Created
January 23, 2026 16:17
-
-
Save samidunimsara/a1cf5a56a3028d9c6995650aa7c50604 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/ | |
| https://medium.com/@p0lyxena/2-500-bug-bounty-write-up-remote-code-execution-rce-via-unclaimed-node-package-6b9108d10643 | |
| https://www.varonis.com/blog/manipulating-salesforce-public-links | |
| https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization | |
| https://medium.com/@hashimamin/logic-flaw-i-can-block-you-from-accessing-your-own-account-63fc2a88bb72 | |
| https://binarysecurity.no/posts/2024/09/apim-privilege-escalation | |
| https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b | |
| https://medium.com/@deepanshudev369/interesting-story-of-an-account-takeover-vulnerability-140a45a058a3 | |
| https://sec-consult.com/blog/detail/msi-installer-repair-to-system-a-detailed-journey/ | |
| https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ | |
| https://research.aurainfosec.io/disclosure/sagecrm2/ | |
| https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/ | |
| https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/ | |
| https://edermi.github.io/post/2024/mfa_bypass_mtls/ | |
| https://script.hashnode.dev/self-xss-to-ato-via-site-features | |
| https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/ | |
| https://medium.com/@manan_sanghvi/how-100-manual-hacking-without-even-kali-and-burp-led-to-2-medium-vulnerabilities-on-yeswehack-bbda00fcd84e | |
| https://www.synack.com/blog/unmasking-harmful-content-in-a-medical-chatbot-a-red-team-perspective/ | |
| https://medium.com/@ali.zamini/ssti-in-bug-bounty-program-the-time-i-played-with-handlebars-and-broke-stuff-7dc1f9834a3d | |
| https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/ | |
| https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/ | |
| https://prateeksrivastavaa.medium.com/zomatoooo-idor-in-saved-payments-f8c014879741 | |
| https://medium.com/@srishavinkumar/p3-medium-how-i-gain-access-to-nasas-internal-workspace-d0896fee563c | |
| https://www.sonarsource.com/blog/basic-http-authentication-risk-uncovering-pyspider-vulnerabilities/ | |
| https://blog.scrt.ch/2024/08/09/ghost-in-the-ppl-part-1-byovdll/ | |
| https://blog.scrt.ch/2024/08/15/ghost-in-the-ppl-part-2-from-byovdll-to-arbitrary-code-execution-in-lsass/ | |
| https://blog.scrt.ch/2024/09/02/ghost-in-the-ppl-part-3-lsass-memory-dump/ | |
| https://medium.com/@omarahmed_13016/iis-welcome-page-to-source-code-review-to-lfi-23ec581049f5 | |
| https://sudhanshur705.medium.com/bypassing-csp-via-url-parser-confusions-xss-on-netlifys-image-cdn-755a27065fd9 | |
| https://infosecwriteups.com/a-story-about-how-i-found-xss-in-asus-cb233ce3bb9c | |
| https://medium.com/@likithteki76/how-i-got-250-for-my-second-bug-in-hackerone-35c75cbd84bd | |
| https://infosecwriteups.com/the-hunt-for-xxe-to-lfi-how-i-uncovered-cve-2019-9670-in-a-bug-bounty-program-5668e4afa806 | |
| https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/ | |
| https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html | |
| https://gosecure.ai/blog/2024/08/30/key-and-e-a-pentesters-tale-on-how-a-photo-opened-real-doors/ | |
| https://ian.sh/tsa | |
| https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/ | |
| https://medium.com/@0xold/15k-rce-through-monitoring-debug-mode-4f474d8549d5 | |
| https://infosecwriteups.com/csrf-bypass-using-domain-confusion-leads-to-ato-ac682dd17722 | |
| https://www.praetorian.com/blog/3cx-phone-system-local-privilege-escalation-vulnerability/ | |
| https://www.zerodayinitiative.com/blog/2024/8/27/cve-2024-37079-vmware-vcenter-server-integer-underflow-code-execution-vulnerability | |
| https://vojtechcekal.medium.com/how-i-was-able-to-give-verification-badge-to-any-youtube-channel-and-bypass-needed-requirements-b88855afe4b7 | |
| https://blog.redteam-pentesting.de/2024/moodle-rce/ | |
| https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/ | |
| https://www.rcesecurity.com/2024/08/wordpress-givewp-pop-to-rce-cve-2024-5932/ | |
| https://medium.com/@asharm.khan7/like-bypass-on-customer-reviews-500-bounty-b8d45a98c096 | |
| https://medium.com/@meharhuzaifa777/exploiting-log4j-rce-in-apple-app-store-ca99a549de1f | |
| https://medium.com/@gokulsspace/hitting-the-jackpot-with-rce-43755cac1415 | |
| https://ch44nd.medium.com/find-bugs-from-google-dorks-ec574c01471b | |
| https://medium.com/@domenicoveneziano/hidden-in-plain-sight-uncovering-rce-on-a-forgotten-axis2-instance-86ddc91f1415 | |
| https://k4tedu.medium.com/how-i-can-easily-get-four-p1-at-nasa-using-simple-google-dorking-d4457bec1971 | |
| https://www.horizon3.ai/attack-research/disclosures/traccar-5-remote-code-execution-vulnerabilities/ | |
| https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/ | |
| https://medium.com/@scriptshuva/instagram-and-meta-2fa-bypass-by-unprotected-backup-code-retrieval-in-accounts-center-c735ff650f10 | |
| https://www.anvilsecure.com/blog/vulnerabilities-in-homepage-dashboard.html | |
| https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/ | |
| https://rikeshbaniya.medium.com/authorization-bypass-due-to-cache-misconfiguration-fde8b2332d2d | |
| https://embracethered.com/blog/posts/2024/google-ai-studio-data-exfiltration-now-fixed/ | |
| https://www.miggo.io/resources/uncovering-auth-vulnerability-in-aws-alb-albeast | |
| https://jfrog.com/blog/from-mlops-to-mloops-exposing-the-attack-surface-of-machine-learning-platforms/ | |
| https://www.tenable.com/blog/ssrfing-the-web-with-the-help-of-copilot-studio | |
| https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/ | |
| https://www.traceable.ai/blog-post/how-1-exposed-honeywell-api-gave-us-control-over-an-internal-engineering-system | |
| http://phrack.org/issues/71/8.html#article | |
| https://medium.com/@a13h1/1500-cr-lf-injection-59152daaf413 | |
| https://medium.com/@debu8er/1600-bounty-on-a-main-domain-8c30557c0f64 | |
| https://armx64.medium.com/500-from-meta-by-reporting-a-htmli-accidental-bug-fef2e5a0f4c4 | |
| https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/ | |
| https://infosecwriteups.com/forced-sso-session-fixation-5d3b457b79cb | |
| https://hacktodef.com/addressed-aws-defaults-risks-oidc-terraform-and-anonymous-to-administratoraccess | |
| https://trustedsec.com/blog/oops-i-udld-it-again | |
| https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/ | |
| https://shahjerry33.medium.com/2fa-bypass-idn-mischief-157f06cb6904 | |
| https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections | |
| https://medium.com/@pranshux0x/account-takeover-on-8-years-old-public-program-c0c0a30cfdd2 | |
| https://www.synacktiv.com/publications/sccmsecretspy-exploiting-sccm-policies-distribution-for-credentials-harvesting-initial.html | |
| https://snyk.io/blog/nodejs-add-on-extensions/ | |
| https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/ | |
| https://medium.com/@noob.assassin/breaking-the-barrier-admin-panel-takeover-worth-3500-78da79089ca3 | |
| https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/ | |
| https://medium.com/@likithteki76/how-i-got-150-on-hackerone-for-my-first-bug-8af0ed515e79 | |
| https://jfrog.com/blog/cve-2024-38428-wget-vuln-all-you-need-to-know/ | |
| https://bunny0417.medium.com/stored-xss-in-libreoffice-ed4ad22e0f56 | |
| https://infosecwriteups.com/how-i-got-my-first-13500-bounty-through-parameter-polluting-hpp-179666b8e8bb | |
| https://medium.com/@momos1337/how-i-hacked-nasa-bug-bounty-6975b833eb45 | |
| https://blog.orange.tw/2024/08/confusion-attacks-en.html | |
| https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/ | |
| https://www.akamai.com/blog/security-research/2024/aug/2024-august-kubernetes-gitsync-command-injection-defcon | |
| https://infosecwriteups.com/persistent-xss-vulnerability-on-microsoft-bings-video-indexing-system-a46db992ac7b | |
| https://portswigger.net/research/gotta-cache-em-all | |
| https://www.akamai.com/blog/security-research/2024-august-vpn-post-exploitation-techniques-black-hat | |
| https://certitude.consulting/blog/en/o365-anti-phishing-measures/ | |
| https://oussamarahali.com/blog/butterfly-effect-zero-click-account-takeover/ | |
| https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work | |
| https://portswigger.net/research/splitting-the-email-atom | |
| https://www.semperis.com/blog/unoauthorized-privilege-elevation-through-microsoft-applications/ | |
| https://certitude.consulting/blog/en/o365-anti-phishing-measures/ | |
| https://rhinosecuritylabs.com/research/vestaboard-vulnerabilities/ | |
| https://www.praetorian.com/blog/exploiting-lambda-functions-for-fun-and-profit/ | |
| https://www.synacktiv.com/publications/github-actions-exploitation-dependabot | |
| https://r0b0ts.medium.com/race-condition-about-the-user-version-and-ignored-c98fec642d1b | |
| https://r0b0ts.medium.com/my-first-bug-bounty-cors-misconfiguration-3e6f38835c4e | |
| https://infosecwriteups.com/500-for-cracking-invitation-code-for-unauthorized-access-account-takeover-558c663fb947 | |
| https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/ | |
| https://nowotarski.info/wordpress-nonce-authorization/ | |
| https://infosecwriteups.com/unveiling-remote-code-execution-in-ai-chatbot-workflows-3c7f633f63c3 | |
| https://medium.com/@r3vsh/cswsh-meets-llm-chatbots-3ab09af5ab6f | |
| https://varmaanu001.medium.com/unveiling-remote-code-execution-in-ai-chatbot-workflows-3c7f633f63c3 | |
| https://sallam.gitbook.io/sec-88/bug-bounty/ai-under-siege-discovering-and-exploiting-vulnerabilities | |
| https://medium.com/@rhashibur75/how-i-got-critical-p2-bug-on-google-vrp-165017145af8 | |
| https://cyku.tw/no-database-mssql-injection/ | |
| https://medium.com/@a13h1/how-i-earned-469-bounty-bypassing-plan-restriction-58f6d3120b6e | |
| https://cyllective.com/blog/posts/atlassian-audit-plugins | |
| https://flatt.tech/research/posts/beyond-the-limit-expanding-single-packet-race-condition-with-first-sequence-sync/ | |
| https://www.pentestpartners.com/security-blog/knowbe4-rce-and-lpe/ | |
| https://piffd0s.medium.com/pwn2own-miami-aveva-edge-arbitrary-dll-loading-vulnerability-b2d10fc7d55c | |
| https://www.praetorian.com/blog/account-takeover-via-broken-authentication-workflow-free-lifetime-streaming/ | |
| https://medium.com/@0x_xnum/saml-authentication-bypass-leading-to-admin-panel-access-24f23812ed76 | |
| https://thenewstack.io/plug-security-holes-in-react-apps-that-can-lead-to-api-exploitation/ | |
| https://code-white.com/blog/teaching-the-old-net-remoting-new-exploitation-tricks/ | |
| https://certitude.consulting/blog/en/credential-disclosure-in-lastpass/ | |
| https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups/ | |
| https://medium.com/@jerryhackgather/interesting-business-logic-error-leads-to-pre-account-takeover-via-verification-bypass-on-googlevrp-d362f9469e3d | |
| https://iamsaugat.medium.com/stealing-first-party-access-token-of-facebook-users-meta-bug-bounty-44b3b2e87d07 | |
| https://landaire.net/mitming-the-xbox-360-dashboard-for-rce-and-fun/ | |
| https://jhftss.github.io/CVE-2023-42929-Why-Do-We-Need-The-App-Container-Protection/ | |
| https://www.synacktiv.com/advisories/oracle-retail-xstore-suite-pre-authenticated-path-traversal | |
| https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss | |
| https://secreltyhiddenwriteups.blogspot.com/2024/07/a-creative-way-to-get-someones-youtube.html | |
| https://medium.com/@a13h1/bypass-plan-restriction-get-350-bounty-2df24f406462 | |
| https://www.praetorian.com/blog/drop-the-mic-cve20191166/ | |
| https://sallam.gitbook.io/sec-88/bug-bounty/unlocking-the-weak-spot-exploiting-insecure-password-reset-tokens | |
| https://medium.com/@kiranmaraju/jailbreak-of-meta-ai-llama-3-1-revealing-configuration-details-9f0759f5006a | |
| https://gccybermonks.com/posts/github/ | |
| https://hogarth45.medium.com/elasticsearch-smash-grab-99cf36cdefbb | |
| https://secreltyhiddenwriteups.blogspot.com/2024/07/leaking-all-users-google-drive-files.html | |
| https://www.intruder.io/research/path-traversal-and-code-execution-in-csla-net-cve-2024-28698 | |
| https://spaces-cdn.owlstown.com/blobs/exmixv7d3xutvlj6ksq80zkv4mot | |
| https://medium.com/@dub-flow/hacking-moodle-apps-via-external-functions-1fc88a6d697c | |
| https://snyk.io/blog/repo-jacking-the-great-source-code-swindle/ | |
| https://www.praetorian.com/blog/recursive-amplification-attacks-botnet-as-a-service/ | |
| https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions | |
| https://skii.dev/anki-0day/ | |
| https://skerritt.blog/anki-0day/ | |
| https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github | |
| https://www.praetorian.com/blog/exploiting-broken-authentication-control-graphql/ | |
| https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions | |
| https://medium.com/@pyrus369/how-almost-sacrificing-a-university-group-project-led-to-a-microsoft-bug-bounty-9801e0f8f006 | |
| https://github.blog/security/vulnerability-research/3-ways-to-get-remote-code-execution-in-kafka-ui/ | |
| https://doyensec.com/resources/Doyensec_ThinkstCanaryTokensOSS_Report_Q22024_WithRetesting.pdf | |
| https://www.synacktiv.com/publications/injecting-java-in-memory-payloads-for-post-exploitation.html | |
| https://tracebit.com/blog/no-wildcard-how-i-discovered-the-organization-id-of-any-aws-account | |
| https://p0pcycle.com/2024/07/21/i-hacked-a-card-printer-software/ | |
| https://srcincite.io/blog/2024/07/21/jndi-injection-rce-via-path-manipulation-in-memoryuserdatabasefactory.html | |
| https://medium.com/@sugamdangal52/information-disclosure-that-made-me-2000-in-under-5-minutes-63e1ce00ca07 | |
| https://cametom006.medium.com/how-i-found-and-bypassed-a-spring-boot-actuator-information-disclosure-bug-c4930b740a50 | |
| https://www.praetorian.com/blog/capturing-exposed-aws-keys-during-dynamic-web-application-tests/ | |
| https://blog.doyensec.com/2024/07/18/custom-actions.html | |
| https://www.aeth.cc/public/Article-Reset-Tolkien/multi-sandwich-article-en.html | |
| https://payatu.com/blog/breaking-down-barriers-exploiting-authenticated-ipc-clients/ | |
| https://www.synacktiv.com/publications/github-actions-exploitation-self-hosted-runners.html | |
| https://ph-hitachi.medium.com/bypassing-account-suspension-using-anonymous-posting-facebook-bug-bounty-b204433c98d1 | |
| https://www.bugcrowd.com/blog/unveiling-te-0-http-request-smuggling-discovering-a-critical-vulnerability-in-thousands-of-google-cloud-websites/ | |
| https://www.wiz.io/blog/sapwned-sap-ai-vulnerabilities-ai-security | |
| https://ssd-disclosure.com/ssd-advisory-xenforo-rce-via-csrf/ | |
| https://blog.calif.io/p/type-confusion-attacks-in-prosemirror | |
| https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability | |
| https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification | |
| https://www.sonarsource.com/blog/encoding-differentials-why-charset-matters/ | |
| https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/ | |
| https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/ | |
| https://blog.syss.com/posts/voip-deskphone-firmware-security/ | |
| https://ssd-disclosure.com/ssd-advisory-sonicwall-sma100-stored-xss-to-rce/ | |
| https://matanber.com/blog/4-char-csti | |
| https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data | |
| https://blog.doyensec.com/2024/07/11/database-race-conditions.html | |
| https://frycos.github.io/vulns4free/2024/07/10/dynamics-ups-and-downs.html | |
| https://0reg.dev/blog/evernote-rce | |
| https://www.synacktiv.com/en/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation.html | |
| https://realansgar.dev/writeups/intigriti-xss-0724/ | |
| https://fortbridge.co.uk/research/idor-exploitation-via-hpp-api-hacking-case-study/ | |
| https://portswigger.net/research/fickle-pdfs-exploiting-browser-rendering-discrepancies | |
| https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-2/ | |
| https://www.imperva.com/blog/lessons-learned-from-exposing-unusual-xss-vulnerabilities/ | |
| https://codeanlabs.com/blog/research/cve-2024-29511-abusing-ghostscripts-ocr-device/ | |
| https://embracethered.com/blog/posts/2024/chatgpt-persistent-denial-of-service/ | |
| https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server | |
| https://summoning.team/blog/progress-whatsup-gold-privesc-setadminpassword-cve-2024-5009/ | |
| https://summoning.team/blog/progress-whatsup-gold-writedatafile-cve-2024-4883-rce/ | |
| https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/ | |
