Bug Bounty Writeups

Over 1,200 real-world vulnerability write-ups covering SQLi, XSS, SSRF, RCE, and logical bugs.

✍️

Write-ups & Bug Bounty

6 writeups

Medium

Popular blogging platform with extensive cybersecurity & bug bounty write-ups

Bugcrowd

Crowdsourced cybersecurity platform connecting researchers with bug bounty programs

HackerOne Bug Bounty Programs

Discover and join bug bounty programs from leading companies worldwide

Intigriti Bug Bytes

Weekly digest of the best bug bounty write-ups, tools & resources

Pentester Land

Curated collection of real-world bug bounty write-ups & pentesting resources

HackerOne Hacktivity

Browse publicly disclosed vulnerability reports from HackerOne programs

📝

General Writeups

196 writeups

Miracle One Vulnerability To Rule Them All

Security research and bug bounty writeup

400$ Bounty again using Google Dorks

Security research and bug bounty writeup

Top 10 web hacking techniques of 2020

Security research and bug bounty writeup

How Gopher works in escalating SSRFs

Server-Side Request Forgery (SSRF)

GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure

Security research and bug bounty writeup

How to Hack APIs in 2021

Security research and bug bounty writeup

Burp Macros: What, Why & How?

Security research and bug bounty writeup

Setup Your Private Burp Collaborator for SSRF/XXE

Server-Side Request Forgery (SSRF)

Experience Burp Suite Enterprise Edition in a new live demo

Security research and bug bounty writeup

DLL Hijacking using Spartacus, outside of DllMain

Security research and bug bounty writeup

🔓

Broken Access Control

49 writeups

Hx01 Abusing Data Protection Laws For D0xing & Account Takeovers

Account Takeover (ATO) vulnerability

Access employees files in internal CDNs/ Access users modified/deleted content.($12500)

Security research and bug bounty writeup

Forced Browsing to Access Admin Panel

Remote Code Execution (RCE) vulnerability

I found IDOR Vulnerability at Microsoft Subdomain

Insecure Direct Object Reference (IDOR)

How I found an IDOR that led to sensitive information leak?

Insecure Direct Object Reference (IDOR)

Fuzzing + IDOR = Admin TakeOver

Insecure Direct Object Reference (IDOR)

Post Account Takeover? Account Takeover of Internal Tesla Accounts

Account Takeover (ATO) vulnerability

Account Takeover Inside The Tenanth

Account Takeover (ATO) vulnerability

Helping secure BNB Chain through responsible disclosure

Security research and bug bounty writeup

How I was able to take over accounts in websites deal with Github as an SSO provider

Security research and bug bounty writeup

🔐

Cryptographic Issues / Bugs

4 writeups

Making HTTP header injection critical via response queue poisoning

Security research and bug bounty writeup

SHA3 Buffer Overflow

Security research and bug bounty writeup

TCP/IP Vulnerability CVE2022–34718 PoC Restoration and Analysis

Security research and bug bounty writeup

The OpenSSL punycode vulnerability (CVE20223602): Overview, detection, exploitation, and remediation

Security research and bug bounty writeup

💉

Injection Issues / Bugs

83 writeups

Host Header Injection Lead To Account Takeover

Account Takeover (ATO) vulnerability

Regular Expression Injection

Security research and bug bounty writeup

Exploring the World of ESI Injection

Security research and bug bounty writeup

Tale of XSS in Angular

Cross-Site Scripting (XSS) vulnerability

XSS Vulnerability Found in ConnectWise Remote Access Platform With Great Potential For Misuse by Scammers

Cross-Site Scripting (XSS) vulnerability

SQL Injection Vulnerability Found in LifterLMS Plugin Affecting 10K+ Sites - Patchstack

