PwnAssistant - Controlling /home's Via A Home Assistant RCE
✍️ IDOR leads to leaked the likes count even though is hidden by victim | YouTube ($XXXX)
✍️ How I escalate my Self-Stored XSS to Account Takeover with the help of IDOR
✍️ Rare Race Condition — P3
✍️ Account takeover on 8 years old public program
✍️ [web3] A bug in LEVEL Finance found by riptide worth Not Paid(out of scope)
✍️ How I hacked 50+ Companies in 6 hrs
✍️ Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)
✍️ This is how i was able to Permanently Crash all Mapillary users within minutes
✍️ You Talking To Me?
✍️ How I alert(1) in Azure DevOps
✍️ I found 2 Zero-Days in popular Linux distros that includes Mint, Kali, Parrot
✍️ Read&Write
✍️ Broken session control leads to access the admin panel even after revoking the access!! — #ZOHO
✍️ Stored Iframe Injection + CSRF = Account Takeover 😎😎
✍️ Azure Active Directory Exposes Internal Information
✍️ Facebook android vulnerability: Launching internal/tighten deeplink onbehalf of user
✍️ CVE-2024-38428 Wget Vulnerability: All you need to know
✍️ The $16,000 Dev Mistake
✍️ LFI to 10 servers pwn
✍️ Accessing the website directly through its IP address, a case of a poorly hidden sql injection
✍️ Vestaboard: Exploring Broken Access Controls and Privilege Escalation
✍️ Leveraging VSCode Extensions for Initial Access
✍️ How I found a SQL Injection bug in using my cellphone.
✍️ Exploiting prototype pollution in Node without the filesystem
✍️ How I Manipulated My Rank on the Bugcrowd Platform
✍️ Hacking Apple - SQL Injection to Remote Code Execution
✍️ Facebook Vulnerability: Unremovable Co-Host in facebook group events
✍️ Out-of-Scope, Not Out-of-Impact: Unveiling Significant Sensitive Information Disclosure
✍️ Multiple vulnerabilities in Oracle EBS
✍️ Get Blind XSS within 5 Minutes — $100
✍️ “PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild
✍️ Subdomain Takeover — New Level
✍️ How I made more than $30K with Jolokia CVEs
✍️ Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
✍️ Oracle Server Side Request Forgery (SSRF) Metadata
✍️ CVE-2023-50916: Authentication Coercion Vulnerability in Kyocera Device Manager
✍️ My First XSS
✍️ Another XSS in Google Colaboratory
✍️ Facebook movies recommendation vulnerability – A bug capable of erasing all your important notifications!
✍️ Hardcore RCE via directory name for $3.000
✍️ Facebook Business Takeover
✍️ WRITE UP – GOOGLE BUG BOUNTY: LFI ON PRODUCTION SERVERS in “springboard.google.com” – $13,337 USD
✍️ Researching Xiaomi’s TEE to get to Chinese money
✍️ Toggle Group Rules Agreement as a non-member
✍️ 500$ From Meta by reporting a HTMLi(Accidental Bug)
✍️ [web3] Critical bug in Betverse found by Shanmuga Bharathi. N worth 1K
✍️ Blind Boolean Based SQLi By Manipulating URL
✍️ Django debug mode to RCE in Microsoft acquisition
✍️ Reverse RDP Attack: Code Execution on RDP Clients
✍️ The Bad Twin: a peculiar case of JWT exploitation scenario
✍️ Hack Your Form – New vector for Blind XSS
✍️ Kirby < 3.9.6 XML External Entity (XXE) vulnerability — CVE-2023-38490
✍️ Disclosing Facebook page admins by playing a game
✍️ Hacking a Large Company in MINUTES by Reading Docs
✍️ How i bought my way to subdomain takeover on Tokopedia
✍️ Zero Click To Account Takeover (IDOR + XSS)
✍️ User Account Takeover via Signup Feature | Bug Bounty POC
✍️ How I find open redirect in Facebook
✍️ Hacking intoTinder’s Premium Model
✍️ The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
✍️ CVE-2021-27076: A Replay-style Deserialization Attack Against Sharepoint
✍️ SSH ProxyCommand == unexpected code execution (CVE-2023-51385)
✍️ [Writeup][Bug Bounty][Tokopedia] Manipulation of Likes in Product Reviews [EN]
✍️ How I Hacked A Company (My First Red Team Engagement 🚩)Permalink
✍️ How I hacked Google to read files from their servers for free!