| https://www.elttam.com/blog/plorming-your-primsa-orm/ | |
| https://medium.com/@a13h1/500-for-cracking-invitation-code-for-unauthorized-access-account-takeover-558c663fb947 | |
| https://spaceraccoon.dev/universal-code-execution-browser-extensions/ | |
| https://medium.com/@gguzelkokar.mdbf15/from-long-term-hacking-to-instant-rewards-finding-sqli-in-3-minutes-worth-3125-ac36c6e950bf | |
| https://uchihamrx.medium.com/the-pdf-trojan-horse-leveraging-html-injection-for-ssrf-and-internal-resource-access-fbf69efcb33d | |
| https://sayedv2.medium.com/how-i-discovered-authentication-bypass-that-blocks-users-from-accessing-the-website-93140fa180ac | |
| https://ssd-disclosure.com/ssd-advisory-foscam-r4m-udtmediaserver-buffer-overflow/ | |
| https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/ | |
| https://medium.com/@oXnoOneXo/a-story-of-a-nice-ssrf-vulnerability-51e16ff6a33f | |
| https://bergee.it/blog/from-angularjs-csti-to-credentials-stealing/ | |
| https://medium.com/@l_s_/self-xss-login-csrf-oauth-account-takeover-6357f3395b49 | |
| https://xphantom.nl/posts/crypto-attack-jenkins/ | |
| https://trustedsec.com/blog/the-dangers-of-transition-mode | |
| https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/ | |
| https://adnanthekhan.com/2024/07/02/roguepuppet-a-critical-puppet-forge-supply-chain-vulnerability/ | |
| https://bishopfox.com/blog/traeger-wifi-controller-advisory | |
| https://blog.doyensec.com/2024/07/02/cspt2csrf.html | |
| https://www.synacktiv.com/publications/github-actions-exploitation-untrusted-input.html | |
| https://blog.paniago.io/the-dark-side-of-contact-forms-how-i-identified-7-cves-in-wordpress-plugins-30f6111dfebf | |
| https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/ | |
| https://www.cyberark.com/resources/threat-research-blog/you-cant-always-win-racing-the-keycloak | |
| https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods | |
| https://medium.com/@mohamed0xmuslim/3-easy-cash-via-cache-99d600565ac5 | |
| https://infosecwriteups.com/story-of-a-1000-open-redirect-1405fb8a0e7a | |
| https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server | |
| https://www.zerodayinitiative.com/blog/2024/7/1/getting-unauthenticated-remote-code-execution-on-the-logsign-unified-secops-platform | |
| https://tantosec.com/blog/docassemble/ | |
| https://medium.com/@abhijithknamboothiri96/exploiting-cache-poisoning-via-unkeyed-parameters-and-headers-in-a-drupal-application-db7a49a67ed4 | |
| https://memorycorruption.net/posts/rce-lua-factorio/ | |
| https://blog.securitybreached.org/2024/06/28/finding-hidden-threats-how-i-found-leaked-aws-credentials-in-an-android-app-api-using-dast/ | |
| https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/ | |
| https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html | |
| https://namcoder.com/blog/how-i-found-dom-xss-on-bingcom-microsoft-bug-bounty-write-up/ | |
| https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/ | |
| https://www.darknavy.org/blog/exploiting_steam_usual_and_unusual_ways_in_the_cef_framework/ | |
| https://www.whiteoaksecurity.com/blog/user-agent-issue/ | |
| https://theclemvp.medium.com/how-i-compromised-1500-accounts-month-with-no-technical-skill-6a83ecd5c8eb | |
| https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102 | |
| https://blog.quarkslab.com/looking-for-vulnerabilities-in-strapi-cve-2024-34065.html | |
| https://mufazmi.medium.com/how-i-found-a-vulnerability-in-paytm-and-received-a-bounty-d580ea14e9a8 | |
| https://www.rtcsec.com/article/novel-dos-vulnerability-affecting-webrtc-media-servers/ | |
| https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032 | |
| https://zhero-web-sec.github.io/research-and-things/nextjs-and-cache-poisoning-a-quest-for-the-black-hole | |
| https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/ | |
| https://medium.com/@rewmcode/new-100-bug-in-my-methodology-60d99f0dafe2 | |
| https://www.elttam.com/blog/plormbing-your-django-orm/ | |
| https://karmainsecurity.com/zip-slip-meets-artifactory-a-bug-bounty-story | |
| https://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/ | |
| https://ltsirkov.medium.com/bypassing-icloud-web-access-restriction-30cdf12b979c | |
| https://blog.pwnedlabs.io/blog.pwnedlabs.io/exploiting-gcp-cloud-build-for-privilege-escalation | |
| https://sensepost.com/blog/2024/from-a-glpi-patch-bypass-to-rce/ | |
| https://www.doyensec.com/resources/Doyensec_Whitepaper_Teleport_PracticalAnalysisHardeningAgainstCompromisedIdP.pdf | |
| https://sites.google.com/site/zhiniangpeng/blogs/Triton-RCE | |
| https://medium.com/pinoywhitehat/idor-on-hackerone-embedded-submission-form-9e59c6f044b3 | |
| https://security.lauritz-holtmann.de/advisories/tfh-form_post-xss-ato/ | |
| https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages/ | |
| https://infosecwriteups.com/brand-new-prototype-pollution-gadget-in-mongodb-leading-to-rce-8c5e0087c15e | |
| https://ltsirkov.medium.com/cross-site-scripting-via-web-cache-poisoning-and-waf-bypass-6cb3412d9e11 | |
| https://evanconnelly.github.io/post/ios-oauth/ | |
| https://www.ambionics.io/blog/iconv-cve-2024-2961-p2 | |
| https://bishopfox.com/blog/expressionengine-v-7-3-15-vulnerability-2 | |
| https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html | |
| https://ibrahimxss.medium.com/discovering-a-crlf-injection-vulnerability-my-journey-into-the-msrc-blog-website-5285169adddb | |
| https://www.monke.ie/p/exfiltrating-data-from-sandboxed-documents | |
| https://embracethered.com/blog/posts/2024/github-copilot-chat-prompt-injection-data-exfiltration/ | |
| https://sector7.computest.nl/post/2024-06-cve-2024-20693-windows-cached-code-signature-manipulation/ | |
| https://labs.jumpsec.com/whats-in-a-name-writing-custom-dns-tunnelling-protocol-on-the-fly-exploiting-unexpected-aws-lambda-misconfiguration-all-in-a-web-app-pen-test-part-1/ | |
| https://labs.jumpsec.com/whats-in-a-name-writing-custom-dns-tunnelling-protocol-exploiting-unexpected-aws-lambda-misconfiguration-in-a-web-app-pen-test-part-2/ | |
| https://www.kandji.io/blog/twitch-privileged-helper | |
| https://medium.com/@mohamed0xmuslim/how-i-get-an-easy-blind-ssrf-by-just-reading-writeups-a5459bbdf96d | |
| https://osec.io/blog/2024-06-10-supply-chain-attacks-a-new-era | |
| https://medium.com/@pranshux0x/super-blind-sql-injection-20000-bounty-thousands-of-targets-still-vulnerable-f9b013765448 | |
| https://rikeshbaniya.medium.com/abusing-auto-mail-responders-to-access-internal-workplaces-04fcc8ba2c99 | |
| https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html | |
| https://modzero.com/en/blog/beyond_the_at_symbol/ | |
| https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf | |
| https://www.leviathansecurity.com/blog/cve-2024-31735-libevent-library-memory-leak | |
| https://www.tenable.com/blog/these-services-shall-not-pass-abusing-service-tags-to-bypass-azure-firewall-rules-customer | |
| https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/ | |
| https://www.landh.tech/blog/20240603-npm-cache-poisoning/ | |
| https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html | |
| https://samcurry.net/hacking-millions-of-modems | |
| https://machiavellli.medium.com/how-i-got-my-first-bounty-65ad8a1763de | |
| https://www.praetorian.com/blog/compromising-bytedances-rspack-github-actions-vulnerabilities/ | |
| https://sensepost.com/blog/2024/targeting-an-industrial-protocol-gateway/ | |
| https://www.synack.com/blog/dumping-a-database-with-an-ai-chatbot/ | |
| https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege/ | |
| https://securitylabs.datadoghq.com/articles/non-production-endpoints-as-an-attack-surface-in-aws/ | |
| https://security.humanativaspa.it/multiple-vulnerabilities-in-eclipse-threadx/ | |
| https://creds.nl/2024-07-27-overlooked-xss-vector | |
| https://www.sonarsource.com/blog/mxss-the-vulnerability-hiding-in-your-code/ | |
| https://www.ambionics.io/blog/iconv-cve-2024-2961-p1 | |
| https://spaceraccoon.dev/zscaler-client-connector-local-privilege-escalation/ | |
| https://medium.com/csg-govtech/catch-me-if-you-can-local-privilege-escalation-in-zscaler-client-connector-7ad997bd7058 | |
| https://blog.slonser.info/posts/email-attacks/ | |
| https://chocapikk.com/posts/2024/svgtranslate/ | |
| https://www.wiz.io/blog/wiz-research-discovers-critical-vulnerability-in-replicate | |
| https://www.synacktiv.com/publications/hijacking-github-runners-to-compromise-the-organization.html | |
| https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/ | |
| https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html | |
| https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/ | |
| https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323 | |
| https://cametom006.medium.com/how-a-single-parameter-led-to-two-ato-cases-c3cf2f4d00c2 | |
| https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/ | |
| https://cyllective.com/blog/posts/cve-2024-29182-collabora | |
| https://medium.com/@zpbrent/my-llm-bug-bounty-journey-on-hugging-face-hub-via-protect-ai-9f3a1bc72c2e | |
| https://matanber.com/blog/cspt-levels | |
| https://security.lauritz-holtmann.de/post/sso-security-redirect-uri-iii/ | |
| https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps | |
| https://www.zerodayinitiative.com/blog/2024/5/9/cve-2024-21115-an-oracle-virtualbox-lpe-used-to-win-pwn2own | |
| https://medium.com/@p.ra.dee.p_0xx01/how-i-found-xss-in-another-govt-site-nciipc-vdp-84d78c0319c2 | |
| https://medium.com/@p.ra.dee.p_0xx01/nciipc-vdp-bug-open-redirection-vulnerability-in-govt-site-b048860f5d2d | |
| https://blog.projectdiscovery.io/hacking-apple-with-sql-injection/ | |
| https://blog.ajxchapman.com/posts/2024/05/08/exploit-archeology.html | |
| https://blog.ionatomics.org/2024/05/08/relative-path-file-injection-the-next-evolution-in-rpo/ | |
| https://securitycafe.ro/2024/05/08/aws-cloudquarry-digging-for-secrets-in-public-amis/ | |
| https://www.breachproof.net/blog/lethal-injection-how-we-hacked-microsoft-ai-chat-bot | |
| https://www.leviathansecurity.com/blog/tunnelvision | |
| https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/ | |
| https://www.blazeinfosec.com/post/llm-pentest-agent-hacking/ | |
| https://mo9khu93r.medium.com/crypto-bounty-program-got-me-500-rate-limit-bypass-d573f7b7d390 | |
| https://starlabs.sg/blog/2024/04-sending-myself-github-com-environment-variables-and-ghes-shell/ | |
| https://dirkjanm.io/lateral-movement-and-hash-dumping-with-temporary-access-passes-microsoft-entra/ | |
| https://medium.com/@red.whisperer/real-world-gitlab-account-take-over-b2e9896a1835 | |
| https://gitlab-com.gitlab.io/gl-security/security-tech-notes/security-research-tech-notes/devfile/ | |
| https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/ | |
| https://www.securifera.com/blog/2024/05/02/okta-verify-for-windows-remote-code-execution-cve-2024-0980/ | |
| https://labs.jumpsec.com/why-sneak-when-you-can-walk-through-the-front-door/ | |
| https://www.zerodayinitiative.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome | |
| https://hiddenlayer.com/research/r-bitrary-code-execution/ | |
| https://blog.stratumsecurity.com/2024/04/29/code-injection-to-rce-with-net/ | |
| https://trustedsec.com/blog/full-disclosure-a-look-at-a-recently-patched-microsoft-graph-logging-bypass-graphninja | |
| https://medium.com/@0x_xnum/idor-leads-to-account-takeover-of-all-users-ato-27af312c8481 | |
| https://medium.com/@red.whisperer/how-a-blackbox-target-turned-to-whitebox-with-recon-e46536672702 | |
| https://medium.com/@p.ra.dee.p_0xx01/found-multiple-bugs-xss-mitm-sec-misconf-in-an-educational-site-5a3804085da0 | |
| https://falconforce.nl/arbitrary-1-click-azure-tenant-takeover-via-ms-application/ | |
| https://www.praetorian.com/blog/local-privilege-escalation-vulnerability-ant-media-server-cve202432656/ | |
| https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/ | |
| https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/ | |
| https://www.synacktiv.com/publications/so-i-became-a-node-exploiting-bootstrap-tokens-in-azure-kubernetes-service.html | |
| https://secfault-security.com/blog/deno.html | |
| https://www.secforce.com/blog/cve-2023-26465-breaking-through-xss-filters-in-pega-platform/ | |
| https://www.legitsecurity.com/blog/dependency-confusion-vulnerability-found-in-an-archived-apache-project | |
| https://ph-hitachi.medium.com/how-i-find-database-credentials-via-mass-recon-recon-scoping-on-gcash-f43a0dae3ec1 | |
| https://emptynebuli.github.io/tooling/2024/04/22/blackberryMDM.html | |
| https://medium.com/@ahmedelmorsy312/unsecure-content-provider-led-to-account-takeover-1e45d716bd7c | |
| https://ph-hitachi.medium.com/how-i-hacked-globe-gcash-services-and-manage-to-get-access-on-multiple-databases-including-ssh-9ca781348e8f | |
| https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/ | |
| https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/ | |
| https://vict0ni.me/taking-over-accounts-in-multiple-ways/ | |
| https://www.synacktiv.com/en/publications/exploiting-american-conquest.html | |
| https://rhinosecuritylabs.com/research/cve-2024-2448-kemp-loadmaster/ | |
| https://orca.security/resources/blog/leakycli-aws-google-cloud-command-line-tools-can-expose-sensitive-credentials-build-logs/ | |
| https://www.sonarsource.com/blog/dangerous-import-sourceforge-patches-critical-code-vulnerability | |
| https://johnstawinski.com/2024/04/15/fixing-typos-and-breaching-microsofts-perimeter/ | |
| https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/ | |
| https://securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/ | |
| https://medium.com/@xrypt0/how-did-i-easily-find-stored-xss-at-apple-and-earn-5000-3aadbae054b2 | |
| https://websec.nl/blog/hack-zte-routers-admin-panel-66190e773cc251453bda7a0c | |
| https://gergelykalman.com/why-you-shouldnt-use-a-commercial-vpn-amateur-hour-with-windscribe.html | |
| https://medium.com/@keizobugbounty/using-e-notation-to-bypass-access-control-restrictions-to-access-arbitrary-user-pii-discussions-1fa014b544d4 | |
| https://www.akamai.com/blog/security-research/2024/apr/critical-vulnerability-create-uri-remote-code-execution | |
| https://medium.com/@0x3adly/how-i-almost-got-2k-through-a-race-condition-3b09232b3a25 | |
| https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/ | |
| https://medium.com/@gonzo-hacks/the-fast-and-the-curious-finding-a-race-condition-in-worldcoin-621c89bfbd61 | |
| https://www.thomashouhou.com/post/logic-vulnerabilities-swisscom-e2ee-cloud-storage | |
| https://embracethered.com/blog/posts/2024/google-aistudio-mass-data-exfil/ | |
| https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-1/ | |
| https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-2/ | |
| https://medium.com/@keizobugbounty/race-condition-authentication-bypass-leads-to-full-account-takeover-6b5c9bc0a54d | |
| https://www.anvilsecure.com/blog/galactical-bug-hunting-how-we-discovered-new-issues-in-cd-projekt-reds-gaming-platform.html | |
| https://www.wiz.io/blog/wiz-and-hugging-face-address-risks-to-ai-infrastructure | |
| https://nowotarski.info/http2-continuation-flood-technical-details/ | |
| https://medium.com/@mohamed0xmuslim/oauth-misconfiguration-leads-to-0-click-ato-b407fe05fdf4 | |
| https://flatt.tech/research/posts/bypassing-dompurify-with-good-old-xml/ | |
| https://www.sonarsource.com/blog/apache-dubbo-consumer-risks/ | |
| https://lutrasecurity.com/en/articles/kobold-letters/ | |
| https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html | |
| https://www.imperva.com/blog/from-chatbot-to-spybot-chatgpt-post-exploitation/ | |
| https://www.hoyahaxa.com/2024/03/imperva-waf-bypass-cve-2023-50969.html | |
| https://medium.com/@a13h1/1500-cr-lf-injection-0d2a75f02ef3 | |
| https://www.blazeinfosec.com/post/leveraging-veeam-to-become-domain-admin/ | |
| https://sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/ | |
| https://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails | |
| https://sites.google.com/site/zhiniangpeng/blogs/Openstack | |
| https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/ | |
| https://bergee.it/blog/the-story-of-exposed-service-ssrf-csp-bypass-and-credentials-stealing-via-xss/ | |
| https://medium.com/@bxrowski0x/bypassing-an-idor-a-couple-of-times-4d67555a1545 | |
| https://blog.slonser.info/posts/dompurify-node-type-confusion/ | |