SQL Injection (SQLi) vulnerability

Vue JS Reflected XSS

Cross-Site Scripting (XSS) vulnerability

SQL injection vulnerabilities in Owncloud Android app CVE202324804, CVE202323948

SQL Injection (SQLi) vulnerability

Exploiting an Nday vBulletin PHP Object Injection Vulnerability

Security research and bug bounty writeup

Finding DOM Polyglot XSS in PayPal the Easy Way

Cross-Site Scripting (XSS) vulnerability

🏗️

Insecure Design

46 writeups

File Upload to RCE

Remote Code Execution (RCE) vulnerability

Hunting for Bugs in File Upload Feature

Security research and bug bounty writeup

HTTP request smuggling bug patched in mitmproxy

HTTP Request Smuggling

Able to steal bearer token from deep link

Security research and bug bounty writeup

Backdooring Electron Applications

Security research and bug bounty writeup

Unsafe content loading [Electron JS]

Security research and bug bounty writeup

Account Takeover in KAYAK

Account Takeover (ATO) vulnerability

PHP FILTER CHAINS: FILE READ FROM ERRORBASED ORACLE

Security research and bug bounty writeup

SAML is insecure by design

Security research and bug bounty writeup

Escaping misconfigured VSCode extensions

Security research and bug bounty writeup

⚙️

Security Misconfiguration

87 writeups

All about Password Reset vulnerabilities

Security research and bug bounty writeup

Nothing new under the Sun – Discovering and exploiting a CDE bug chain

Security research and bug bounty writeup

How I hacked thousand of subdomains

Security research and bug bounty writeup

S3 Account Search

Security research and bug bounty writeup

Old RCE worth $3362

Remote Code Execution (RCE) vulnerability

WebCache Poisoning $$$? Worth it?

Web Cache Poisoning

How I Scored 1K Bounty Using Waybackurls

Security research and bug bounty writeup

All About CSRF Flaw

Cross-Site Request Forgery (CSRF)

Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform

Information Disclosure / Data Leak

System misconfiguration is the number one vulnerability, at least for Mastodon

Security research and bug bounty writeup

📦

Vulnerable and Outdated Components

5 writeups

Fuzzing Golang msgpack for fun and panic

Security research and bug bounty writeup

Zabbix A Case Study of Unsafe Session Storage

Security research and bug bounty writeup

WSO2 RCE (CVE202229464) exploit and writeup

Remote Code Execution (RCE) vulnerability

Vulnerabilities in Tenda's W15Ev2 AC1200 Router

Security research and bug bounty writeup

How to join the desync endgame: Practical tips from pentester Tom Stacey

Security research and bug bounty writeup

🔑

Identification & Authentication Failures

21 writeups

Improper Authentication any user can login as other user with otp/logout & otp/login

Security research and bug bounty writeup

How to test for JWT attacks

Security research and bug bounty writeup

Bypassed the subscription and got the certification

Security or Authentication Bypass

Broken Authentication Login With Google

Security research and bug bounty writeup

OAUTH2 bearer notchecked for connection reuse

Security research and bug bounty writeup

2fa Bypass Using Response Manipulation

Security or Authentication Bypass

OTP bruteforce via rate limit bypass

Remote Code Execution (RCE) vulnerability

10 Password Reset Flaws

Security research and bug bounty writeup

Account Takeover via SMS Authentication Flow

Account Takeover (ATO) vulnerability

Bypassing Login Page in 2 Mins

Security or Authentication Bypass

🛡️

Software & Data Integrity Failures

17 writeups

Pwning a Server using Markdown

Security research and bug bounty writeup

Admin can create a hidden admin account which even the owner can not detect and remove and do administrative actions on the application.

Security research and bug bounty writeup

How I found a bug in Apple within just in 5min

Security research and bug bounty writeup

Huawei Security Hypervisor Vulnerability

Security research and bug bounty writeup

A Brief Introduction to SAML Security Vector

Security research and bug bounty writeup

Hacking Google Drive Integrations

Security research and bug bounty writeup

Dependency Confusion

Security research and bug bounty writeup

Race Condition — Resulted in using the feature which was supposed to be obtained after subscription.