✍️ $10,000 for a vulnerability that doesn’t exist
✍️ Source Code Disclosure in ASP.NET apps
✍️ Rooting Xiaomi WiFi Routers
✍️ BLIND SSRF in *.stripe.com due to Sentry Misconfiguration
✍️ How we hacked one of the worlds largest Cryptocurrency Website
✍️ XSS Vulnerabilities in Multiple iFrame Busters Affecting Top Tier Sites
✍️ Ok Google! bypass ‘flag_secure’
✍️ A Simple SQL Injection in an Air Force Website
✍️ How I accidently found my first bug? | by Fani Malik
✍️ (CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension
✍️ PII Leakage - Revealing Secrets
✍️ An XSS on Facebook via PNGs & Wonky Content Types
✍️ GraphQL IDOR leads to information disclosure
✍️ [Server Side Request Forgery] Blind SSRF due to Sentry Misconfiguration
✍️ Authentication Bypass in Nexus manager (version 3.37.3–02)
✍️ 18th Acknowledgement From Microsoft
✍️ Change home directory and bypass TCC aka CVE-2020-27937
✍️ Hunting for bugs in Telegram's animated stickers remote attack surface
✍️ Contentful Access Token Disclosure in Android APK
✍️ How Twitch Helper Can Be Used for Privilege Escalation
✍️ TP-Link TDDP Buffer Overflow Vulnerability
✍️ Subdomain Takeover via Wufoo Service in a Private Program
✍️ How to turn security research into profit: a CL.0 case study
✍️ Facebook Email/phone disclosure using Binary search
✍️ Live Video facebook application (Android) its not expired when log out the device on https://www.facebook.com/settings?tab=security§ion=sessions&view
✍️ Do not trust this Group Policy!
✍️ YAFPC — Unauthenticated Remote Code Execution
✍️ Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
✍️ CVE-2020-35580
✍️ Proof of Concept Developed for Ghostscript CVE-2023-36664 Code Execution Vulnerability
✍️ C.S.T.I Lead To Account Takeover $$$
✍️ Autodesk Fusion 360 <= 2.0.12887 “Insert SVG” Blind XXE
✍️ Bypassing Amazon WAF to pop an alert()
✍️ All About Hackerone Private Program Terapeak
✍️ Disabling ClamAV as an Unprivileged User
✍️ KeePass Triggers Are Dead, Long Live KeePass Triggers!
✍️ Part 2: The two privescs
✍️ RCE In GitLab's CLI Tool
✍️ It took me only 5 minutes to find an RCE on Bentley
✍️ Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory
✍️ Azure Ad Kerberos Tickets: Pivoting To The Cloud
✍️ The Unexpected “0” Master ID for Account Data Manipulation
✍️ From CVE-2022-33679 to Unauthenticated Kerberoasting
✍️ RCE in Ruby using Mustache Templates
✍️ CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
✍️ Reading Internal Files using SSRF vulnerability
✍️ Fixing the Unfixable: Story of a Google Cloud SSRF
✍️ How I made to Paypal Bug Bounty $750
✍️ Read other user support tickets in https://support..com (Write Up)
✍️ How I found my first XSS on a Bug Bounty Program
✍️ Access to staging environment via User-Agent string
✍️ Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)
✍️ Oracle SBC: Multiple Security Vulnerabilities Leading to Unauthorized Access and Denial of Service
✍️ CVE from 2018 Strikes Again
✍️ AppCache's forgotten tales
✍️ Finding multiple SSRF with aws metadata access on A BANK system
✍️ CVE-2024-29511 – Abusing Ghostscript’s OCR device
✍️ XSS Blind Stored at 2 Assets TikTok
✍️ Facebook bug Bounty -Finding the hidden members of the private events.
✍️ Flickr Stored XSS
✍️ An Account Takeover Vulnerability Due to Response Manipulation.