| https://portswigger.net/research/trace-desync-attack | |
| https://www.synacktiv.com/en/publications/java-deserialization-tricks.html | |
| https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/ | |
| https://boschko.ca/tp-link-tddp-bof/ | |
| https://blog.viettelcybersecurity.com/authentication-bypass-in-goanywhere-admin-portal/ | |
| https://medium.com/@HX007/subdomain-fuzzing-worth-35k-bounty-daebcb56d9bc | |
| https://medium.com/@ahmedelmorsy312/how-did-we-find-the-same-vulnerability-in-9-android-apps-caca254a5ba9 | |
| https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762 | |
| https://www.sprocketsecurity.com/resources/building-lucee-extensions-for-remote-code-execution | |
| https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data | |
| https://blog.includesecurity.com/2024/03/discovering-deserialization-gadget-chains-in-rubyland/ | |
| https://hiddenlayer.com/research/new-google-gemini-content-manipulation-vulns-found/#Overview | |
| https://laburity.com/file-upload-bypass-waf-xss/ | |
| https://moopinger.github.io/blog/crlf/injection/2024/03/12/CRLF-Injection-Shenanigans.html | |
| https://secfault-security.com/blog/openolat-xxe.html | |
| https://www.sonarsource.com/blog/reply-to-calc-the-attack-chain-to-compromise-mailspring/ | |
| https://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/ | |
| https://www.thomashouhou.com/post/vulnerability-in-epfl-computer-security-course | |
| https://izn0u.github.io/2024/03/07/Hacking-My-ISP-Part-1.html | |
| https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/ | |
| https://www.zerodayinitiative.com/blog/2024/3/6/cve-2023-36049-microsoft-net-crlf-injection-arbitrary-file-writedeletion-vulnerability | |
| https://www.traceable.ai/blog-post/angular-ing-for-authz-problematic-anti-patterns-in-single-sign-on-systems | |
| https://nowotarski.info/golang-textproto-reader/ | |
| https://www.l3harris.com/newsroom/editorial/2024/03/breaking-sip-apple-signed-packages | |
| https://blog.voorivex.team/20300-bounties-from-a-200-hour-hacking-challenge | |
| https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/ | |
| https://www.landh.tech/blog/20240304-google-hack-50000/ | |
| https://www.sonarsource.com/blog/opennms-vulnerabilities-securing-code-against-attackers-unexpected-ways/ | |
| https://tantosec.com/blog/judge0/ | |
| https://medium.com/@l_s_/bypassing-a-login-page-and-getting-full-admin-access-on-an-internal-training-platform-ff5abd88135e | |
| https://www.praetorian.com/blog/meshcentral-cross-site-websocket-hijacking-vulnerability/ | |
| https://blog.plerion.com/hacking-terraform-state-privilege-escalation/ | |
| https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/ | |
| https://observationsinsecurity.com/2024/04/25/how-i-hacked-into-googles-internal-corporate-assets/ | |
| https://baldur.dk/blog/embedded-mitel-exploitation.html | |
| https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/ | |
| https://7odamoo.medium.com/how-i-got-5-000-for-out-of-scope-xss-f96938a8c561 | |
| https://xelkomy.medium.com/from-crlf-injection-to-xss-elevating-the-stakes-in-apple-itunes-security-597dc435fd82 | |
| https://buer.haus/2024/02/23/go-go-xss-gadgets-chaining-a-dom-clobbering-exploit-in-the-wild/ | |
| https://kuldeep.io/posts/defeating-length-filters-to-dump-the-database-sqli/ | |
| https://vijetareigns.medium.com/how-automation-detected-default-admin-credential-worth-500-d6c09719d307 | |
| https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43 | |
| https://ssd-disclosure.com/ssd-advisory-tp-link-ncxxx-authentication-bypass/ | |
| https://hiddenlayer.com/research/silent-sabotage/ | |
| https://www.assetnote.io/resources/research/continuing-the-citrix-saga-cve-2023-5914-cve-2023-6184 | |
| https://bughunters.google.com/blog/5294234841776128/nom-for-security-a-proactive-security-review-of-nomulus | |
| https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/ | |
| https://www.varonis.com/blog/apex-code-vulnerabilities | |
| https://www.imperva.com/blog/xss-marks-the-spot-digging-up-vulnerabilities-in-chatgpt/ | |
| https://joaxcar.com/blog/2024/02/19/csp-bypass-on-portswigger-net-using-google-script-resources/ | |
| https://frycos.github.io/vulns4free/2024/02/19/tableau-server-no-vulns.html | |
| https://www.paulosyibelo.com/2024/02/cross-window-forgery-web-attack-vector.html | |
| https://hamzadzworm.medium.com/weird-bug-using-fake-id-via-photoshop-worth-1fe5dbd04497 | |
| https://medium.com/@jackson_80133/hacking-the-dutch-government-153678a191c0 | |
| https://kuldeep.io/posts/web-cache-deception-without-path-confusion/ | |
| https://www.imperva.com/blog/hacking-microsoft-and-wix-with-keyboard-shortcuts/ | |
| https://blog.projectdiscovery.io/hello-lucee-let-us-hack-apple-again/ | |
| https://xelkomy.medium.com/the-effectiveness-of-employing-bchecks-to-uncover-significant-secrets-788e15a8a952 | |
| https://mizu.re/post/playing-with-dompurify-ce-handling | |
| https://cristivlad.medium.com/account-takeover-it-looked-secure-at-first-f14a31cb7f5c | |
| https://blog.solidsnail.com/posts/mintty-hash-leak | |
| https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/ | |
| https://aceresponder.com/blog/exploiting-empire-c2-framework | |
| https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53 | |
| https://rashahacks.com/how-i-got-multiple-privilege-escalations/ | |
| https://blog.quarkslab.com/php-deserialization-attacks-and-a-new-gadget-chain-in-laravel.html | |
| https://rhinosecuritylabs.com/research/cve-2024-23724-ghost-cms-stored-xss/ | |
| https://www.praetorian.com/blog/exploiting-kubernetes-through-operator-injection/ | |
| https://medium.com/@mukundbhuva/how-i-hacked-the-dutch-government-exploiting-an-innocent-image-for-remote-code-execution-df1fa936e46a | |
| https://sec.stealthcopter.com/ninja-contact-forms/ | |
| https://infosecwriteups.com/json-csrf-in-microsoft-bing-maps-collections-74afc2b197d5 | |
| https://labs.watchtowr.com/form-tools-we-need-to-talk-about-php/ | |
| https://security.humanativaspa.it/java-applet-serialization-in-2024-what-could-go-wrong/ | |
| https://cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7 | |
| https://blog.plerion.com/conditional-love-for-aws-metadata-enumeration/ | |
| https://medium.com/@0xold/null-byte-on-steroids-23f8104a25ec | |
| https://www.sonarsource.com/blog/pitfalls-of-desanitization-leaking-customer-data-from-osticket/ | |
| https://orca.security/resources/blog/azure-hd-insight-vulnerabilities-privilege-escalation/ | |
| https://medium.com/@mares.viktor/always-test-404-not-found-in-bug-bounties-2be47801b4c0 | |
| https://medium.com/bugbountywriteup/the-ui-slip-i-hit-750-ui-manipulation-leading-to-unauthorized-permission-changes-d65621d8dd96 | |
| https://medium.com/@sumitkumardas8487/unveiling-a-security-vulnerability-in-zoho-meet-gaining-unauthorized-access-to-private-meetings-ad428b1990ad | |
| https://spaceraccoon.dev/clipboard-microsoft-whiteboard-excalidraw-meta/ | |
| https://nokline.github.io/bugbounty/2024/02/04/ChatGPT-ATO.html | |
| https://medium.com/@kamilrahman32/how-i-secured-the-united-nations-hall-of-fame-67b036ff2620 | |
| https://medium.com/@yousefmoh15/how-i-got-rce-in-one-of-bugcrowds-public-programs-5725c8dc46ce | |
| https://medium.com/@Nightbloodz/ssrf-on-a-headless-browser-becomes-critical-c08daaa1017e | |
| https://jmswrnr.com/blog/hacking-a-smart-home-device | |
| https://twelvesec.com/2024/02/02/cve-2024-23831/ | |
| https://hamzadzworm.medium.com/misconfiguration-lead-to-company-identity-theft-via-bypass-email-verification-0dd60b61d943 | |
| https://ahmadmansourr.medium.com/how-i-was-able-to-hack-a-company-via-watching-a-youtube-video-without-any-technical-pentesting-4941753a150a | |
| https://medium.com/@deadoverflow/this-is-arguably-the-dumbest-bug-ive-ever-found-3e451951d727 | |
| https://medium.com/@alii76tt/remote-code-execution-by-bypassing-cloudflare-cve-2022-29464-analysis-02328e0e284a | |
| https://www.assetnote.io/resources/research/ivantis-pulse-connect-secure-auth-bypass-round-two | |
| https://blog.sicuranext.com/modsecurity-path-confusion-bugs-bypass/ | |
| https://www.legitsecurity.com/blog/azure-devops-zero-click-ci/cd-vulnerability | |
| https://sites.google.com/site/zhiniangpeng/blogs/Jumpserver | |
| https://www.praetorian.com/blog/relution-remote-code-execution-java-deserialization-vulnerability/ | |
| https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/ | |
| https://blog.flawminers.com/index.php/2024/01/30/bypass-admin-approval-mute-member-and-posting-permissions-for-only-admins-in-facebook-groups/ | |
| https://blog.flawminers.com/index.php/2024/01/30/disclose-private-mockups-for-other-users-in-facebook-creative-hub/ | |
| https://blog.flawminers.com/index.php/2024/01/30/persistent-distorted-posts-issue-and-unremovable-content-in-facebook-group/ | |
| https://blog.flawminers.com/index.php/2024/01/30/add-comment-on-a-private-oculus-developer-support/ | |
| https://blog.flawminers.com/index.php/2024/01/30/disclose-latest-stream-video-asset-earnings-for-any-gaming-streamer-page/ | |
| https://blog.flawminers.com/index.php/2024/01/30/send-messages-through-notification-to-facebook-workplace-users-without-getting-blocked/ | |
| https://blog.flawminers.com/index.php/2024/01/30/break-saved-option-for-other-users-in-facebook-from-n-a-to-valid-bug/ | |
| https://blog.flawminers.com/index.php/2024/01/30/sign-up-for-brand-collabs-manager-on-behalf-of-other-page-admins-privilege-escalation/ | |
| https://blog.flawminers.com/index.php/2024/01/30/how-i-found-a-simple-bug-in-facebook-events-without-any-test/ | |
| https://blog.flawminers.com/index.php/2024/01/30/disclose-instagram-personal-private-archived-posts-when-switching-to-professional-account-through-creative-hub/ | |
| https://blog.flawminers.com/index.php/2024/01/30/from-empty-page-to-post-based-json-xss/ | |
| https://blog.qualys.com/vulnerabilities-threat-research/2024/01/30/qualys-tru-discovers-important-vulnerabilities-in-gnu-c-librarys-syslog | |
| https://bugprove.com/knowledge-hub/cve-2023-5372-post-auth-blind-python-code-injection-vulnerabilities-in-zyxel-s-nas-326-and-nas-542-devices/ | |
| https://www.shielder.com/blog/2024/01/hunting-for-~~un~~authenticated-n-days-in-asus-routers/ | |
| https://blog.securelayer7.net/ofbiz-authentication-bypass-cve-2023-51467/0 | |
| https://jhftss.github.io/macOS-AUHelperService-Full-TCC-Bypass/ | |
| https://www.sonarsource.com/blog/who-are-you-the-importance-of-verifying-message-origins/ | |
| https://infosecwriteups.com/xml-external-entity-injection-with-error-based-data-exfiltration-985b063ec820 | |
| https://blog.compass-security.com/2024/01/device-code-phishing-add-your-own-sign-in-methods-on-entra-id/ | |
| https://medium.com/@a13h1/500-mfa-bypass-by-race-condition-176421462902 | |
| https://blog.advact.ch/local-privilege-escalation-in-lenovo-udc-19dc86d72142 | |
| https://joaxcar.com/blog/2024/01/26/hunting-for-prototype-pollution-gadgets-in-jquery-intigriti-0124-challenge/ | |
| https://nullr3x.medium.com/chaining-idor-and-host-header-can-takeover-18-billion-of-users-account-3f0c3fdbc29b | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spoofing-802-11-wireless-beacon-management-frames-with-manipulated-power-values-resulting-in-denial-of-service-for-wireless-clients/ | |
| https://blog.slonser.info/posts/cve-2023-5480/ | |
| https://www.cryptic.red/post/shipping-your-private-key-cve-2023-43870-paxton-do-a-lenovo | |
| https://skii.dev/rook-to-xss/ | |
| https://swarm.ptsecurity.com/bypassing-browser-tracking-protection-for-cors-misconfiguration-abuse/ | |
| https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/ | |
| https://ssd-disclosure.com/ssd-advisory-zyxel-vpn-series-pre-auth-remote-command-execution/ | |
| https://www.synacktiv.com/sites/default/files/2024-01/cisco_ucm_multiple_vulnerabilities.pdf | |
| https://sanderwind.medium.com/unleashing-the-power-of-css-injection-the-access-key-to-an-internal-api-789b166d0527 | |
| https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/ | |
| https://medium.com/@zikola1/response-manipulation-lead-to-premium-feature-by-normal-user-reward-of-500-43381f769ab1 | |
| https://orca.security/resources/research-pod/sys-all-google-kubernetes-engine-risk/ | |
| https://orca.security/resources/research-pod/sys-all-google-kubernetes-engine-risk-example/ | |
| https://medium.com/@kiranmaraju/bypass-instructions-to-manipulate-google-bard-ai-conversational-generative-ai-chatbot-to-reveal-ac23156d5eee | |
| https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/ | |
| https://adepts.of0x.cc/gtbcc-pwned/ | |
| https://medium.com/@yagizkocer/sql-injection-on-postgresql-8c8f823e44aa | |
| https://wojciechregula.blog/post/electroniz3r/ | |
| https://decoder.cloud/2024/01/23/do-not-trust-this-group-policy/ | |
| https://www.synacktiv.com/advisories/multiple-vulnerabilities-on-gestsup-3244 | |
| https://medium.com/@zatikyan.sevada/leaked-sql-error-leading-to-xss-and-another-bsqli-cdadde032687 | |
| https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/ | |
| https://medium.com/@Ishwar-Kumar/how-i-bypassed-a-i-6aa433370050 | |
| https://adnanthekhan.com/2024/01/19/web3s-achilles-heel-a-supply-chain-attack-on-astar-network/ | |
| https://medium.com/@jerryhackgather/dangling-cname-orphaned-cname-leads-p2-on-google-vrp-fca8964d983c | |
| https://www.assetnote.io/resources/research/high-signal-detection-and-exploitation-of-ivantis-pulse-connect-secure-auth-bypass-rce | |
| https://herolab.usd.de/security-advisories/usd-2023-0046/ | |
| https://medium.com/@mares.viktor/secret-input-header-leads-to-password-reset-poisoning-ad3081fd8488 | |
| https://itm4n.github.io/printnightmare-exploitation/ | |
| https://mattchew-gregory.medium.com/nokia-vbmc-bmc-log-scanner-remote-code-execution-52421b3f928d | |
| https://embracethered.com/blog/posts/2024/aws-amazon-q-fixes-markdown-rendering-vulnerability/ | |
| https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes | |
| https://blog.flawminers.com/index.php/2024/01/17/how-i-was-able-to-delete-any-image-in-facebook-community-question-forum-1500/ | |
| https://blog.flawminers.com/index.php/2024/01/17/how-i-found-rxss-in-facebook-twitter-and-google-training-academy-2620/ | |
| https://blog.flawminers.com/index.php/2024/01/17/unauthorized-disclosure-of-video-thumbnails-in-facebook-workplace-3000/ | |
| https://posts.specterops.io/calling-home-get-your-callbacks-through-rbi-50633a233999 | |
| https://medium.com/@TalBeerySec/hi-meta-whatsapp-with-privacy-6d646c5aa3bc | |
| https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/ | |
| https://www.synacktiv.com/sites/default/files/2024-01/synacktiv-pulseconnectsecure-multiple-vulnerabilities.pdf | |
| https://febinj.medium.com/i-found-2-zero-days-in-popular-linux-distros-that-includes-mint-kali-parrot-04e1cee800bd | |
| https://eaton-works.com/2024/01/17/ttibi-email-hack/ | |
| https://medium.com/@kerstan/how-to-discovered-idor-from-a-blank-page-bug-bounty-tuesday-5af784533d1a | |
| https://secops.group/understanding-gitlab-ee-ce-account-takeover-cve-2023-7028/ | |
| https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/#vulnerable-dependencies-in-real-projects | |
| https://infosecwriteups.com/1-program-4-business-logic-bugs-and-cashing-in-2300-299b42236993 | |
| https://vijetareigns.medium.com/accessing-deleted-comment-for-a-bug-bounty-writeup-95d56662d209 | |
| https://www.reversemode.com/2024/01/finding-vulnerabilities-in-swiss-posts.html | |
| https://blog.flawminers.com/index.php/2024/01/16/adding-descriptions-to-instagram-posts-on-behalf-of-other-users-6500/ | |
| https://github.com/Nassim-Asrir/ZDI-24-020/ | |
| https://buer.haus/2024/01/16/reversing-and-tooling-a-signed-request-hash-in-obfuscated-javascript/ | |
| https://blog.flawminers.com/index.php/2024/01/15/disclose-private-attachments-in-facebook-messenger-infrastructure-15000/ | |
| https://swisskyrepo.github.io/Drink-Love-Share-Rump/ | |
| https://labs.guard.io/myflaw-cross-platform-0-day-rce-vulnerability-discovered-in-operas-browsers-099361a808ab | |
| https://www.praetorian.com/blog/tensorflow-supply-chain-compromise-via-self-hosted-runner-attack/ | |
| https://blog.stmcyber.com/pax-pos-cves-2023/ | |
| https://medium.com/@cavdarbashas/unrestricted-file-upload-lead-to-stored-xss-at-microsoft-main-domain-baa9cadac6bd | |
| https://gist.github.com/RenwaX23/0311842bb790ce98fe0cd8f41141fdf0 | |
| https://hazemhussien99.wordpress.com/2024/01/12/cve-2022-40361-writeup/ | |