Security research and bug bounty writeup

1click RCE in Electron Applications

Remote Code Execution (RCE) vulnerability

Airborne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk | Oligo Security | Oligo Security

Remote Code Execution (RCE) vulnerability

📊

Security Logging & Monitoring

2 writeups

SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege

Security research and bug bounty writeup

Harvesting Logs for Fun and Profit

Security research and bug bounty writeup

🌐

Server-Side Request Forgery (SSRF)

22 writeups

Story of a Google Cloud SSRF

Server-Side Request Forgery (SSRF)

SSRF: Bypassing hostname restrictions with fuzzing

Server-Side Request Forgery (SSRF)

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Server-Side Request Forgery (SSRF)

FogBugz import attachment full SSRF requiring vulnerability

Server-Side Request Forgery (SSRF)

A Glossary of Blind SSRF Chains

Server-Side Request Forgery (SSRF)

SSRF vulnerabilities and where to find them

Server-Side Request Forgery (SSRF)

Stealing administrative JWT's through post auth SSRF (CVE-2021-22056)

Server-Side Request Forgery (SSRF)

Turning bad SSRF to good SSRF: Websphere Portal

Server-Side Request Forgery (SSRF)

SSRF for kubeapiserver cloudprovider scene

Server-Side Request Forgery (SSRF)

When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074)

Server-Side Request Forgery (SSRF)

🔗

Chained Exploits

53 writeups

A Tale of Open Redirection to Stored XSS

Cross-Site Scripting (XSS) vulnerability

Story of a $1k bounty — SSRF to leaking access token and other sensitive information

Server-Side Request Forgery (SSRF)

CRLF to Account takeover (chaining bugs)

Account Takeover (ATO) vulnerability

Internet Bug Bounty: High severity vulnerability in Apache HTTP Server could lead to RCE

Remote Code Execution (RCE) vulnerability

SSRF vulnerabilities caused by SNI proxy misconfigurations

Server-Side Request Forgery (SSRF)

Checkmk: Remote Code Execution by Chaining Multiple Bugs (3/3)

Remote Code Execution (RCE) vulnerability

Exploiting Static Site Generators: When Static Is Not Actually Static

Account Takeover (ATO) vulnerability

CVE-2022–42710: A journey through XXE to StoredXSS

Cross-Site Scripting (XSS) vulnerability

SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction

Security research and bug bounty writeup

RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass

Remote Code Execution (RCE) vulnerability

📱

Android App Security

32 writeups

Getting started with Android Application Security

Mobile Application Security

Using an Android emulator for API hacking

Account Takeover (ATO) vulnerability

Android Penetration Testing Cheat Sheet

Mobile Application Security

Android Penetration Testing: Frida

Mobile Application Security

APKHunt static code analysis tool for Android apps that is based on the OWASP MASVS framework

Mobile Application Security

Frida script to bypass common methods of sslpining Android

Security or Authentication Bypass

ByPass SSL Pinning with IP Forwarding | iptables

Security or Authentication Bypass

It's all about Bypassing Android SSL Pinning and Intercepting Proxy Unaware applications.

Remote Code Execution (RCE) vulnerability

SameSite cookie bypass on Android by redirecting to to intentpicker with PoC code ($5,000 bounty)

Security or Authentication Bypass

Insecure deeplink leads to sensitive information disclosure

Information Disclosure / Data Leak

🍎

iOS App Security

11 writeups

iOS Penetration Testing Cheat Sheet

Mobile Application Security

Revealing Hidden iOS Apps: Exploring System Applications on Jailbroken Devices

Mobile Application Security

iOS Hacking A Beginner's Guide to Hacking iOS Apps [2022 Edition]

Mobile Application Security

iOS jailbreak dev wins $2M bounty for finding critical Optimism bug

Mobile Application Security

Exploring iOS Applications with Frida and Objection: Basic Commands for Pentesting

Mobile Application Security

How to Reverse Engineer and Patch an iOS Application for Beginners:

Mobile Application Security

Reverse Engineering the Apple MultiPeer Connectivity Framework

Mobile Application Security

CVE202232929 Bypass iOS backup's TCC protection

Security or Authentication Bypass

Hyperpom: An Apple Silicon Fuzzer for 64bit ARM Binarie

Mobile Application Security

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIGIP and iControl REST Vulnerabilities and Exposures

Mobile Application Security

🎯

Penetration Testing Tools & Guides

15 writeups

Top 10 Tips for Burp Suite

Security research and bug bounty writeup

Burp Suite Extensions: Rarely Utilized but Quite Useful

Security research and bug bounty writeup

Burp Suite solving Email and SMS TAN multifactor authentication with Hackvertor custom tags