✍️ Authomize Discovers PassBleed Password Stealing and Impersonation Risks in Okta
✍️ Impersonating Other Players with UDP Spoofing in Mirror
✍️ RCE on Starbucks Singapore and more for $5600
✍️ Internet Explorer has a URL problem
✍️ Recon only bugs are sweet!
✍️ Ability to bruteforce Instagram account’s password due to lack of rate limitation protection
✍️ WEEKEND DESTROYER - RCE in Western Digital PR4100 NAS
✍️ Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)
✍️ Publish tweets by any other user
✍️ [socket.io] Cross-Site Websockets Hijacking
✍️ A misconfigured Apache Airflow to AWS Account Compromise
✍️ Bug Bounty Adventures: A NodeBB 0-day
✍️ $5,005 worth vulnerability Duplicated, How I loose $5,005 in a day? Denial of Service - Billion LAUGH Attack (XXE)
✍️ How I found my first Subdomain Takeover vulnerability
✍️ How i bypassed Practo’s firewall and triggered a XSS.
✍️ Compromising an unreachable Solr server with CVE-2013-6397
✍️ ProtoBuffer ReUtilization “New Way to Security Test GoogleCaptcha”
✍️ Bypass XSS filter using HTML Escape
✍️ How I dumped PII information of customers in an ecommerce site?
✍️ 3 Symfony (RCE): A Peek Behind the Curtain
✍️ Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2
✍️ Determine users with detailed role model on behalf of any Facebook Application
✍️ [web3] High bug in Wormhole found by Marco Nunes worth 50k
✍️ Finding A RCE Gadget Chain In WordPress Core
✍️ $250 for Email account enumeration using “NameToMail” tool
✍️ My first bounty (stored-xss)
✍️ Detecting Server-Side Prototype Pollution
✍️ Facebook BugBounty : Short story on Page admin disclosure
✍️ Stealing cookies from subdomain leads to takeover user accounts at redacted.com
✍️ Exploiting iOS app for fun and profit
✍️ Self XSS to Interesting Stored XSS
✍️ GraphQL API Hacking!
✍️ The False Oracle — Azure Functions Padding Oracle Issue
✍️ A Simple IDOR to Account Takeover
✍️ Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 Bounty
✍️ RCE on Spip and Root-Me
✍️ SAML Authentication Bypass Leading to Admin Panel Access
✍️ A pair of Plotly bugs: Stored XSS and AWS Metadata SSRF
✍️ Attacking Visual Studio for Initial Access
✍️ How I Bypassed Incapsula WAF By Imperva
✍️ Back to 2019: Disclosure Employers PII and Credentials
✍️ Don’t underestimates the Errors They can provide good $$$ Bounty!
✍️ Subdomain Takeover via Campaignmonitor
✍️ PoC video
✍️ Page Admin Disclosure when Posting a Reel
✍️ How I get my first SWAG from SIDN (Sensitive Data Exposer)
✍️ Email Verification Bypass Worth $$$
✍️ TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak
✍️ CVE-2022-32208: FTP-KRB bad message verification
✍️ Azure DNS Takeover @ Swisscom
✍️ How I got a Bug At Apple that lead’s to takeover accounts of any user who view my profile
✍️ Directory Traversal, SQL Injection and Server-Side Request Forgery
✍️ XSS to RCE in …
✍️ Break the Logic: Playing with product ratings on a shopping site(600$)
✍️ How I was Able To Bypass Email Verification
✍️ Luminate Store Basics defacement and potential takeover
✍️ Facebook Account Recovery Form (CONFLICTING)
✍️ Facebook OAuth Framework Vulnerability
✍️ Stealing Side-Channel Attack Tokens in Facebook Account Switcher
✍️ CSRF CSRF CSRF…
✍️ Subdomain Takeover in AWS: making a PoC
✍️ The first step to PWN2OWN - A sad one
✍️ Disclose private mockups for other users in facebook Creative Hub
✍️ Flickr XSS (Stored / DOM XSS)
✍️ Finding A Pop Chain On A Common Symfony Bundle: Part 1
✍️ How I was able to Bypass Philips Authentication
✍️ Duplicate CSRF… Leads to
✍️ CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)
✍️ Telegram bug bounties: XSS, privacy issues, official bot exploitation and more…
✍️ Bypassing XSS filters using Double Encoding
✍️ LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs
✍️ Blog: CVE-2023-4634 - Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old Imagick
✍️ XSS on Bugcrowd and so many other website’s main Domain
✍️ Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
✍️ CVE-2022-30522 – Denial of Service (DoS) Vulnerability in Apache httpd “mod_sed” filter
✍️ Trying to hack Redis via HTTP requests
✍️ A short story about an XSS in chat.mozilla.org (CVE-2021-21320)