| https://samshadow.medium.com/unveiling-vulnerabilities-loose-permissions-in-salesforce-lightning-pose-data-security-threats-41eaba372937 | |
| https://medium.com/@LogicalHunter/trpc-security-research-hunting-for-vulnerabilities-in-modern-apis-b0d38e06fa71 | |
| https://medium.com/@fuadahmad062/weird-bug-to-steal-users-credentials-5e80c5d4565f | |
| https://shahjerry33.medium.com/idn-homograph-attack-reborn-of-the-rare-case-99fa1e342352 | |
| https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/ | |
| https://www.horizon3.ai/writeup-for-cve-2023-39143-papercut-webdav-vulnerability/ | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/response-splitting-up-reverse-proxies-to-reach-internal-only-paths/ | |
| https://www.blackhillsinfosec.com/hunting-for-ssrf-bugs-in-pdf-generators/ | |
| https://medium.com/@zikola1/how-i-earned-my-first-bug-bounty-reward-of-600-14c268f94bbd | |
| https://blog.cryptographyengineering.com/2024/01/11/attack-of-the-week-airdrop-tracing/ | |
| https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/ | |
| https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/ | |
| https://blog.securelayer7.net/unauthorized-rce-in-adobe-coldfusion/ | |
| https://petrusviet.medium.com/cve-2023-50220-inductive-automation-ignition-xml-deserialization-to-rce-7b395412c6cf | |
| https://medium.com/@blackarazi/how-i-helped-indonesian-startup-company-to-prevent-millions-of-pii-data-leaks-55ef3edbd35d | |
| https://sysdig.com/blog/fuzzing-and-bypassing-the-aws-waf/ | |
| https://medium.com/tenable-techblog/roles-allowing-to-abuse-entra-id-federation-for-persistence-and-privilege-escalation-df9ca6e58360 | |
| https://medium.com/@sam0-0/bypassing-payments-in-apple-for-free-trails-for-lifetime-8e3019dfe57b | |
| https://medium.com/@Ajakcybersecurity/a-straight-5-hour-escalation-exploiting-boolean-based-sql-injection-5d828fd3dacf | |
| https://nowotarski.info/http-chunk-extensions/ | |
| https://medium.com/@zatikyan.sevada/blind-boolean-based-sqli-by-manipulating-url-96e1e086378c | |
| https://www.synacktiv.com/publications/exploring-counter-strike-global-offensive-attack-surface | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/ | |
| https://hackingthe.cloud/aws/enumeration/bypass_cognito_user_enumeration_controls/ | |
| https://github.com/0x33c0unt/CVE-2024-21633 | |
| https://medium.com/@a13h1/500-access-control-bug-performed-restricted-actions-in-developer-settings-by-low-level-user-b4ecaa6d1aa1 | |
| https://m4dm0e.github.io/blog/2023/01/06/cognito-misconfig.html | |
| https://bxmbn.medium.com/how-i-prevented-a-mass-data-breach-15-000-bounty-bxmbn-1096e6400e3d | |
| https://bxmbn.medium.com/i-received-a-bank-offer-in-my-mailbox-and-discovered-an-idor-vulnerability-5-000-bounty-bxmbn-5209cab1fba8 | |
| https://medium.com/@p0lyxena/exploiting-a-difficult-out-of-band-xxe-via-ftp-connections-c8506f799e8b | |
| https://medium.com/@shcyber/stealing-private-messages-using-xss-on-subdomain-97f0304b132f | |
| https://nullg0re.com/2024/01/entra-id-connect-arbitrary-password-overwrite/ | |
| https://blog.redteam-pentesting.de/2024/bitwarden-heist/ | |
| https://www.labs.greynoise.io/grimoire/2024-01-03-snakeyaml-deserialization/ | |
| https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/ | |
| https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b | |
| https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/ | |
| https://padsalatushal.medium.com/from-disclosure-to-high-severity-leveraging-dyte-api-key-for-maximum-impact-468c444963c6 | |
| https://research.nccgroup.com/2024/01/02/technical-advisory-multiple-vulnerabilities-in-pandorafms-enterprise/ | |
| https://medium.com/@Nightbloodz/the-power-of-client-side-path-traversal-how-i-found-and-escalated-2-bugs-through-670338afc90f | |
| https://infosecwriteups.com/how-i-made-7k-on-epic-games-bug-bounty-8529728b9fcf | |
| https://medium.com/@kerstan/dom-xss-on-hackerone-programs-bug-bounty-tuesday-8973ecf6af95 | |
| https://medium.com/@0xchoudhary/multiple-rxss-f3f796287f34 | |
| https://intrigus.org/research/2023/11/27/finding-insecure-trust-managers-and-disabled-hostname-verification-with-codeql/ | |
| https://medium.com/@deadoverflow/account-takeover-vulnerability-that-resulted-in-2500-bounty-e1618363878d | |
| https://ahmdhalabi.medium.com/the-art-of-chaining-vulnerabilities-e65382b7c627 | |
| https://ec0.io/post/hacking-cloudflare-pages-part-2/ | |
| https://padsalatushal.medium.com/out-of-scope-not-out-of-impact-unveiling-significant-sensitive-information-disclosure-c8e76c1806e8 | |
| https://medium.com/@kerstan/how-i-discovered-ssrf-on-hackerone-program-7bbe72334f74 | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/ | |
| https://github.com/TecR0c/DoubleTrouble | |
| https://www.akamai.com/blog/security-research/2023/dec/weaponizing-dhcp-dns-spoofing-hands-on-guide | |
| https://labs.jumpsec.com/advisory-cve-2023-43042-ibm-backup-products-superuser-information-disclosure/ | |
| https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html | |
| https://adnanthekhan.com/2023/12/20/one-supply-chain-attack-to-rule-them-all/ | |
| https://roberto99.medium.com/how-i-found-sql-injection-worth-of-4-000-bounty-16ca09cbf8ec | |
| https://shellbreaker.hashnode.dev/duplicate-csrf-leads-to | |
| https://anasbetis023.medium.com/how-one-bug-scored-me-double-rewards-355b8d02cdbf | |
| https://danaepp.com/that-time-i-broke-into-an-api-and-became-a-billionaire | |
| https://gergelykalman.com/hacking-isp-cpe-equipment-fiberhome.html | |
| https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation/ | |
| https://terrapin-attack.com | |
| https://eaton-works.com/2023/12/18/aditaas-cve-2023-6483/ | |
| https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ | |
| https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one | |
| https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-two | |
| https://blog.stratumsecurity.com/2023/12/18/apache-lucene-injection-on-auth0-implementation/ | |
| https://kapytein.nl/from-an-innocent-client-side-path-traversal-to-account-takeover | |
| https://medium.com/@rodriguezjorgex/when-not-to-rely-on-automated-tools-429b331e0613 | |
| https://medium.com/@rodriguezjorgex/escalating-dom-xss-to-stored-xss-eb6f3a669af3 | |
| https://medium.com/@rodriguezjorgex/self-xss-to-stored-xss-b4b999610c5b | |
| https://padsalatushal.medium.com/subdomain-takeover-in-azure-trafficmanager-for-fun-profit-09c858ca3d0e | |
| https://medium.com/@sword0x00/one-port-can-be-a-costly-mistake-attack-the-rsync-service-in-a-private-program-cdbf9ecc650d | |
| https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/ | |
| https://medium.com/@kerstan/how-i-automatically-discovered-ssrf-in-hackerone-program-2ae0b7a6ef1b | |
| https://www.imperva.com/blog/cve-2023-22524-rce-vulnerability-in-atlassian-companion-for-macos/ | |
| https://blog.solidsnail.com/posts/npm-esc-seq | |
| https://www.blackhillsinfosec.com/spamming-microsoft-365-like-its-1995/ | |
| https://medium.com/@jonathanbouman/remote-code-execution-at-ws1-aholdusa-com-compromising-logins-of-ahold-delhaize-usa-employees-c7c9aca7e05d | |
| https://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360/ | |
| https://medium.com/@hackintoanetwork/starlink-router-gen-2-is-vulnerable-to-xss-48cfcadd0b13 | |
| https://payatu.com/blog/how-oauth-implicit-flow-led-to-hundreds-of-user-accounts-being-accessed/ | |
| https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/ | |
| https://github.blog/2023-12-13-securing-our-home-labs-frigate-code-review/ | |
| https://orca.security/resources/blog/unauthenticated-access-to-google-cloud-dataproc/ | |
| https://blog.ostorlab.co/one-scheme-to-rule-them-all.html | |
| https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/ | |
| https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/ | |
| https://medium.com/@avbhijitdutta99/how-i-got-300-for-default-credential-login-at-bugcrowd-30368eb698f7 | |
| https://blog.prodefense.io/so-you-found-auth0-secrets-now-what-0945642ac09b | |
| https://www.ambionics.io/blog/wrapwrap-php-filters-suffix | |
| https://www.pentagrid.ch/en/blog/rce-and-local-root-in-openstage-and-openscape-phones/ | |
| https://medium.com/@boogsta/cors-misconfiguration-pii-leak-2765ff5b7115 | |
| https://medium.com/@bxrowski0x/3-symfony-rce-a-peek-behind-the-curtain-83da5433e149 | |
| http://whitehathaji.blogspot.com/2023/12/how-i-got-15000-reward-by-apple.html | |
| https://vedanttekale20.medium.com/unraveling-the-story-of-multiple-admin-panel-compromises-baac4444285f | |
| https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp | |
| https://www.praetorian.com/blog/sonicwall-wxa-authentication-bypass-and-rce-vulnerability/ | |
| https://www.intruder.io/research/split-second-dns-rebinding-in-chrome-and-safari | |
| https://danaepp.com/writing-burp-bambda-filters | |
| https://www.praetorian.com/blog/sonicwall-custom-grub-luks-encryption/ | |
| https://portswigger.net/research/blind-css-exfiltration | |
| https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/ | |
| https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/ | |
| https://blog.thalium.re/posts/achieving-remote-code-execution-in-steam-remote-play/ | |
| https://blog.solidsnail.com/posts/vscode-shell-integ-rce | |
| https://www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105 | |
| https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding | |
| https://bugprove.com/knowledge-hub/cve-2023-37927-and-cve-2023-37928-multiple-post-auth-blind-os-command-and-python-code-injection-vulnerabilities-in-zyxel-s-nas-326-devices/ | |
| https://bugprove.com/knowledge-hub/cve-2023-4473-and-cve-2023-4474-authentication-bypass-and-multiple-blind-os-command-injection-vulnerabilities-in-zyxel-s-nas-326-devices/ | |
| https://github.blog/2023-11-30-securing-our-home-labs-home-assistant-code-review/ | |
| https://fenrisk.com/publications/blogpost/2023/11/30/gadgets-chain-in-laravel/ | |
| https://sec-consult.com/blog/detail/taking-over-a-country-kaminsky-style/ | |
| https://vijetareigns.medium.com/pii-disclosure-worth-750-758b72e7e8ca | |
| https://fenrisk.com/publications/blogpost/2023/11/22/gadgets-chain-in-wordpress/ | |
| https://blog.xilokar.info/bypassing-a-noexec-by-elf-roping.html | |
| https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0 | |
| https://laburity.com/unmasking-an-rfi-to-lfi-escalation/ | |
| https://web.archive.org/web/20240106050326/https://izn0u.github.io/2023/11/23/account-takeover-through-register-functionnality.html | |
| https://doyensec.com/resources/Doyensec_Zeal_SecurityReport_Q32023_v5_AfterRetest.pdf | |
| https://www.sonarsource.com/blog/vscode-security-finding-new-vulnerabilities-npm-integration/ | |
| https://blog.voorivex.team/hijacking-oauth-code-via-reverse-proxy-for-account-takeover | |
| https://www.synacktiv.com/publications/magento-template-engine-a-story-of-cve-2022-24086 | |
| https://www.hoyahaxa.com/2023/11/critical-variable-mass-assignment.html | |
| https://gergelykalman.com/sqlol-CVE-2023-32422-a-macos-tcc-bypass.html | |
| https://www.paloaltonetworks.com/blog/prisma-cloud/secrets-leakage-user-error-azure-cli/ | |
| https://pulsesecurity.co.nz/articles/OMGCICD-gitlab | |
| https://eaton-works.com/2023/11/14/telecom-camera-hack/ | |
| https://gergelykalman.com/lateralus-CVE-2023-32407-a-macos-tcc-bypass.html | |
| https://blog.malicious.group/http-is-dead-long-live-http/ | |
| https://0x44.xyz/blog/cve-2023-4369/index.html | |
| https://www.sonarsource.com/blog/vscode-security-markdown-vulnerabilities-in-extensions/ | |
| https://iter.ca/post/gh-sig-pwn/ | |
| https://maxwelldulin.com/BlogPost/stdout-cosmos-sdk-rce | |
| https://www.imperva.com/blog/navigating-the-sea-exploiting-digitalocean-apis/ | |
| https://medium.com/@medz20876/discovering-and-exploiting-a-xml-external-entity-xxe-vulnerability-in-a-public-bug-bounty-program-88bd35dd1095 | |
| https://infosecwriteups.com/race-conditions-with-pipelining-9034358a2781 | |
| https://www.leviathansecurity.com/blog/attacking-gos-lagged-fibonacci-generator | |
| https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/ | |
| https://blog.plerion.com/the-deputy-is-confused-about-aws-security-hub/ | |
| https://github.com/edwardzpeng/presentations/blob/main/POC%202023/OLE%20object%20are%20still%20dangerous%20today%20%E2%80%94%20Exploiting%20Microsoft%20Office.pdf | |
| https://medium.com/@medz20876/blog-post-bypassing-an-admin-panel-with-sql-injection-20b844442711 | |
| https://blog.voorivex.team/7000-bounty-on-a-single-web-application | |
| https://infosecwriteups.com/xss-on-the-oauth-callback-url-with-csp-bypass-leading-to-zero-click-account-takeover-c6c870b234bd | |
| https://blog.ryotak.net/post/dom-based-race-condition/ | |
| https://pwn.win/2023/10/28/file-move-privesc-mac.html | |
| https://posts.specterops.io/cve-2023-4632-local-privilege-escalation-in-lenovo-system-updater-2762e9667120 | |
| https://blog.malicious.group/from-akamai-to-f5-to-ntlm/ | |
| https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/ | |
| https://www.securifera.com/blog/2023/10/25/cve-2021-27198/ | |
| https://infosecwriteups.com/a-web-cache-deception-chained-to-a-csrf-the-recipe-9e9a5b5f53aa | |
| https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966 | |
| https://www.shielder.com/blog/2023/10/cve-2023-33466-exploiting-healthcare-servers-with-polyglot-files/ | |
| https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts | |
| https://medium.com/@renwa/you-are-not-where-you-think-you-are-opera-browsers-address-bar-spoofing-vulnerabilities-aa36ad8321d8 | |
| https://shubhamchaskar.com/sqli-to-ntlm/ | |
| https://blog.voorivex.team/9240-bounty-in-30-days-hunt-challenge | |
| https://github.com/Sudistark/xss-writeups/blob/main/figma.com-xss.md | |
| https://innotommy.com/Wrong_redirect_uri_validation_in_OAuth-4.pdf | |
| https://dl.acm.org/doi/pdf/10.1145/3627106.3627140 | |
| https://github.com/Sudistark/BB-Writeups/blob/main/2023/CVE-2023-33733-rce-via-htmli-in-reportlab.md | |
| https://www.praetorian.com/blog/vulnerabilities-within-listserv/ | |
| https://www.pentagrid.ch/de/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/ | |
| https://www.erasec.be/blog/client-side-path-manipulation/ | |
| https://doyensec.com/resources/Doyensec_SecurityAdvisory_crewjam_saml_Q32023.pdf | |
| https://www.sonarsource.com/blog/security-vulnerabilities-in-casaos/ | |
| https://jhftss.github.io/The-Nightmare-of-Apple-OTA-Update/ | |
| https://blog.voorivex.team/uncovering-a-command-injection-2400-bounty | |
| https://wpscan.com/blog/finding-a-rce-gadget-chain-in-wordpress-core/ | |
| https://medium.com/@nanwinata/how-can-i-obtain-a-2k-bounty-solely-based-on-curiosity-56ef84e93aca | |
| https://003random.com/posts/meta-bountycon-instagram-writeup/ | |
| https://github.com/cjm00n/EvilSln | |
| https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/ | |
| https://www.synacktiv.com/publications/finding-a-pop-chain-on-a-common-symfony-bundle-part-2 | |
| https://ndevtk.github.io/writeups/2023/10/10/tor/ | |
| https://joaxcar.com/blog/2023/10/06/cve-2022-4908-sop-bypass-in-chrome-using-navigation-api/ | |
| https://medium.com/@remmy9/403-forbidden-no-problem-heres-a-post-xss-eba84020ff70 | |
| https://www.reversemode.com/2023/10/reversing-france-identite-new-french.html | |
| https://blog.pksecurity.io/2023/10/04/microsoft-office.html | |
| https://portswigger.net/research/how-to-build-custom-scanners-for-web-security-research-automation | |
| https://claroty.com/team82/research/the-path-to-the-cloud-is-filled-with-holes-exploiting-4g-edge-routers | |
| https://petrusviet.medium.com/cve-2023-38743-manageengine-admanager-command-injection-6afccbb196fe | |
| https://blog.xpnsec.com/okta-for-redteamers/ | |
| https://bibek-shah.medium.com/noauth-account-takeover-via-microsoft-oauth-cc653410b886 | |
| https://sklnhunt.github.io/posts/xpathinjectionerrorbased/ | |
| https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044 | |
| https://medium.com/@snoopy101/you-can-add-extra-zeroes-xss-bypass-on-a-private-bug-bounty-program-77440495e448 | |
| https://joshua.hu/gaining-root-with-logrotate-sudo-ubuntu | |
| https://code-white.com/blog/exploiting-asp.net-templateparser-part-2/ | |
| https://certitude.consulting/blog/en/using-cloudflare-to-bypass-cloudflare/ | |
| https://www.akamai.com/blog/security-research/2023/sep/smb-over-quic-dos-windows-servers | |
| https://sector7.computest.nl/post/2023-09-getting-system-on-windows-in-style/ | |