Security research and bug bounty writeup

Finding CSRF Vulnerabilities with BurpSuite

Cross-Site Request Forgery (CSRF)

HTTP Signatures: A Burp Suite Extension Implementing HTTP Signatures

Security research and bug bounty writeup

Burp Suite roadmap for 2021

Security research and bug bounty writeup

Browser powered scanning in Burp Suite

Security research and bug bounty writeup

Learn how to write a Burp Suite extension in Kotlin – Setting up

Security research and bug bounty writeup

Using Intruder to Brute Force Authorization Header

Remote Code Execution (RCE) vulnerability

CaA BurpSuite Collector and Analyzer

Security research and bug bounty writeup

🔧

Jenkins Vulnerabilities

1 writeup

Notes about attacking Jenkins servers

Security research and bug bounty writeup

🔌

API Security

6 writeups

What is BOLA? 3digit bounty from Topcoder ($$$)

API Security vulnerability

Using an Undocumented Amplify API to Leak AWS Account IDs

Information Disclosure / Data Leak

How to Exploit Public Firebase Realtime Database using REST API

API Security vulnerability

Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bounty

Remote Code Execution (RCE) vulnerability

Compromising Plesk via its REST API

API Security vulnerability

Missing Bricks: Finding Security Holes in LEGO APIs

API Security vulnerability

🌐

Web3 Security

3 writeups

Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library

Cross-Site Scripting (XSS) vulnerability

The Rise of Web 3.0 Security

Blockchain / Smart Contract vulnerability

RCE on admin panel of web3 website

Remote Code Execution (RCE) vulnerability

⛓️

Blockchain Security

3 writeups

ChainWalker is a smart contract scraper which uses RCP/IPC calls to extract the information

Blockchain / Smart Contract vulnerability

Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.app

Blockchain / Smart Contract vulnerability

Velas Infinite Mint Vulnerability Writeup

Blockchain / Smart Contract vulnerability

📡

IoT Security

2 writeups

Xiongmai IoT Exploitation

IoT Security vulnerability

Turning Google smart speakers into wiretaps for $100k

IoT Security vulnerability

📋

Security Cheatsheets

1 writeup

BigQuery SQL Injection Cheat Sheet

SQL Injection (SQLi) vulnerability

Security Checklists

1 writeup

Galaxy Bug Bounty : Tips and Tutorials for Bug Bounty and also Penetration Tests

Security research and bug bounty writeup

🧪

Practice Labs

2 writeups

Spring RCE vulnerability reproduction environment

Remote Code Execution (RCE) vulnerability

Lab - Prototype Pollution

Prototype Pollution vulnerability

🚗

Car Hacking

7 writeups

How I hacked my car (2021 Hyundai Ioniq SEL) : Part 1

Security research and bug bounty writeup

How I hacked my car (2021 Hyundai Ioniq SEL) : Part 2

Security research and bug bounty writeup

How I hacked my car (2021 Hyundai Ioniq SEL) : Part 3

Security research and bug bounty writeup

Reverse engineering an EV charger

Security research and bug bounty writeup

We recently found a vulnerability affecting Hyundai and Genesis vehicles where we could remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012.

Security research and bug bounty writeup

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More

Security research and bug bounty writeup

More Car Hacking

Security research and bug bounty writeup

🤖

AI Security Research

3 writeups

ChatGPT — Bug Bounty Recon Automation

Security research and bug bounty writeup

Deceiving users with ANSI terminal codes in MCP

Security research and bug bounty writeup

Weaponizing image scaling against production AI systems

Security research and bug bounty writeup

🎙️

Security Podcasts

1 writeup

Exploiting VMware Workstation and the Return of CSG0Days

Security research and bug bounty writeup

Cross Site Scripting (XSS)

292 writeups

From P5 to P2 to 100 BXSS

Cross-Site Scripting (XSS) vulnerability

Google Acquisition XSS (Apigee)