✍️ GoogleMeetRoulette: Joining random meetings
✍️ Exploiting Blind Postgresql Injection And Exfiltrating Data In Psycopg2
✍️ Multiple vulnerabilities in Dell Unisphere for PowerMax vApp, VASA Provider vApp and Solutions Enabler vApp CVE-2022-45103 / CVE-2022-45104
✍️ Using E-Notation to bypass Access Control restrictions to access arbitrary user PII-discussions
✍️ AirDoS: Remotely render any nearby iPhone or iPad unusable
✍️ Autodiscovering the Great Leak
✍️ Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge
✍️ Remote Image Upload Leads to RCE (Inject Malicious Code to PHP-GD Image)
✍️ XSS in Zoom.us Signup Flow
✍️ Part 2 – Exfiltrating data (CVE-2020-3882)
✍️ Finding my First Critical Web Cache Poisoning
✍️ Open Redirect in SLACK
✍️ HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
✍️ admin.google.com Reflected Cross-Site Scripting (XSS)
✍️ Server-side Request Forgery in OpenID support
✍️ How_i_was_able_to_pawned_website_via_escilating_webcache deception to rce
✍️ Protonmail XSS — Stored
✍️ Decoding a $😱,000.00 htpasswd bounty
✍️ Facebook BugBounty: Tale of an Instagram bug disclosing user’s phone number via checkpoint
✍️ AWS Fixes Data Exfiltration Attack Angle in Amazon Q for Business
✍️ Self-XSS to Stored XSS
✍️ suPHP - The vulnerable ghost in your shell🎯Business Logic Flaw in Google Acquisition! (Hall Of Fame)🎯
✍️ Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities (CVE-2024-21726)
✍️ How I was able to get subscription of $120/year For Free
✍️ Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining)
✍️ The feature works as intended, but what’s in the source?

Frequently Asked Questions

The following are frequently asked questions about common vulnerabilities and security misconfigurations found during bug bounty hunting. Understanding these concepts is crucial for anyone starting their bug hunting journey.

What is an XSS vulnerability? Cross-Site Scripting (XSS) attacks are a type of injection attack in which malicious scripts are inserted into otherwise trustworthy and innocuous websites. XSS attacks occur when an attacker uses a web application to send malicious code to a particular end user, usually in the form of a browser side script. The flaws that enable these attacks to succeed are common and can be found wherever a web application uses input from a user within the output it generates without validating or encoding it.

There are mainly 3 types of XSS:

What is an IDOR vulnerability? When a web application or API exposes a reference to an internal implementation object, it is referred to as Insecure Direct Object Reference (IDOR). This method exposes the element's true identifier and the data format it uses. This is a common access control flaw.

An example would be an API that gives you access to data belonging to other users, through an endpoint - /api/users/:id where an attacker can fetch data of any user by manipulating the id parameter.
What is an SSRF vulnerability? In a Server-Side Request Forgery (SSRF) attack, the attacker can read or update internal resources by abusing server features. The attacker may supply or change a URL to which the server's code can read or send data, and by carefully choosing the URLs, the attacker might be able to read server configuration such as AWS metadata, connect to an internal service, or access sensitive files.
What is a SQLi vulnerability? A SQL injection attack involves inserting or "injecting" a SQL query into the application through the client's input data. An effective SQL injection exploit can read sensitive data from the database, alter database data (Insert/Update/Delete), and even perform database administration operations.
What is an RCE vulnerability? If user input is inserted into a File or a String and then executed (evaluated) by the backend programming language's parser, a remote code execution (RCE) vulnerability can be exploited. A Remote Code Evaluation will result in the entire web application and web server being compromised as it allows an attacker to execute arbitrary commands on the server.
How can I reach you? If you have any feedback or, concerns about this site, I can be reached on Twitter.