| https://www.sonarsource.com/blog/openrefine-zip-slip/ | |
| https://www.sonarsource.com/blog/teamcity-vulnerability/ | |
| https://www.praetorian.com/blog/pwn-request-hacking-microsoft-github-repositories-and-more/ | |
| https://posts.specterops.io/sccm-hierarchy-takeover-41929c61e087 | |
| https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/ | |
| https://medium.com/@salman_bugskipper/1-250-worth-of-host-header-injection-96563a2ac7e8 | |
| https://blog.scrt.ch/2023/09/25/exploiting-stale-adidns-entries/ | |
| https://blog.thalium.re/posts/rooting-xiaomi-wifi-routers/ | |
| https://code-white.com/blog/exploiting-asp.net-templateparser-part-1/ | |
| https://0xm5awy.medium.com/discovering-7-open-redirect-bypasses-and-3-xss-bypasses-within-a-single-program-using-same-8e87581e1a75 | |
| https://medium.com/@abhinavsecondary/staff-and-triage-can-modify-the-initial-post-of-a-report-ed99b1f1d9d3 | |
| https://www.praetorian.com/blog/doubleqlik-bypassing-the-original-fix-for-cve-2023-41265/ | |
| https://github.com/kkent030315/Van1338 | |
| https://medium.com/@garkolym/uncovering-a-critical-vulnerability-in-samsung-mobile-security-a-bug-bounty-journey-95d614ba1841 | |
| https://speakerdeck.com/greendog/how-to-break-saml-if-i-have-paws | |
| https://www.zerodayinitiative.com/blog/2023/9/21/finding-deserialization-bugs-in-the-solarwind-platform | |
| https://medium.com/@anirudhkrishna012/how-2-cute-bugs-offered-me-a-reward-of-650-7f13abf36c65 | |
| https://medium.com/@atomiczsec/one-bug-at-a-time-1-500-worth-of-xss-33455b384b8a | |
| https://medium.com/@roohaa_n/tricky-2fa-bypass-leads-to-4-digit-bounty-3a148bc7d4a | |
| https://www.sonarsource.com/blog/remote-code-execution-in-tutanota-desktop-due-to-code-flaw/ | |
| https://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager/ | |
| https://medium.com/@bug4y0u/how-i-got-4-sqli-vulnerabilities-at-one-target-manually-using-the-repeater-tab-ed4eb1f84147 | |
| https://medium.com/@hektoravdyli12/from-oversight-to-ownership-how-i-discovered-the-path-to-root-on-isps-multiple-servers-6f14fb55b4f | |
| https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/ | |
| https://infosecwriteups.com/hacking-into-grpc-web-a54053757a45 | |
| https://vulncheck.com/blog/juniper-cve-2023-36845 | |
| https://www.synacktiv.com/advisories/phar-deserialization-cve-2023-28115-patch-bypass | |
| https://gist.github.com/avlidienbrunn/8db7f692404cdd3c325aa20d09437e13 | |
| https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36 | |
| https://medium.com/@snoopy101/weird-lfi-and-escalating-the-impact-from-high-to-critical-3e804f5366e9 | |
| https://www.vaadata.com/blog/insecure-authentication-tokens-leading-to-account-takeover/ | |
| https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers | |
| https://www.trustedsec.com/blog/okta-for-red-teamers/ | |
| https://infosecwriteups.com/22-6k-github-stars-note-taking-app-hit-by-critical-xss-vulnerability-842da56ae265 | |
| https://amjadali110.medium.com/a-easy-vertical-privilege-escalation-via-session-storage-cfa9f558c94 | |
| https://nullg0re.com/2023/09/hijacking-someone-else-dcsync/ | |
| https://pyn3rd.github.io/2023/09/15/CVE-2023-34040-Spring-Kafka-Deserialization-Remote-Code-Execution/ | |
| https://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040 | |
| https://www.paloaltonetworks.com/blog/prisma-cloud/github-actions-worm-dependencies/ | |
| https://skylightcyber.com/2023/09/14/neighbourhood-watch-hikvision-intercom-eavesdropping/ | |
| https://blog.calif.io/p/craftcms-rce | |
| https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/ | |
| https://cristivlad.medium.com/unauthenticated-massive-pii-leak-d182ad3f7553 | |
| https://exploits.forsale/themebleed/ | |
| https://orca.security/resources/blog/cross-site-scripting-vulnerabilities-in-apache-services-azure-hd-insight/ | |
| https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection | |
| https://www.hoyahaxa.com/2023/09/exploiting-cve-2017-11286.html | |
| https://www.synacktiv.com/en/publications/finding-a-pop-chain-on-a-common-symfony-bundle-part-1.html | |
| https://www.sonarsource.com/blog/code-vulnerabilities-put-skiff-emails-at-risk/ | |
| https://blog.compass-security.com/2023/09/from-mqtt-fundamentals-to-cve/ | |
| https://checkmarx.com/blog/persistent-threat-new-exploit-puts-thousands-of-github-repositories-and-millions-of-users-at-risk/ | |
| https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html#h-vulnerability-details | |
| https://preprod.patrowl.io/blog-omnispace-from-automated-xss-to-rce-cve-2023-40228/ | |
| https://blog.sorcery.ie/posts/mybb_acp_rce/ | |
| https://github.com/Sudistark/xss-writeups/blob/main/oauth-dance.md | |
| https://medium.com/@yeyinthtet305/single-xss-with-earn-600-c1199f5c7fce | |
| https://medium.com/bugbountywriteup/leaked-database-and-smtp-credentials-through-env-file-d003df418313 | |
| https://medium.com/@dan.lig/hacking-a-large-company-in-minutes-by-reading-docs-62dfafced22e | |
| https://labs.watchtowr.com/orbeon-forms-the-final-form/ | |
| https://medium.com/@nayeems3c/unveiling-rce-on-dutch-government-website-f001a1c5b4fb | |
| https://medium.com/@nomad8061/how-i-got-from-my-first-valid-bug-17462f94c827 | |
| https://medium.com/@jay_rana/my-debut-with-a-critical-bug-how-i-found-my-first-bug-api-misconfiguration-2f7cadc89669 | |
| https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-ivanti-issues-security-alert | |
| https://www.praetorian.com/blog/fujitsu-ip-series-hard-coded-credentials/ | |
| https://www.acceis.fr/kirby-3-9-6-xml-external-entity-xxe-vulnerability-cve-2023-38490/ | |
| https://www.horizon3.ai/apache-superset-part-ii-rce-credential-harvesting-and-more/ | |
| https://kresec.medium.com/again-subdomain-takeover-via-ideanote-io-6c7221161ba | |
| https://trufflesecurity.com/blog/4500-of-the-top-1-million-websites-leaked-source-code-secrets/ | |
| https://www.cobalt.io/blog/part-3-learning-ios-app-pentesting-and-application-security-with-real-world-case-studies | |
| https://decoder.cloud/2023/09/05/from-ntauthcertificates-to-silver-certificate/ | |
| https://kresec.medium.com/subdomain-takeover-via-nolt-io-be536c275974 | |
| https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ | |
| https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/ | |
| https://blog.agilehunt.com/blogs/security/web-cache-deception-attack-on-404-page-exposing-pii-data-to-unauthenticated-users | |
| https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/ | |
| https://www.synacktiv.com/en/publications/gpoddity-exploiting-active-directory-gpos-through-ntlm-relaying-and-more.html | |
| https://0xbartita.medium.com/bypass-waf-by-a-simple-trick-gained-1000-bounty-cfa0fa63779e | |
| https://infosecwriteups.com/rce-on-applications-tracking-admin-panel-fdc7e8320366 | |
| https://royzsec.medium.com/how-i-was-able-to-find-the-p4-vulnerability-in-the-united-states-department-of-agriculture-by-phone-a841fcfe7d1e | |
| https://medium.com/@rajasudhakar/how-i-could-view-any-facebook-groups-notes-media-and-they-paid-me-a-10-000-fe22f8949d7c | |
| https://www.praetorian.com/blog/qlik-sense-technical-exploit/ | |
| https://spideynati.medium.com/how-i-was-able-to-modify-and-delete-any-users-data-file-filestack-api-7377bc52856f | |
| https://ssd-disclosure.com/ssd-advisory-file-history-service-fhsvc-dll-elevation-of-privilege/ | |
| https://www.mdsec.co.uk/2023/08/leveraging-vscode-extensions-for-initial-access/ | |
| https://sklnhunt.github.io/posts/dependencyconfusion/ | |
| https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak/ | |
| https://hoyahaxa.blogspot.com/2023/08/technical-details-for-cve-2023-29301.html | |
| https://medium.com/@husein.ayoub/pii-at-your-fingertips-how-i-stumbled-upon-an-easy-to-find-data-leakage-vulnerability-swisscom-b3c0cff47f24 | |
| https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce | |
| https://www.sonarsource.com/blog/playing-dominos-with-moodles-security-2/ | |
| https://blog.assetnote.io/2023/08/28/leaking-file-contents-with-a-blind-file-oracle-in-flarum/ | |
| https://www.nullpt.rs/hacking-gta-servers-using-web-exploitation | |
| https://notsosecure.com/bypassing-hardened-android-applications | |
| https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ | |
| https://medium.com/vault-infosec/rce-via-account-takeover-a6fea7390385 | |
| https://sokarepo.github.io/web/2023/08/24/implement-blind-sqlite-sqlmap.html | |
| https://medium.com/@two06/hacking-a-tapo-tc60-camera-e6ce7ca6cad1 | |
| https://www.synack.com/blog/persisting-through-a-client-side-prototype-pollution/ | |
| https://www.zerodayinitiative.com/blog/2023/8/22/cve-2023-35150-arbitrary-code-injection-in-xwikiorg-xwiki | |
| https://boschko.ca/shambles/ | |
| https://starlabs.sg/advisories/23/23-32530/ | |
| https://fares7elsadek.medium.com/my-first-bug-how-i-was-able-to-bypass-the-waf-and-uncover-a-reflected-xss-e0534b6f05e4 | |
| https://ar1fshaikh.medium.com/1st-ato-how-i-exploited-security-issue-to-take-over-admin-account-e0ae309dc356 | |
| https://medium.com/@bazzounbassem/bypass-two-factor-authentication-of-facebook-accounts-25-300-7ae152d7836a | |
| https://vulncheck.com/blog/openfire-cve-2023-32315 | |
| https://blog.silentsignal.eu/2023/08/22/2023-08-22-Facsimile-Support-CVE-2023-30988/ | |
| https://www.sonarsource.com/blog/playing-dominos-with-moodles-security-1/ | |
| https://infosecwriteups.com/an-idor-leads-join-any-group-makes-me-2-500-406eb9e463a3 | |
| https://ndevtk.github.io/writeups/2023/08/18/extensions/ | |
| https://medium.com/@muhammadiman2468/idor-how-do-i-find-the-first-vulnerability-with-a-2500-bounty-on-hackerone-7afb3d8b5739 | |
| https://rafa.hashnode.dev/influxdb-nosql-injection | |
| https://pushsecurity.com/blog/samljacking-a-poisoned-tenant/ | |
| https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/ | |
| https://web.archive.org/web/20230816081531/https://www.securifera.com/blog/2023/08/16/sciencelogic-dumpster-fire/ | |
| https://certitude.consulting/blog/en/privilege-escalation-in-ibm-spectrum-virtualize/ | |
| https://pulsesecurity.co.nz/advisories/istio-egress-bypass | |
| https://proofnet.de/publikationen/podman_tcp_api.html | |
| https://research.aurainfosec.io/disclosure/papercut/ | |
| https://ophionsecurity.com/blog/shopify-acount-takeover | |
| https://ahmdhalabi.medium.com/from-revealing-emails-to-taking-over-accounts-hacking-telecom-ead1fcbffc32 | |
| https://aryasec.medium.com/my-first-critical-on-hackerone-with-a-6-400-bounty-sql-injection-913566a12c6b | |
| https://aryasec.medium.com/idor-400-deleting-other-project-in-shopee-657239913416 | |
| https://www.netspi.com/blog/technical/cloud-penetration-testing/what-the-function-decrypting-azure-function-app-keys/ | |
| https://www.landh.tech/blog/20230811-sandwich-attack/ | |
| https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf | |
| https://0xbartita.medium.com/how-i-got-two-rce-at-bbp-program-0xbartita-232727c5b3f0 | |
| https://i.blackhat.com/BH-US-23/Presentations/US-23-Genuer-chained-to-hit-discovering-new-vectors-to-gain-remote-and-root-access-in-sap-enterprise-software-wp.pdf | |
| https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-synology-ds920-edition | |
| https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-wd-pr4100-edition | |
| https://pentest.blog/advisory-netmodule-router-software-race-condition-leads-to-remote-code-execution/ | |
| https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/ | |
| https://portswigger.net/research/smashing-the-state-machine | |
| https://blog.assetnote.io/2023/08/09/exploiting-citrix-netscaler-cve-2023-3519/ | |
| https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/ | |
| https://danaepp.com/my-secret-to-api-privesc-tapping-compromised-web-servers | |
| https://jfrog.com/blog/spring-webflux-cve-2023-34034-write-up-and-proof-of-concept/ | |
| https://medium.com/pinoywhitehat/redacted-usernames-disclosure-in-export-as-pdf-feature-d00ce3f3e2fc | |
| https://0x80dotblog.wordpress.com/2023/08/07/bbp-writeup-series-1-turning-useless-htmli-on-redacted-into-a-p1/ | |
| https://ophionsecurity.com/blog/phishing-the-anti-phishers | |
| https://medium.com/@armandjasharaj/pii-nacles-of-discovery-deep-recon-fourth-level-subdomains-and-abusing-exposed-git-repositories-7e282442bd02 | |
| https://medium.com/@ashlyn.lau_17206/privilege-escalation-playing-with-the-various-stages-of-a-session-state-fe0157bcb2b9 | |
| https://medium.com/@snoopy101/1000-for-a-simple-stored-xss-8be7083a7c2d | |
| https://fatnassifiras.medium.com/cross-tenant-information-disclosure-unraveling-microsoft-connections-custom-connectors-and-oauth-6487321d28b3 | |
| https://faizanwrites.medium.com/using-browser-tools-for-bug-hunting-an-interesting-0-write-idor-on-instagram-7d5318299c1a | |
| https://samcurry.net/points-com/ | |
| https://research.aurainfosec.io/pentest/hook-line-and-phishlet/ | |
| https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa | |
| https://medium.com/@plenumlab/identifying-and-exploiting-unsafe-deserialization-in-ruby-97c7cbd6c05d | |
| https://soroush.me/blog/2023/08/anchor-tag-xss-exploitation-in-firefox-with-target_blank/ | |
| https://soroush.me/blog/2023/07/thirteen-years-on-advancing-the-understanding-of-iis-short-file-name-sfn-disclosure/ | |
| https://speakerdeck.com/masatokinugawa/how-i-hacked-microsoft-teams-and-got-150000-dollars-in-pwn2own | |
| https://blog.jeti.pw/posts/knocking-on-the-front-door/ | |
| https://mr-medi.github.io/research/2023/07/31/exploring-cross-site-frame-counting-attacks.html | |
| https://medium.com/@ramkumarnadar47/desperate-xss-ce3619343f57 | |
| https://hazanasec.github.io/2023-07-30-Samesite-bypass-method-override.md/ | |
| https://bountyplz.xyz/bugbounty/2023/07/30/HTML-Over-The-Wire.html | |
| https://infosecwriteups.com/bypassing-email-verification-of-high-profile-tech-company-e592cc4a89ce | |
| https://medium.com/@abhishek.karle92/access-of-android-protected-components-via-embedded-intent-android-app-pentesting-5618ae3cc9b2 | |
| https://www.mcnulty.blog/posts/dap-csrf | |
| https://medium.com/@mohammed0x04/how-i-found-two-api-vulnerabilities-using-website-source-code-6c4b0dc54d6f | |
| https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability | |
| https://securitylabs.datadoghq.com/articles/exploring-github-to-aws-keyless-authentication-flaws/ | |
| https://blog.doyensec.com/2023/07/26/huawei-theme-arbitrary-code-exec.html | |
| https://blog.sicuranext.com/aws-waf-bypass/ | |
| https://bountyplz.xyz/bugbounty/2023/07/24/Opinions-are-like-bugs.html | |
| https://blog.assetnote.io/2023/07/21/citrix-CVE-2023-3519-analysis/ | |
| https://blog.assetnote.io/2023/07/24/citrix-rce-part-2-cve-2023-3519/ | |
| https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/ | |
| https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit#azure | |
| https://medium.com/@mohameddiv77/how-i-was-able-to-bypass-the-admin-panel-9a5a81e2ec11 | |
| https://medium.com/@mullangisashank/a-tale-of-og-xss-89af3d4725dc | |
| https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent | |
| https://kuldeep.io/posts/escalating-privileges-with-ssrf/ | |
| https://matan-h.com/one-lfi-bypass-to-rule-them-all-using-base64/ | |
| https://www.zerodayinitiative.com/blog/2023/7/19/cve-2023-36934-progress-software-moveit-transfer-sql-injection-remote-code-execution-vulnerability | |
| https://blog.exodusintel.com/2023/07/20/shifting-boundaries-exploiting-an-integer-overflow-in-apple-safari/ | |
| https://ssd-disclosure.com/ssd-advisory-tp-link-tl-wr840n-stack-buffer-overflow-dos/ | |
| https://www.redteam-pentesting.de/de/advisories/rt-sa-2023-001/-session-token-enumeration-in-rws-worldserver | |
| https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers | |
| https://www.sonarsource.com/blog/a-twist-in-the-code-openmeetings-vulnerabilities-through-unexpected-application-state/ | |
| https://www.rapid7.com/blog/post/2023/07/19/cve-2023-38205-adobe-coldfusion-access-control-bypass-fixed/ | |
| https://blog.compass-security.com/2023/07/lenovo-update-your-privileges/ | |
| https://medium.com/@aditya043k/shodan-recon-to-1000-bounty-in-2-mins-b168ced3bfb0 | |
| https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability/ | |
| https://www.elttam.com/blog/amazon-vpc-cni/ | |
| https://kair0s3.medium.com/blind-sql-injection-with-a-little-waf-871e69d06e2c | |
| https://infosecwriteups.com/the-buffer-curse-3591efb4a724 | |