Cross-Site Scripting (XSS) vulnerability

XSS on Microsoft.com via Angular Js template injection

Cross-Site Scripting (XSS) vulnerability

Researching Polymorphic Images for XSS on Google Scholar

Cross-Site Scripting (XSS) vulnerability

Netflix Party Simple XSS

Cross-Site Scripting (XSS) vulnerability

Stored XSS in google nest

Cross-Site Scripting (XSS) vulnerability

Self XSS to persistent XSS on login portal

Cross-Site Scripting (XSS) vulnerability

Universal XSS affecting Firefox

Cross-Site Scripting (XSS) vulnerability

XSS WAF Character limitation bypass like a boss

Cross-Site Scripting (XSS) vulnerability

Self XSS to Account Takeover

Cross-Site Scripting (XSS) vulnerability

🔄

Cross Site Request Forgery (CSRF)

42 writeups

How a simple CSRF attack turned into a P1

Cross-Site Request Forgery (CSRF)

How I exploited the json csrf with method override technique

Cross-Site Request Forgery (CSRF)

How I found CSRF(my first bounty)

Cross-Site Request Forgery (CSRF)

Site wide CSRF on popular program

Cross-Site Request Forgery (CSRF)

Using CSRF I got weird account takeover

Cross-Site Request Forgery (CSRF)

CSRF CSRF CSRF

Cross-Site Request Forgery (CSRF)

Google Bugbounty CSRF in learndigital.withgoogle.com

Cross-Site Request Forgery (CSRF)

2FA bypass via CSRF attack

Cross-Site Request Forgery (CSRF)

Stored iframe injection CSRF account takeover

Cross-Site Request Forgery (CSRF)

Instagram delete media CSRF

Cross-Site Request Forgery (CSRF)

🖱️

Clickjacking

16 writeups

Google Bug bounty Clickjacking on Google payment

Clickjacking (UI Redressing)

Google APIs Clickjacking worth 1337$

Clickjacking (UI Redressing)

1800 worth Clickjacking

Clickjacking (UI Redressing)

Account takeover with clickjacking

Account Takeover (ATO) vulnerability

Clickjacking on google CSE

Clickjacking (UI Redressing)

How I accidentally found clickjacking in Facebook

Clickjacking (UI Redressing)

Clickjacking on google myaccount worth 7500

Clickjacking (UI Redressing)

Clickjacking in google docs and void typing feature

Clickjacking (UI Redressing)

binary.com clickjacking vulnerability exploiting HTML5 security features

Clickjacking (UI Redressing)

Yet another Google Clickjacking

Clickjacking (UI Redressing)

📂

Local File Inclusion (LFI)

12 writeups

RFI LFI Writeup

Local File Inclusion (LFI)

My first LFI

Local File Inclusion (LFI)

Bug bounty LFI at Google.com

Local File Inclusion (LFI)

Google LFI on production servers in redacted.google.com

Local File Inclusion (LFI)

LFI to 10 server pwn

Local File Inclusion (LFI)

LFI in apigee portals

Local File Inclusion (LFI)

Chain the bugs to pwn an organisation LFI unrestricted file upload to RCE

Remote Code Execution (RCE) vulnerability

How we got LFI in apache drill recom like a boss

Local File Inclusion (LFI)

Bugbounty journey from LFI to RCE

Remote Code Execution (RCE) vulnerability

LFI to RCE on deutche telekom bugbounty

Remote Code Execution (RCE) vulnerability

🌍

Subdomain Takeover

22 writeups

How I bought my way to subdomain takeover on tokopedia

Subdomain Takeover vulnerability

Subdomain Takeover via pantheon

Subdomain Takeover vulnerability

Subdomain takeover : a unique way

Subdomain Takeover vulnerability

Escalating subdomain takeover to steal sensitive stuff

Subdomain Takeover vulnerability

Subdomain takeover awarded 200

Subdomain Takeover vulnerability

Subdomain takeover via wufoo service

Subdomain Takeover vulnerability

Subdomain takeover via Hubspot

Subdomain Takeover vulnerability

Souq.com subdomain takeover

Subdomain Takeover vulnerability

Subdomain takeover : new level

Subdomain Takeover vulnerability

Subdomain takeover due to misconfigured project settings for custom domain

Subdomain Takeover vulnerability

💥

Denial of Service (DOS)