| https://badoption.eu/blog/2023/07/15/divideconqer.html | |
| https://www.rapid7.com/blog/post/2023/07/13/pentales-old-vulns-new-tricks/ | |
| https://infosecwriteups.com/exploiting-incorrectly-configured-load-balancer-with-xss-to-steal-cookies-99d7cb6129d7 | |
| https://infosecwriteups.com/lets-go-for-whole-company-d2e24bcfb5ef | |
| https://fingerprint.com/blog/apple-macos-mdns-brute-force/ | |
| https://www.trustedsec.com/blog/modeling-malicious-code-hacking-in-3d/ | |
| https://blog.talosintelligence.com/weaknesses-mac-os-vmware-msrpc/ | |
| https://blog.projectdiscovery.io/adobe-coldfusion-rce/ | |
| https://claroty.com/team82/research/major-security-flaws-in-popular-quickblox-chat-and-video-framework-expose-sensitive-data-of-millions | |
| https://posts.specterops.io/performance-diagnostics-and-wmi-21f3e01790d3 | |
| https://research.securitum.com/how-private-cache-can-lead-to-mass-account-takeover-pentest-case/ | |
| https://zxsecurity.co.nz/research/advisories/race-condition-asp-net-core-signinmanager/ | |
| https://medium.com/@abdulparkar9554/story-of-clickjacking-in-microsoft-leads-to-privilege-escalation-account-takeover-of-admin-a04453ed47fc | |
| https://labs.withsecure.com/publications/executing-arbitrary-code-executables-in-read-only-filesystems | |
| https://research.aurainfosec.io/pentest/bee-yond-capacity/ | |
| https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability | |
| https://medium.com/workday-engineering/exploiting-jmeter-via-rmi-e8e12392bba8 | |
| https://insinuator.net/2023/07/all-your-parcel-are-belong-to-us-talk-at-troopers-2023/ | |
| https://portswigger.net/research/exploiting-xss-in-hidden-inputs-and-meta-tags | |
| https://d4ly.medium.com/an-interesting-rce-on-a-synack-red-team-target-516edb63fd04 | |
| https://herolab.usd.de/en/critical-foswiki-vulnerablities-a-logic-error-turned-remote-code-execution/ | |
| https://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/ | |
| https://dimazarno.medium.com/unexpected-zero-in-mysql-injection-511f632714b0 | |
| https://amjadali110.medium.com/unveiling-access-control-flaws-how-a-viewer-became-an-editor-b4aa83a5a0ec | |
| https://web.archive.org/web/20230710001307/https://0xbartita.medium.com/how-i-got-two-rce-at-epam-bounty-program-389eb9fc7938 | |
| https://cristivlad.medium.com/account-of-the-ceo-takeover-via-password-reset-7e55c0175425 | |
| https://www.shielder.com/blog/2023/07/aws-codebuild--s3-privilege-escalation/ | |
| https://code-white.com/blog/2023-07-from-blackbox-dotnet-remoting-to-rce/ | |
| https://shahjerry33.medium.com/idn-homograph-attack-and-response-manipulation-the-rarest-case-85f64c272a1c | |
| https://blog.projectdiscovery.io/moveit-transfer-sql-injection/ | |
| https://www.wojciechregula.blog/post/macos-atlassian-companion-rce/ | |
| https://bhavukjain.com/blog/2023/07/08/account-takeover-custom-otp/ | |
| https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/ | |
| https://www.code-intelligence.com/blog/cve-protobufjs-prototype-pollution-cve-2023-36665 | |
| https://www.rapid7.com/blog/post/2023/07/06/user-enumeration-is-not-a-vulnerability-i-beg-to-differ/ | |
| https://kuldeep.io/posts/fulldisclosure-dom-based-xss/ | |
| http://blog.takemyhand.xyz/2023/07/remote-code-execution-in-gitlabs-cli.html | |
| https://offsec.almond.consulting/windows-msiexec-eop-cve-2020-0911.html | |
| https://medium.com/@0utlawh4ck3r/story-of-my-first-rce-9d74373fbc11 | |
| https://hazemhussien99.wordpress.com/2023/07/05/recon-only-bugs-are-sweet/ | |
| https://www.klogixsecurity.com/scorpion-labs-blog/chaining-for-critical-unauthorized-to-cloud-administrator | |
| https://ermetic.com/blog/aws/sometimes-what-sounds-benign-can-bite-you-an-unexpected-implication-of-lambda-privileges/ | |
| https://basu-banakar.medium.com/exploiting-non-cloud-ssrf-for-more-fun-profit-3597934518c8 | |
| https://mizu.re/post/linux-local-electron-application-script-src-self-bypass#final_bypass | |
| https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/ | |
| https://medium.com/pinoywhitehat/getting-email-address-of-any-hackerone-user-worth-7-500-afb8076ee395 | |
| https://www.synacktiv.com/sites/default/files/2023-07/synacktiv-phplist-partial-file-read.pdf | |
| https://research.nccgroup.com/2023/07/03/technical-advisory-nullsoft-scriptable-installer-system-nsis-insecure-temporary-directory-usage/ | |
| https://hoyahaxa.blogspot.com/2023/07/on-coldfusion-aes-and-padding-oracle.html | |
| https://labs.hakaioffsec.com/nginx-alias-traversal/ | |
| https://www.legitsecurity.com/blog/-how-we-found-another-github-action-environment-injection-vulnerability-in-a-google-project | |
| https://blog.silentsignal.eu/2023/07/03/ibm-i-dde-vulnerability-cve-2023-30990/ | |
| https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/ | |
| https://blog.prodefense.io/how-abusing-aws-cloudformation-led-to-a-total-takeover-of-an-aws-environment-7f94cabd671d | |
| https://medium.com/@nguhuynh.148/how-did-i-get-200-with-wordpress-vulnerability-4ce80f106709 | |
| https://www.randorisec.fr/chamilo-1.11.18-multiple-vulnerabilities | |
| https://medium.com/@M0X0101/how-i-was-able-to-get-account-takeover-via-insecure-data-storage-and-webview-with-exported-activity-5308a330ab80 | |
| https://www.ghostccamm.com/blog/multi_cockpit_vulns/ | |
| https://medium.themayor.tech/domain-takeover-without-domain-admin-permissions-28a7bd330501 | |
| https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc | |
| https://sudhanshukashyap123.medium.com/chaining-self-blind-xss-with-broken-access-control-to-make-it-non-self-blind-xss-626a70c8bbc7 | |
| https://www.ns-echo.com/posts/cve_2023_33298.html | |
| https://security.lauritz-holtmann.de/post/csti-xss-sso-gadget-chain/ | |
| https://medium.com/@jonathanbouman/laravel-debug-mode-left-on-at-zouikwatzeggen-nl-948a7365409f | |
| https://medium.com/@amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39 | |
| https://www.interruptlabs.co.uk/articles/pwn2own-2022-hp-printer | |
| https://www.pmnh.site/post/witeup_lhe_graphql_stored_xss/ | |
| https://blog.assetnote.io/2023/06/29/binary-reversing-citrix-xss/ | |
| https://medium.com/@ahmedelmorsy312/weakness-of-integration-bce1520ba672 | |
| https://www.zerodayinitiative.com/blog/2023/6/29/cve-2023-20864-remote-code-execution-in-vmware-aria-operations-for-logs | |
| https://github.com/W0rty/libcurl-crlf | |
| https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/ | |
| https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution | |
| https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem | |
| https://bharat-singh.medium.com/how-bac-broken-access-control-got-me-a-pre-account-takeover-2481931b7b3a | |
| https://infosecwriteups.com/unleashing-the-power-of-recon-how-i-earned-2500-in-5-minutes-cve-2017-5638-ognl-injection-23ece4811f14 | |
| https://medium.com/@karthithehacker/taking-entire-server-control-part-2-of-how-i-earned-2500-in-5-minutes-cve-2017-5638-ognl-92f4213ca219 | |
| https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite/ | |
| https://www.cobalt.io/blog/ios-app-pentesting-and-security-with-real-world-case-studies-part-2 | |
| https://www.sonarsource.com/blog/why-orms-and-prepared-statements-cant-always-win/ | |
| https://www.synacktiv.com/sites/default/files/2023-06/synacktiv-ucopia-multiple-vulnerabilities-2022.pdf | |
| https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/ | |
| https://medium.com/@lokesh.leads13/disallow-any-hackerone-user-permanent-access-to-his-her-own-hackerone-account-using-vulnerability-147ce9957692 | |
| http://www.kamilonurozkaleli.com/posts/a-classical-account-takeover-case-via-multiple-bypasses/ | |
| https://medium.com/@pratiky054/account-takeover-unraveling-idor-stored-xss-flaws-in-an-nft-marketplace-158679660fa7 | |
| https://medium.com/@0day_exploit/stored-xss-via-exif-data-37b279ceb3e9 | |
| https://medium.com/@hbenja47/my-first-two-valid-and-rewarded-web-cache-deceptions-earning-2250-c8d2a6968713 | |
| https://realm3ter.medium.com/using-dark-web-in-bug-bounty-3a9530fd454c | |
| https://medium.com/@mydudehello91/how-i-hacked-scopely-and-got-c60772f77d41 | |
| https://medium.com/@kushjain0107/one-mistake-three-bugs-comprehensive-android-pentesting-a8fc68e36af5 | |
| https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/adselfpwnplus/adselfpwnplus.md | |
| https://medium.com/@mahmud0x/graphql-api-hacking-7cf6cd46ce4f | |
| https://medium.com/@0xnaeem/how-i-found-a-sql-injection-bug-in-using-my-cellphone-5b5193fdc314 | |
| https://medium.com/@karimelsayed0x1/my-first-bug-is-rce-via-sql-injection-dfee9c4d4c01 | |
| https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/ | |
| https://hdwsec.fr/blog/20230622-netskope/ | |
| https://www.trendmicro.com/en_ae/research/23/f/gaps-in-azure-service-fabric-s-security-call-for-user-vigilance.html | |
| https://www.vusec.net/projects/uncontained/ | |
| https://octa-mihail.medium.com/my-first-bounty-on-synack-red-team-4ef53329c960 | |
| https://medium.com/@elsayedmohammed/how-i-hacked-nasa-and-get-8-bugs-e5cd397a6af9 | |
| https://www.gosecure.net/blog/2023/06/21/aws-waf-clients-left-vulnerable-to-sql-injection-due-to-unorthodox-mssql-design-choice/ | |
| https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/ | |
| https://httptoolkit.com/blog/bunny-cdn-caching-vulnerability/ | |
| https://rashahacks.com/bypassing-okta-sso-https-http/ | |
| https://www.descope.com/blog/post/noauth | |
| https://blog.thalium.re/posts/leveraging-android-permissions/ | |
| https://github.com/firsov/onlyoffice/blob/main/CVE-2023-34939-PoC.md | |
| https://0xa1mn.medium.com/how-i-unveiled-a-critical-vulnerability-exposing-all-buyers-invoices-pii-with-a-single-trick-691fd410fd7a | |
| https://medium.com/@smukx/how-i-hacked-my-college-cloud-servers-and-find-dos-ato-google-authentication-priv-esc-676b2db98938 | |
| https://securitycafe.ro/2023/06/19/dll-hijacking-finding-vulnerabilities-in-pestudio-9-52/ | |
| https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html | |
| https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html | |
| https://secfault-security.com/blog/libreoffice.html | |
| http://www.firstsight.me/2023/06/the-unexpected-0-master-id-for-account-data-manipulation/ | |
| https://zerforschung.org/posts/freundschaftspass-en/ | |
| https://rafa.hashnode.dev/cve-2023-32695 | |
| https://frycos.github.io/vulns4free/2023/06/18/fortinac.html | |
| https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies | |
| https://hunter-55.medium.com/from-bug-bounty-hunter-to-risk-analyst-my-cybersecurity-journey-at-deloitte-56e7835619e4 | |
| https://medium.com/@MalFuzzer/one-electron-to-rule-them-all-dc2e9b263daf | |
| https://medium.com/@sayim0x3105/admin-panel-bypass-without-the-credentials-e867eee7c81b | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/brute-forcing-butterflymx-virtual-keys-and-hacking-time-limits/ | |
| https://medium.com/@ferferof/pii-data-leakage-and-us-1500-bounty-af676350fb76 | |
| https://infosecwriteups.com/sql-injection-in-the-http-custom-header-fd117ba1435e | |
| https://rashahacks.com/pwning-admin-panel-to-change-movie-ticket-prices-at-disney/ | |
| https://orca.security/resources/blog/examining-two-xss-vulnerabilities-in-azure-services/ | |
| https://starlabs.sg/blog/2023/06-the-old-the-new-and-the-bypass-one-clickopen-redirect-to-own-samsung-s22-at-pwn2own-2022/ | |
| https://www.cobalt.io/blog/learning-ios-app-pentesting-and-security-part-1 | |
| https://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure/ | |
| https://blog.assetnote.io/2023/06/13/moveit-transfer-part-two/ | |
| https://medium.com/@omarahmed_13016/idor-unpin-posts-for-fun-18f628eaef24 | |
| https://medium.com/@0day_exploit/stored-xss-injection-permanent-open-redirection-e14ffa11573c | |
| https://insinuator.net/2023/06/jasper-reports-library-code-injection/ | |
| https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/ | |
| https://blog.lexfo.fr/xortigate-cve-2023-27997.html | |
| https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/ | |
| https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/ | |
| https://hackcompute.com/hacking-epp-servers/ | |
| https://hacktus.tech/taking-over-an-entire-organization | |
| https://ndevtk.github.io/writeups/2023/06/11/googlesource/ | |
| https://infosecwriteups.com/kubernetes-pentest-bypassing-load-balancer-9bcfae2ce84a | |
| https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d | |
| https://medium.com/@f3tch/my-first-bug-a-unique-500-xss-eb5caccb628f | |
| https://www.whiteoaksecurity.com/blog/sony-bravia-remote-code-execution-disclosure/ | |
| https://redmaple.tech/blogs/2023/extract-bitwarden-vault-passwords/ | |
| https://albertpedersen.com/blog/cloudflare-casb-confused-deputy/ | |
| https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5 | |
| https://medium.com/pentesternepal/how-i-hacked-100k-godaddy-users-and-help-to-secure-for-free-65f172bd726a | |
| https://cloudar.be/awsblog/spotted-privilege-escalation-in-aws-directory-service/ | |
| https://mizu.re/post/abusing-client-side-desync-on-werkzeug | |
| https://d3lb3.github.io/keepass_triggers_arent_dead/ | |
| https://www.tarlogic.com/blog/linked-servers-adsi-passwords/ | |
| https://www.trustedsec.com/blog/onedrive-to-enum-them-all/ | |
| https://medium.com/@M0X0101/how-i-was-able-to-get-account-takeover-via-idor-form-jwt-caaf7ea58aa | |
| https://eaton-works.com/2023/06/06/honda-ecommerce-hack/ | |
| https://medium.com/@malekmahmed55/turning-a-50-tab-nabbing-vulnerability-into-a-1000-account-takeover-9c3f32cb2d84 | |
| https://castilho.onrender.com/kanboard | |
| https://ssd-disclosure.com/ssd-advisory-roundcube-markasjunk-rce/ | |
| https://jhftss.github.io/CVE-2022-32902-Patch-One-Issue-and-Introduce-Two/ | |
| https://blog.redteam-pentesting.de/2023/storing-passwords/ | |
| https://www.synacktiv.com/sites/default/files/2023-06/Synacktiv-3DS-Delmia_Apriso_2017_to_2022-Multiple-Vulnerabilities.pdf | |
| https://evait.medium.com/a-short-white-box-code-audit-of-avo-2083b08f3a95 | |
| https://blog.redteam-pentesting.de/2023/storing-passwords/ | |
| https://portswigger.net/research/bypassing-csp-via-dom-clobbering | |
| https://infosecwriteups.com/send-email-from-anyone-to-any-user-outlook-microsoft-69fce333066d | |
| https://medium.com/@mrhavit/breaking-tiktok-our-journey-to-finding-an-account-takeover-vulnerability-b0646aba1c4b | |
| https://medium.com/@chenshiri/aws-chain-attack-thousands-of-vulnerable-eks-clusters-701cbd963907 | |
| https://medium.com/@ar_hawk/how-a-misconfigured-lotus-domino-server-can-lead-to-disclosure-of-pii-data-of-employees-badad691dad | |
| https://zeroxuf.medium.com/rate-limit-bypass-leads-to-0-click-ato-9f1b29daec42 | |
| https://github.com/Sudistark/BB-Writeups/blob/main/2023/prototype-pollution-akamai.md | |
| https://0day.click/recipe/pash/ | |
| https://infosecwriteups.com/critical-finding-on-tp-link-service-or-how-i-got-0-fc86a0e52eaf | |
| https://offzone.moscow/upload/iblock/11a/sagouc86idiapdb8f29w41yaupqv6fwv.pdf | |
| https://blog.stratumsecurity.com/2023/06/01/sqli-the-road-to-bypassing-an-industry-leading-waf/ | |
| https://www.zerodayinitiative.com/blog/2023/5/31/cve-2023-24941-microsoft-network-file-system-remote-code-execution | |
| https://www.klogixsecurity.com/scorpion-labs-blog/anatomy-of-an-iot-exploit-from-hands-on-to-rce | |
| https://www.varonis.com/blog/salesforce-ghost-sites | |
| https://research.nccgroup.com/2023/05/31/reverse-engineering-coin-hunt-worlds-binary-protocol/ | |
| https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns/ | |
| https://github.com/c53elyas/CVE-2023-33733 | |
| https://sensepost.com/blog/2023/an-offensive-look-at-docker-desktop-extensions/ | |
| https://mc0wn.blogspot.com/2023/05/vulnerabilities-in-apache-commons-text.html | |
| https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ | |
| https://blog.ammaraskar.com/vscode-rce/ | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-password-reset-tokens-by-spraying-and-using-http-pipelining/ | |
| https://medium.com/@ajzead660/exploit-an-unexploitable-xss-via-an-open-redirect-a-real-life-scenario-from-a-hackers-mindset-32b71041c5fe | |
| https://research.securitum.com/xss-in-wordpress-via-open-embed-auto-discovery/ | |
| https://medium.com/@gokulsspace/the-30000-bounty-affair-3f025ee6b834 | |
| https://handbook.volkis.com.au/assets/doc/Volkis%20-%20Anonymous%20Client%20-%20Penetration%20Test%20May%202023.pdf | |
| https://medium.com/@ibederov_en/find-out-the-ip-address-through-a-call-to-telegram-a899441b1bac | |
| https://medium.com/@ar_hawk/utilizing-historical-urls-of-an-organization-to-successfully-execute-sql-queries-blind-sqli-3526d9c3863d | |
| https://www.akamai.com/blog/security-research/rpc-runtime-exploring-three-vulnerabilities | |
| https://occamsec.com/exploit-for-cve-2023-2825/ | |
| https://www.zerodayinitiative.com/blog/2023/5/24/exploiting-the-sonos-one-speaker-three-different-ways-a-pwn2own-toronto-highlight | |
| https://checkmarx.com/blog/ericsson-sensitive-data-exposure-via-trace-axd/ | |
| https://medium.com/@A0g/xss-via-qr-code-8022a1a0309f | |
| https://kuenzi.dev/toothbrush/ | |
| https://medium.com/@ajzead660/how-i-found-a-tricky-xss-1adf25850d33 | |
| https://www.rootcat.de/blog/ec2-meta_may23/ | |
| https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure | |
| https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-response-to-request-adding-your-own-variables-inside-of-graphql-queries-for-account-take-over/ | |
| https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api | |
| https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-Danfoss-Storeview-Multiple-Vulnerabilities.pdf | |
| https://github.com/dhmosfunk/CVE-2023-25690-POC | |
| https://mr-r3bot.github.io/red/team/2023/05/22/From-RCE-to-owning-entire-cloud-infrastructure.html | |
| https://medium.com/@husein.ayoub/azure-dns-takeover-swisscom-7c6aacb38e8 | |
| https://nav1n.medium.com/i-helped-a-top-indian-health-benefits-management-platform-from-major-pii-leak-by-hacking-their-sql-b42caeca9729 | |
| https://medium.com/@sharp488/2fa-bypass-using-custom-cookie-parameter-cb270c8557d2 | |
| https://realm3ter.medium.com/aem-bug-in-adobe-416763d3ad04 | |
| https://nav1n.medium.com/exploiting-sql-error-sqlstate-42000-to-own-mariadb-of-a-large-eu-based-online-media-and-cf7396c43bbf | |
| https://emanuel-beni.medium.com/why-you-should-always-check-the-audit-log-medium-500-80a778bfbcd6 | |
| https://infosecwriteups.com/exposing-icloud-users-name-phone-numbers-and-email-addresses-d1f4a3786092 | |
| https://medium.com/@lukinha05farias/dns-recursion-leads-to-dos-attack-vivo-play-iptv-cve-2023-31893-b5ac45f38f | |
| https://strike.sh/blog/official-extension-attacks | |
| https://www.zerodayinitiative.com/blog/2023/5/17/cve-2023-2086920870-exploiting-vmware-workstation-at-pwn2own-vancouver | |
| https://medium.com/@alb-soul/blind-os-command-injection-via-activation-request-66dc25377bf4 | |
| https://shahjerry33.medium.com/stored-iframe-injection-permanent-open-redirection-zero-day-ce7cd15903ac | |
| https://blog.pretera.com/how-misconfigured-and-vulnerable-devices-could-expose-your-company-to-physical-and-cyber-threats-37d0e0d8d158 | |
| https://corben.io/blog/hacking-kucoin | |
| https://bleekseeks.com/blog/keepass-master-password-exploit-cve-2023-32784-poc | |
| https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-Webflow-Arbitrary-Email-Forgery.pdf | |
| https://cyolo.io/blog/dll-hijacking-strikes-back-exploiting-windows-on-arm-rdp-client-cve-2023-24905/ | |
| https://nasbench.medium.com/lolbined-finding-lolbins-in-av-uninstallers-bf29427d3cd8 | |
| https://medium.com/@zhero_/dos-via-cache-poisoning-38f3a87f997c | |
| https://zhero-web-sec.github.io/dos-via-cache-poisoning/ | |
| https://posts.specterops.io/from-da-to-ea-with-esc5-f9f045aa105c | |
| https://www.rezonate.io/blog/github-misconfigurations-put-gcp-aws-in-account-takeover-risk/ | |
| https://medium.com/@levshmelevv/hardcore-rce-via-directory-name-for-3-000-225ed58b41a9 | |
| https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/ | |
| https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ | |
| https://web.archive.org/web/20230515045300/https://www.kaytaq.com/uncategorized/bypassing-open-redirect-protection-site-wide-on-web2py-applications/ | |
| https://the-deniss.github.io/posts/avast-privileged-arbitrary-file-create-on-restore/ | |
| https://claroty.com/team82/research/triple-threat-breaking-teltonika-routers-three-ways | |
| https://redcanary.com/blog/gatekeeper-bypass-vulnerabilities/ | |
| https://www.interruptlabs.co.uk/articles/linux-ipv6-route-of-death | |
| https://www.sonarsource.com/blog/pimcore-one-click-two-security-vulnerabilities/ | |
| https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/ | |
| https://neodyme.io/blog/csgo_from_zero_to_0day/ | |
| https://www.mnemonic.io/resources/blog/container-security-infecting-images-to-establish-backdoors/ | |
| https://www.synacktiv.com/en/publications/the-printer-goes-brrrrr-again.html | |
| https://medium.com/@atomiczsec/one-bug-at-a-time-my-first-paid-bug-1-000-idor-4b89b63b2b4b | |
| https://medium.com/@yashsancheti24/discovering-a-hidden-security-loophole-rent-luxury-cars-for-a-single-dollar-706b4a7bf101 | |
| https://3bodymo.medium.com/hacking-hackerone-how-computer-vision-helped-uncover-hidden-vulnerabilities-858d03a6a67 | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rendezvous-with-a-chatbot-chaining-contextual-risk-vulnerabilities/ | |
| https://medium.com/@icebre4ker/hacking-chess-com-my-journey-to-unlock-premium-bots-on-the-android-app-d8cac9d25094 | |
| https://thinkloveshare.com/hacking/kong-konga-exploitation-and-hardening/ | |
| https://blog.assetnote.io/2023/05/10/sitecore-round-two/ | |
| https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api | |
| https://chevonphillip.medium.com/rce-due-to-dependency-confusion-5000-bounty-fd1b294d645f | |
| https://crnkovic.dev/testing-converso/ | |
| https://infosecwriteups.com/discovery-of-an-xss-on-opera-f029f6522ec5 | |
| https://www.elttam.com/blog/pwnassistant/ | |
| https://hacktus.tech/subdomain-takeover-leading-to-full-account-takeover | |
| https://www.synopsys.com/blogs/software-security/a-deep-dive-on-pluck-cms-vulnerability-cve-2023-25828/ | |
| https://pwn.win/2023/05/08/parallels-escape.html | |
| https://blog.prodefense.io/sorting-your-way-to-stolen-passwords-43ff5cfeeabd | |
| http://blog.evanricafort.com/2023/05/ipv6-dns-takeover-via-mitm6-write-up.html | |
| https://medium.com/@ar_hawk/how-a-simple-directory-listing-leads-to-pii-data-leakage-remote-code-execution-and-many-more-104b09e644f4 | |
| https://medium.com/@mohammed01550038865/how-i-discovred-xss-via-url-encode-3-times-86ccd5354081 | |
| https://www.secforce.com/blog/size-matters-when-capital-letters-introduce-vulnerabilities/ | |
| https://giraffesecurity.dev/posts/dependabot-confusion/ | |
| https://castilho.onrender.com/ | |
| https://infosecwriteups.com/mass-assignment-leads-to-the-victims-account-being-inaccessible-forever-52e48c6a8a4d | |
| https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/ | |
| https://blog.ankursundara.com/cookie-bugs/ | |
| https://jub0bs.com/posts/2023-05-05-smorgasbord-of-a-bug-chain/ | |
| https://ermetic.com/blog/azure/when-good-apis-go-bad-uncovering-3-azure-api-management-vulnerabilities/ | |
| https://blog.stratumsecurity.com/2023/05/04/integration-fails/ | |
| https://checkmarx.com/blog/openai-allowed-unlimited-credit-on-new-accounts/ | |
| https://www.imperva.com/blog/imperva-red-team-discovers-vulnerability-in-tiktok-that-can-reveal-user-activity-and-information/ | |
| https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE/ | |
| https://www.trellix.com/en-us/about/newsroom/stories/research/the-art-of-information-disclosure.html | |
| https://sumedh00.medium.com/accessing-admin-dashboard-in-5-seconds-acee737eacfb | |
| https://medium.com/@janirudransh/automating-sql-injection-on-encrypted-request-21a43aa2e7ef | |
| https://blog.onsec.io/when-youre-so-bored-you-start-debugging-someone-elses-code/ | |
| https://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions/ | |
| https://sec-consult.com/blog/detail/securing-databricks-cluster-init-scripts/ | |
| https://aidilarf.medium.com/how-do-i-bypass-payment-when-a-subscription-ends-so-i-dont-have-to-pay-for-my-subscription-3889ab3f7484 | |
| https://www.zerodayinitiative.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service | |
| https://ssd-disclosure.com/ssd-advisory-keriocontrol-remote-code-execution/ | |
| https://www.cloudquery.io/blog/aws-priv-esc-identity-center | |
| https://ophionsecurity.com/blog/placeholder-for-dayzzz | |
| https://blog.scrt.ch/2023/05/01/solr-rce-from-exposed-administration-interface/ | |
| https://pulsesecurity.co.nz/advisories/Azure-Devops-Command-Injection | |
| https://infosecwriteups.com/unauthorized-access-to-the-admin-panel-via-leaked-credentials-on-the-waybackmachine-55c3307141c6 | |
| https://medium.com/@lopseg/bug-bounty-writeup-stored-xss-vulnerability-waf-bypass-f38aae7ff9eb | |
| https://medium.com/@0ta/tenda-n301-v6-cve-2023-29680-cve-2023-29681-a40f7ae6dc62 | |
| https://blog.assetnote.io/2023/04/30/rce-oracle-opera/ | |
| https://ltsirkov.medium.com/netflix-bypassing-multi-factor-authentication-mfa-53135c9d6d50 | |
| https://goziem.medium.com/how-i-chained-an-information-disclosure-bug-to-sql-injection-bca936d90fb1 | |
| https://herolab.usd.de/security-advisories/usd-2022-0034/ | |
| https://portswigger.net/research/ambushed-by-angularjs-a-hidden-csp-bypass-in-piwik-pro | |
| https://blog.calif.io/p/redash-saml-authentication-bypass | |
| https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/ | |
| https://research.nccgroup.com/2023/04/27/state-of-dns-rebinding-in-2023/ | |
| https://the-deniss.github.io/posts/2023/04/26/avast-privileged-arbitrary-file-create-on-quarantine.html | |
| https://mikko-kenttala.medium.com/alias-file-to-rule-them-all-one-click-code-execution-with-alias-file-in-macos-1eeb0a730b88 | |
| https://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007 | |
| https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/ | |
| https://www.gosecure.net/blog/2023/04/26/never-connect-to-rdp-servers-over-untrusted-networks/ | |
| https://shahjerry33.medium.com/api-misconfiguration-algolia-api-key-b3f4a9f04f0d | |
| https://strike.sh/blog/business-bugs-approach | |
| https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp | |
| https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html | |
| https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ | |
| https://www.sonarsource.com/blog/odoo-get-your-content-type-right-or-else/ | |
| https://www.securifera.com/blog/2023/04/24/vocera_report_server_pwnage/ | |
| https://medium.com/cyesec/no-portals-needed-79995d8f7e62 | |
| https://github.com/Sudistark/advisories/blob/main/vscode-extension/Discord-Rich-Presence-LeonardSSH.vscord.md | |
| https://medium.com/@mmaulanaabdullah/how-careless-default-credentials-impact-to-massive-account-takeover-be6bfc85119a | |
| https://blog.ryotak.net/post/github-actions-staff-access-token-en/ | |
| https://www.anvilsecure.com/blog/compromising-garmins-sport-watches-a-deep-dive-into-garminos-and-its-monkeyc-virtual-machine.html | |
| https://www.synack.com/blog/permission-problem-salesforce-javascript-remoting-token/ | |
| https://sensepost.com/blog/2023/from-bitlocker-suspended-to-virtual-machine/ | |
| https://infosecwriteups.com/xs-leak-deanonymize-microsoft-skype-users-by-any-3rd-party-website-69849e4501a8 | |
| https://medium.com/@nikouei_com/2-xss-on-microsoft-37b6a7efcc84 | |
| https://jhftss.github.io/CVE-2023-23525-Get-Root-via-A-Fake-Installer/ | |
| https://infosecwriteups.com/turning-vulnerability-into-bounty-how-cve-2020-17453-xss-earned-me-a-500-bounty-dcabc737fded | |
| https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/ | |
| https://zerocode-ph.medium.com/bypassing-link-sharing-protection-in-messenger-kids-parents-control-feature-meta-bug-bounty-e53f2d148bd9 | |
| https://blog.thalium.re/posts/fuzzing-samsung-system-services/ | |
| https://medium.com/bugbountywriteup/turning-vulnerability-into-bounty-how-cve-2020-17453-xss-earned-me-a-500-bounty-dcabc737fded | |
| https://medium.com/bugbountywriteup/uncovering-a-critical-vulnerability-my-journey-of-discovering-cve-2021-31589-a-reflected-xss-in-1e13c0aa41b0 | |
| https://www.zerodayinitiative.com/blog/2023/4/19/cve-2022-29844-a-classic-buffer-overflow-on-the-western-digital-my-cloud-pro-series-pr4100 | |
| https://medium.com/@snoopy101/how-i-hacked-hackers-in-voorivex-hunt-event-9c572ce0005f | |
| https://mogwailabs.de/en/blog/2023/04/vulnerability-spotlight-cve-2023-0264/ | |
| https://blog.securitybreached.org/2023/04/19/how-i-manipulated-my-rank-on-the-bugcrowd-platform/ | |
| https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2 | |
| https://github.com/gobysec/Weblogic/blob/main/Research%20on%20WebLogic%20After-Deserialization.md | |
| https://www.wiz.io/blog/brokensesame-accidental-write-permissions-to-private-registry-allowed-potential-r | |
| https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api | |
| https://goziem.medium.com/my-first-case-of-ssrf-using-dirsearch-b916f0f1e94b | |
| https://skylightcyber.com/2023/04/18/popping-tags/ | |
| https://blog.includesecurity.com/2023/04/impersonating-local-unity-players-with-udp-spoofing-in-mirror/ | |
| https://infosecwriteups.com/break-the-logic-playing-with-product-ratings-on-a-shopping-site-600-c9a87fb66a73 | |
| https://www.pingsafe.com/blog/linkedin-vulnerability-delete-any-post | |
| https://medium.com/tinder/identifying-vulnerabilities-in-github-actions-aws-oidc-configurations-8067c400d5b8 | |
| https://mmdz.ninja/2023/04/17/how-narrow-recon-giving-me-bounty/ | |
| https://www.ghostccamm.com/blog/multi_strapi_vulns/ | |
| https://medium.com/@nanwinata/a-big-company-admin-panel-takeover-4500-9520a6c83430 | |
| https://starlabs.sg/advisories/23/23-2017/ | |
| https://medium.com/@mehtashobhit98/bypassing-the-2fa-mfa-an-easy-win-9b059bf0ac75 | |
| https://infosecwriteups.com/from-payload-to-300-bounty-a-story-of-crlf-injection-and-responsible-disclosure-on-hackerone-eeff74aff422 | |
| https://medium.com/@elsayedmohammed/how-do-i-get-cross-site-scripting-xss-in-nokia-3041c942b923 | |
| https://github.com/Sudistark/advisories/blob/main/2023/npm-package/xml2js.md | |
| https://medium.com/@ar_hawk/from-django-debug-mode-to-pii-data-leak-of-more-than-500-employees-due-broken-access-control-and-a3eb602a4207 | |
| https://www.offensity.com/en/blog/user-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264/ | |
| https://giraffesecurity.dev/posts/google-remote-code-execution/ | |
| https://medium.com/@crd0x49/how-i-got-rce-in-10-websites-26dd87441f22 | |
| https://char49.com/articles/topdesk-vulnerable-to-xml-signature-wrapping-attacks | |
| https://blog.redteam-pentesting.de/2023/rooting-printer/ | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/ | |
| https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/ | |
| https://abhishekgk.medium.com/how-chatgpt-helped-me-find-a-bug-b5a3795c722 | |
| https://www.reversemode.com/2023/04/losing-control-over-schneiders.html | |
| https://codewhitesec.blogspot.com/2023/04/java-exploitation-restrictions-in.html | |
| https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/ | |
| https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/ | |
| https://offsec.almond.consulting/ghostscript-cve-2023-28879.html | |
| https://orca.security/resources/blog/azure-shared-key-authorization-exploitation/ | |
| https://weizman.github.io/2023/04/10/snyk-xss/ | |
| https://blog.nietaanraken.nl/posts/aur-packages-github-repo-jacking/ | |
| https://medium.com/@thabisomokoena/account-take-over-via-an-api-2eea4fe49532 | |
| https://medium.com/@zhero_/a-successful-prototype-pollution-chained-to-a-dom-xss-9887087b56a4 | |
| https://medium.com/@ch3tanbug/how-i-was-able-to-change-password-of-any-corporate-user-c68b9509840 | |
| https://0xwise.medium.com/are-clicking-links-safe-f7cfcae2e421 | |
| https://shahjerry33.medium.com/sql-wildcard-dos-hang-till-death-adbae66d1f7b | |
| https://www.synacktiv.com/sites/default/files/2023-04/Synacktiv-ZimbraConnect-CVE-2022-41348.pdf | |
| https://blog.agilehunt.com/blogs/security/cve-2023-1906-heap-based-buffer-overflow-in-imagemagick | |
| https://testbnull.medium.com/phân-t%C3%ADch-lỗ-hổng-sharepoint-webpart-property-traversal-cve-2022-38053-cve-2023-21742-bc6931698a5f | |
| https://dev.to/mikesamuel/2008-silently-securing-jsonparse-5cbb | |
| https://blog.exodusintel.com/2023/04/06/escaping-adobe-sandbox-exploiting-an-integer-overflow-in-microsoft-windows/ | |
| https://crypt0g30rgy.github.io/post/TinderBug | |
| https://vitorfalcao.com/posts/simple-bugs/overwritting-files/ | |
| https://www.zerodayinitiative.com/blog/2023/4/5/bash-privileged-mode-vulnerabilities-in-parallels-desktop-and-cdpath-handling-in-macos | |