11 writeups

Long String DOS

Denial of Service (DoS)

AIRDOS

Denial of Service (DoS)

Denial of Service DOS vulnerability in script loader (CVE-2018-6389)

Denial of Service (DoS)

Github actions DOS

Denial of Service (DoS)

Application level denial of service

Denial of Service (DoS)

Banner grabbing to DOS and memory corruption

Denial of Service (DoS)

DOS across Facebook endpoints

Denial of Service (DoS)

DOS on WAF protected sites

Denial of Service (DoS)

DOS on Facebook android app using zero width no break characters

Denial of Service (DoS)

Whatsapp DOS vulnerability on android and iOS

Denial of Service (DoS)

🚪

Authentication Bypass

10 writeups

Touch ID authentication Bypass on evernote and dropbox iOS apps

Security or Authentication Bypass

Oauth authentication bypass on airbnb acquistion using wierd 1 char open redirect

Security or Authentication Bypass

Two factor authentication bypass

Security or Authentication Bypass

Instagram multi factor authentication bypass

Security or Authentication Bypass

Authentication bypass in nodejs application

Security or Authentication Bypass

Symantec authentication Bypass

Security or Authentication Bypass

Authentication bypass in CISCO meraki

Security or Authentication Bypass

Slack SAML authentocation bypass

Security or Authentication Bypass

Authentication Bypass on airbnb via oauth tokens theft

Security or Authentication Bypass

Inspect element leads to stripe account lockout authentication Bypass

Security or Authentication Bypass

🗃️

SQL Injection (SQLi)

32 writeups

Tricky oracle SQLI situation

SQL Injection (SQLi) vulnerability

Exploiting “Google BigQuery” SQLI

SQL Injection (SQLi) vulnerability

SQLI via stopping the redirection to a login page

SQL Injection (SQLi) vulnerability

Finding SQLI with white box analysis a recent bug example

SQL Injection (SQLi) vulnerability

Bypassing a crappy WAF to exploit a blind SQLI

SQL Injection (SQLi) vulnerability

SQL Injection in private-site.com/login.php

SQL Injection (SQLi) vulnerability

Exploiting tricky blind SQLI

SQL Injection (SQLi) vulnerability

SQLI in forget password fucntion

SQL Injection (SQLi) vulnerability

SQLI Bug Bounty

SQL Injection (SQLi) vulnerability

File Upload blind SQLI

SQL Injection (SQLi) vulnerability

🎯

Insecure Direct Object Reference (IDOR)

5 writeups

Disclose Private Dashboard Chart's name and data in Facebook Analytics

Security research and bug bounty writeup

Disclosing privately shared gaming clips of any user

Security research and bug bounty writeup

Adding anyone including non-friend and blocked people as co-host in personal event!

Security research and bug bounty writeup

Page analyst could view job application details

Security research and bug bounty writeup

Deleting Anyone's Video Poll

Security research and bug bounty writeup

📲

2FA Bypass

10 writeups

2FA Bypass via logical rate limiting Bypass

Security or Authentication Bypass

Bypass 2FA in a website

Security or Authentication Bypass

Weird and simple 2FA bypass

Security or Authentication Bypass

How I cracked 2FA with simple factor bruteforce

Remote Code Execution (RCE) vulnerability

Instagram account is reactivated without entering 2FA

Security research and bug bounty writeup

How to bypass 2FA with a HTTP header

Security or Authentication Bypass

How I hacked 40k user accounts of microsoft using 2FA bypass outlook

Security or Authentication Bypass

How I abused 2FA to maintain persistence after password recovery change google microsoft instragram

Security research and bug bounty writeup

Bypass hackerone 2FA

Security or Authentication Bypass

Facebook Bug bounty : How I was able to enumerate instagram accounts who had enabled 2FA

Security research and bug bounty writeup

🔗

CORS Misconfiguration

13 writeups

CORS bug on google's 404 page (rewarded)

CORS Misconfiguration

CORS misconfiguration leading to private information disclosure

CORS Misconfiguration

CORS misconfiguration account takeover out of scope to grab items in scope

Account Takeover (ATO) vulnerability

Chrome CORS

CORS Misconfiguration

Bypassing CORS

Security or Authentication Bypass

An unexploited CORS misconfiguration reflecting further issues

CORS Misconfiguration

Think outside the scope advanced cors exploitation techniques

CORS Misconfiguration

A simple CORS misconfiguration leaked private post of twitter facebook instagram

CORS Misconfiguration

Explpoiting CORS misconfiguration

CORS Misconfiguration

Full account takeover through CORS with connection sockets

Account Takeover (ATO) vulnerability

🌐

Server Side Request Forgery (SSRF)

27 writeups

Exploiting an SSRF trials and tribulations

Server-Side Request Forgery (SSRF)

SSRF on PDF generator

Server-Side Request Forgery (SSRF)

Google VRP SSRF in Google cloud platform stackdriver

Server-Side Request Forgery (SSRF)

Vimeo upload function SSRF

Server-Side Request Forgery (SSRF)

SSRF via ffmeg processing

Server-Side Request Forgery (SSRF)

My first SSRF using DNS rebinding

Server-Side Request Forgery (SSRF)

Bugbounty simple SSRF

Server-Side Request Forgery (SSRF)

SSRF reading local files from downnotifier server

Server-Side Request Forgery (SSRF)

SSRF vulnerability

Server-Side Request Forgery (SSRF)

Gain adfly SMTP access with SSRF via gopher protocol

Server-Side Request Forgery (SSRF)

🏎️

Race Condition

12 writeups

Exploiting a Race condition vulnerabililty

Security research and bug bounty writeup

Race condition that could result to RCE a story with an app

Remote Code Execution (RCE) vulnerability

Creating thinking is our everything : Race condition and business logic

Security research and bug bounty writeup

Chaining improper authorization to Race condition to harvest credit card details

Security research and bug bounty writeup

A Race condition bug in Facebook chat groups

Security research and bug bounty writeup

Race condition bypassing team limit

Security or Authentication Bypass

Race condition on web

Security research and bug bounty writeup

Race condition bugs on Facebook

Security research and bug bounty writeup

Hacking Banks With Race Conditions

Security research and bug bounty writeup

Race Condition Bug In Web App: A Use Case

Security research and bug bounty writeup

💻

Remote Code Execution (RCE)

64 writeups

Microsoft RCE bugbounty

Remote Code Execution (RCE) vulnerability

OTP bruteforce account takeover

Remote Code Execution (RCE) vulnerability

Attacking helpdesk RCE chain on deskpro with bitdefender

Remote Code Execution (RCE) vulnerability

Remote image upload leads to RCE inject malicious code

Remote Code Execution (RCE) vulnerability

Finding a p1 in one minute with shodan.io RCE

Remote Code Execution (RCE) vulnerability

From recon to optimizing RCE results simple story with one of the biggest ICT company

Remote Code Execution (RCE) vulnerability

Uploading backdoor for fun and profit RCE DB creds P1

Remote Code Execution (RCE) vulnerability

Responsible Disclosure breaking out of a sandboxed editor to perform RCE

Remote Code Execution (RCE) vulnerability

Wordpress design flaw leads to woocommerce RCE

Remote Code Execution (RCE) vulnerability

Path traversal while uploading results in RCE

Remote Code Execution (RCE) vulnerability

💥

Buffer Overflow

6 writeups

Buffer Overflow Attack Book pdf

Security research and bug bounty writeup

Github Repository on Buffer Overflow Attack

Security research and bug bounty writeup

Stack-Based Buffer Overflow Attacks: Explained and Examples

Security research and bug bounty writeup

How Buffer Overflow Attacks Work

Security research and bug bounty writeup

Binary Exploitation: Buffer Overflows

Security research and bug bounty writeup

WHAT IS A BUFFER OVERFLOW? LEARN ABOUT BUFFER OVERRUN VULNERABILITIES, EXPLOITS & ATTACKS

Security research and bug bounty writeup

📱

Android Pentesting

1 writeup

Android Pentesting Lab (Step by Step guide for beginners!)

Mobile Application Security