| https://cupc4k3.medium.com/cve-2023-1877-rce-with-server-side-template-injection-in-microweber-89da6a0e2603 | |
| https://www.invicti.com/blog/web-security/exploiting-insecure-exception-logging/ | |
| https://canvatechblog.com/discovering-headroll-cve-2023-0704-in-chromium-2e7f66fc130c | |
| https://bishopfox.com/blog/microsoft-intune-version-1-55-48-0-advisory | |
| https://bishopfox.com/blog/windows-task-scheduler-19044-advisory | |
| https://medium.com/@evan.connelly/post-account-takeover-account-takeover-of-internal-tesla-accounts-bc720603e67d | |
| https://evanconnelly.github.io/post/tesla-account-takeover/ | |
| https://www.n00py.io/2023/01/bypassing-amazon-kids-parental-controls/ | |
| https://research.aurainfosec.io/pentest/pentah0wnage/ | |
| https://kuldeep.io/posts/holiday-hunting-with-aquatone/ | |
| https://mmmds.pl/cyberghostvpn-mitm-rce-lpe/ | |
| https://chevonphillip.medium.com/blind-xss-via-sms-support-chat-1100-bug-bounty-779a1e19cc51 | |
| https://vitorfalcao.com/posts/simple-bugs/password-changing-to-ato/ | |
| https://frichetten.com/blog/minor-cross-tenant-vulns-app-runner/ | |
| https://medium.com/@prakashchand72/lenovo-database-of-root-user-credentials-exposed-22aab5382c | |
| https://infosecwriteups.com/lets-hacking-citizens-bank-9520e9c05cf9 | |
| https://medium.com/@paulo_mota/bug-bounty-como-encontrei-o-bug-unrestricted-file-upload-dd1a61adc9fd | |
| https://rayhan0x01.github.io/ctf/2023/04/01/finding-rce-in-eta-cve-2022-25967.html | |
| https://www.reversemode.com/2023/03/beware-of-javas-stringgetbytes.html | |
| https://sensepost.com/blog/2023/protected-users-you-thought-you-were-safe-uh/ | |
| https://7h3h4ckv157.medium.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa | |
| https://emad0x90.medium.com/exposed-docker-registries-server-as-critical-reminder-on-container-security-a9bba13b403d | |
| https://crypt0g30rgy.github.io/post/Journey2pII | |
| https://www.mannulinux.org/2023/03/exploiting-hibernate-injection-in-order.html | |
| https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/ | |
| https://orca.security/resources/blog/super-fabrixss-azure-vulnerability/ | |
| https://www.legitsecurity.com/blog/remote-code-execution-vulnerability-in-azure-pipelines-can-lead-to-software-supply-chain-attack | |
| https://xelkomy.medium.com/found-ssrf-and-lfi-in-just-10-minutes-of-using-burp-492fddef3f3e | |
| https://www.netspi.com/blog/technical/vulnerability-research/azure-service-bus-power-platform/ | |
| https://checkmarx.com/blog/cve-2022-37734-graphql-java-denial-of-service/ | |
| https://z-sec.co/hacking-admin-panel-getting-free-subscription | |
| https://www.sonarsource.com/blog/it-s-a-snmp-trap-gaining-code-execution-on-librenms/ | |
| https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration | |
| https://posts.specterops.io/id-tap-that-pass-8f79fff839ac | |
| https://blog.scrt.ch/2023/03/29/attacking-android-antivirus-applications/ | |
| https://medium.com/@bughuntar/a-short-tell-of-lfi-from-pdf-link-professor-the-hunter-43a8be853e | |
| https://www.outflank.nl/blog/2023/03/28/attacking-visual-studio-for-initial-access/ | |
| https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/ | |
| https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome | |
| https://www.praetorian.com/blog/dynamic-linking-injection/ | |
| https://medium.com/@bughuntar/my-first-bug-open-redirect-at-epic-games-500-bounty-d0c03de60fa7 | |
| https://frichetten.com/blog/undocumented-amplify-api-leak-account-id/ | |
| https://medium.com/@rajdipdeysarkar7/my-journey-to-nokia-hall-of-fame-in-just-10-minutes-4869c78c37e7 | |
| https://pawanchhabria.medium.com/how-i-escalated-default-credentials-to-remote-code-execution-1c34504be7a5 | |
| https://infosecwriteups.com/cve-2023-1410-stored-xss-in-the-graphite-function-description-tooltip-165bdc32154c | |
| https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow | |
| https://vulncheck.com/blog/joomla-for-rce | |
| https://portswigger.net/research/exploiting-prototype-pollution-in-node-without-the-filesystem | |
| https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-function-apps/ | |
| https://medium.com/@warrenbutterworth/finding-initial-access-on-a-real-life-penetration-test-86ed5503ae48 | |
| https://medium.com/@ambushneupane4/story-of-a-beautiful-account-takeover-869ef61ac6c8 | |
| https://occamsec.com/getting-root-a-technical-walkthrough/ | |
| https://www.code-intelligence.com/blog/expression-dos-spring | |
| https://www.synacktiv.com/sites/default/files/2023-03/Synacktiv-Grails-Spring-Security-CVE-2022-41923.pdf | |
| https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oraclel | |
| https://blog.doyensec.com//2023/03/21/windows-installer.html | |
| https://notifybugme.medium.com/how-i-got-access-to-essilor-international-company-customer-pii-info-by-aws-metadata-access-through-3da02f4c79f0 | |
| https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other/ | |
| https://blog.impalabs.com/2303_advisory_parallels-desktop_toolgate.html | |
| https://www.pentagrid.ch/de/blog/viseca-expense-credit-card-statement-disclosure/ | |
| https://codewhitesec.blogspot.com/2023/03/jmx-exploitation-revisited.html | |
| https://cupc4k3.lol/ssti-leads-to-rce-on-pyrocms-7515be27c811 | |
| https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html | |
| https://medium.com/@bag0zathev2/easy-via-api-params-manipulation-leading-to-bypassing-the-email-verification-block-a45dad2db60c | |
| https://medium.com/@shamimahamed666070/account-takeover-with-rate-limit-bypass-f28c5089a1eb | |
| https://www.rtcsec.com/post/2023/03/opensips-security-audit-report/ | |
| https://www.synacktiv.com/sites/default/files/2023-03/Synacktiv-BIRTViewer-CVE-2023-0100_1.pdf | |
| https://blog.scrt.ch/2023/03/17/bypassing-ppl-in-userland-again/ | |
| https://medium.com/@hritkmjth/directory-traversal-and-lfi-worth-400-c4422785d3bd | |
| https://infosecwriteups.com/anatomy-of-a-reflected-xss-my-discovery-on-a-microsofts-subdomain-7a237aba4392 | |
| https://princej-76.medium.com/how-i-chained-multiple-high-impact-vulnearbilities-to-create-a-critical-one-476950a3bb9f | |
| https://blog.doyensec.com/2023/03/16/ssrf-remediation-bypass.html | |
| https://medium.com/@abdulparkar9554/facebook-creator-studio-misconfiguration-348b0ee38c31 | |
| https://research.checkpoint.com/2023/checkmate/ | |
| https://medium.com/@minometidji/oauth-authentication-misconfiguration-cb43c3b3ec24 | |
| https://infosecwriteups.com/bypassing-character-limit-xss-using-spanned-payload-7301ffac226e | |
| https://medium.com/@yousefamery/emotional-rollercoaster-a-unique-case-study-of-bypassing-antivirus-and-firewall-by-abusing-2b36d8f6553c | |
| https://shahjerry33.medium.com/lfi-an-interesting-tweak-9c5638dbdd1b | |
| https://www.sjoerdlangkemper.nl/2023/03/15/textcube-sql-injection-session-ip-spoofing/ | |
| http://blog.sysdum.net/parameter-injection-to-rce | |
| https://www.semperis.com/blog/ad-security-research-breaking-trust-transitivity/ | |
| https://exploit.ph/external-trusts-are-evil.html | |
| https://trickest.com/blog/hundreds-of-ssrfs/ | |
| https://cupc4k3.lol/cve-2023-24625-idor-in-faveo-service-desk-37a63f53d896 | |
| https://blog.scrt.ch/2023/03/14/producing-a-poc-for-cve-2022-42475-fortinet-rce/ | |
| https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html | |
| https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/ | |
| https://www.blackhillsinfosec.com/your-browser-is-not-a-safe-space/ | |
| https://medium.com/@H1Xploit/hacking-the-docker-registry-with-burp-suite-18112cbfb6dd | |
| https://www.rapid7.com/blog/post/2023/03/14/microsoft-defender-for-cloud-management-port-exposure-confusion/ | |
| https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/ | |
| https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/ | |
| https://infosecwriteups.com/how-i-leak-others-access-token-by-exploiting-evil-deeplink-flaw-a0a566677639 | |
| https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/ | |
| https://medium.com/@mares.viktor/p1-vulnerability-by-bypassing-the-membership-payment-page-3289e09262c1 | |
| https://medium.com/@rajqureshi07/the-story-of-how-i-was-able-to-chain-ssrf-with-command-injection-vulnerability-ef31feb30ea9 | |
| https://ndevtk.github.io/writeups/2023/03/11/ccai/ | |
| https://ltsirkov.medium.com/netflix-smart-tv-chaining-self-xss-with-session-poisoning-3eb7c78c7914 | |
| https://infosecwriteups.com/account-takeover-an-epic-bug-bounty-story-dd5468d5773d | |
| https://noahblog.360.cn/cve-2022-36413-unauthorized-reset-password-of-zoho-manageengine-adselfservice-plus/ | |
| https://medium.com/@thelinuxboy/bugging-out-my-experience-of-earning-300-for-reporting-an-unexpected-bug-ec9f9b0054bc | |
| https://medium.com/@oXnoOneXo/improper-authentication-in-android-app-aa855227e6f1 | |
| https://m7arm4n.medium.com/default-credentials-on-sony-swag-time-8e35681ad39e | |
| https://infosecwriteups.com/rxss-inside-href-attribute-bypassing-lots-of-weird-checks-to-takeover-accounts-b4c8b4e70877 | |
| https://nav1n.medium.com/i-earned-3500-and-40-points-for-a-graphql-blind-sql-injection-vulnerability-5b7e428c477d | |
| https://blog.agilehunt.com/blogs/security/msrc-critical-google-iap-authorization-bypass-allows-access-to-internal-envirnment-leading-to-zero-interaction-account-takeover | |
| https://vijetareigns.medium.com/wait-time-bypass-for-fun-and-profit-c3837e6bb8ed | |
| https://www.imperva.com/blog/deanonymizing-opensea-nft-owners-via-xs-leaks-vulnerability/ | |
| https://seanpesce.blogspot.com/2023/03/leveraging-ssh-keygen-for-arbitrary.html | |
| https://mizu.re/post/ejs-server-side-prototype-pollution-gadgets-to-rce | |
| https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms | |
| https://arben.sh/bugbounty/SelfXSS-To-Stored-Through-IDOR/ | |
| https://blog.aquasec.com/jenkins-server-vulnerabilities | |
| https://nav1n.medium.com/how-i-got-owned-a-multi-billion-dollar-retailers-mysql-databases-using-simple-sql-injection-30f8b0dfd9ce | |
| https://mahaloz.re/2023/02/25/pwnagent-netgear.html | |
| https://medium.com/@omerkepenek/the-story-of-becoming-a-super-admin-ab32db7dd1b3 | |
| https://www.shockwave.cloud/blog/subdomain-takeover-how-a-misconfigured-dns-record-could-lead-to-a-huge-supply-chain-attack | |
| https://ophionsecurity.com/blog/access-organization-secrets-in-github | |
| https://infosecwriteups.com/dont-send-a-message-to-anyone-before-reading-this-account-takeover-vulnerability-external-audit-cf584a0c983c | |
| https://medium.com/tenable-techblog/wordpress-buddyforms-plugin-unauthenticated-insecure-deserialization-cve-2023-26326-3becb5575ed8 | |
| https://secfault-security.com/blog/ms-app-center.html | |
| https://www.securifera.com/blog/2023/03/06/attacking-net-web-services/ | |
| https://mega-caveat.github.io | |
| https://eprint.iacr.org/2023/331.pdf | |
| https://blog.bitcrack.net/oracle-databases-remote-stealth-password-bruteforce/ | |
| https://medium.com/@Ano_F_/manipulating-encrypted-traffic-using-pycript-b637612528bb | |
| https://eaton-works.com/2023/03/06/toyota-c360-hack/ | |
| https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html | |
| https://medium.com/@mukundbhuva/accessing-the-data-sources-of-any-facebook-business-account-via-idor-in-graphql-1fc963ad3ecd | |
| https://rashahacks.com/exposing-users-table-from-a-leaky-graphql-query/ | |
| https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/ | |
| https://hopesamples.blogspot.com/2023/03/idor-on-bitdefendercom.html | |
| https://hunter-55.medium.com/500-bounty-in-just-5-minutes-through-recon-5eeb6c299c3c | |
| https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md | |
| https://screamy7.github.io/posts/Javascript/ | |
| https://medium.com/@thelinuxboy/30-minute-heist-how-i-bagged-a-1500-bounty-in-just-few-minutes-48753eb2028e | |
| https://medium.com/@mrxdevil404/bug-in-netflix-with-my-automation-1382d087078 | |
| https://m7arm4n.medium.com/unauthorized-access-to-admin-panel-via-swagger-c242e8341045 | |
| https://wojciechregula.blog/post/bypass-tcc-via-icloud/ | |
| https://bountyplz.xyz/bugbounty/2023/03/03/Bypassing-Safe-Redirect-in-Rails-7.0.html | |
| https://github.blog/2023-03-03-github-security-lab-audited-datahub-heres-what-they-found/ | |
| https://github.com/AnkitCuriosity/Write-Ups/blob/main/Web%20Cache%20Poisoning%20-%20Capability%20to%20disable%E2%88%95deface%20the%20app.vulnerable.com%20(A%20tale%20of%20poisoning%20through%20the%20layers%20of%20caching).md | |
| https://starlabs.sg/blog/2023/03-cs-cart-pdf-plugin-unauthenticated-command-injection/ | |
| https://www.permasecure.io/2023/03/03/how-your-nfts-could-have-been-stolen-in-just-one-click/ | |
| https://ibraradi.gitbook.io/write-up/upgrade-plan-from-free-to-paid-via-response-manipulation | |
| https://mshibilmp.medium.com/how-i-earned-for-excessive-data-exposure-through-directory-traversal-leads-to-product-price-4582e5371774 | |
| https://medium.com/@ahmedelbolaqy/the-story-of-my-first-reflected-xss-c24fbfef2dc6 | |
| https://vijetareigns.medium.com/email-verification-bypass-worth-cbb65a68a34f | |
| https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser | |
| https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com | |
| https://fireshellsecurity.team/mining-takeovers-for-fun-and-profit/ | |
| https://medium.com/@kushjain0107/how-simple-idor-impacted-the-data-of-thousands-of-customers-of-an-indian-automotive-giant-fdbd2ef1c2c6 | |
| https://medium.com/@snoopy101/web-cache-deception-attack-on-a-private-bug-bounty-program-52872cbdeedc | |
| https://labs.nettitude.com/blog/introducing-aladdin/ | |
| https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/ | |
| https://redshark1802.com/blog/2023/03/01/abusing-hopy-by-hop-header-crlf-injection/ | |
| https://cristivlad.medium.com/exfiltrating-aws-credentials-via-pdf-rendering-of-unsanitized-input-63f39d60d963 | |
| https://medium.com/@0xd3vil/how-i-earned-1800-for-finding-a-business-logic-account-takeover-vulnerability-c84c78e6ade0 | |
| https://bergee.it/blog/broken-links-hijacking-and-cdn-takeover/ | |
| https://blog.doyensec.com/2023/02/28/new-vector-for-dirty-arbitrary-file-write-2-rce.html | |
| https://www.sonarsource.com/blog/empowering-weak-primitives-file-truncation-to-code-execution-with-git/ | |
| https://www.zerodayinitiative.com/blog/2023/2/27/cve-2022-38108-rce-in-solarwinds-network-performance-monitor | |
| https://saligrama.io/blog/post/gradescope-autograder-security/ | |
| https://blog.rehack.xyz/2023/02/tips-tricks-exfiltrating-users-data.html | |
| https://medium.com/@mehtashobhit98/my-first-un-expected-digit-bounty-for-an-un-expected-vulnerability-b44933d6ebda | |
| https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/ | |
| https://security.humanativaspa.it/abusing-mavens-pom-xml/ | |
| https://trenchant.io/vmware-workspace-one-access/ | |
| https://medium.com/@mullangisashank/the-vulnerability-that-exposed-an-un-website-to-remote-code-execution-dfe377b82049 | |
| https://medium.com/@levshmelevv/10-000-bounty-for-exposed-git-to-rce-304c7e1f54 | |
| https://rollingpwn.github.io/BLE-Relay-Aattck/ | |
| https://varmaanu001.medium.com/interesting-stored-xss-in-sandboxed-environment-to-full-account-takeover-32e541062938 | |
| https://infosecwriteups.com/how-did-i-found-rce-on-shareit-which-rewarded-bounty-7d4196bf1b52 | |
| https://nishantjain.tech/#/blog | |
| https://medium.com/@omidxrz/command-injection-by-changing-the-logo-2d730887ab6c | |
| https://gonzxph.medium.com/account-takeover-worth-of-5-dba784b32383 | |
| https://hacklido.com/blog/320-how-i-got-a-2000-bounty-with-rxss | |
| https://p4n7h3rx.medium.com/how-i-got-a-2000-bounty-with-rxss-e6f45f987793 | |
| https://medium.com/@osamaavvan/unauthenticated-graphql-introspection-and-api-calls-92f1d9d86bcf | |
| https://systemweakness.com/give-me-a-browser-ill-give-you-a-shell-de19811defa0 | |
| https://medium.com/@metikalakullai.gtl/my-p1-account-takeover-3293fc59e10 | |
| https://www.horizon3.ai/from-cve-2022-33679-to-unauthenticated-kerberoasting/ | |
| https://www.synacktiv.com/sites/default/files/2023-02/Synacktiv-IBM-TWS-CVE-2022-38389.pdf | |
| https://lude.rs/h4ck1ng/draw.io_cves.html | |
| https://www.synack.com/blog/exploits-explained-using-apis-to-execute-a-server-side-request-forgery/ | |
| https://starlabs.sg/blog/2023/02-microsoft-azure-account-takeover-via-dom-based-xss-in-cosmos-db-explorer/ | |
| https://www.creastery.com/blog/microsoft-azure-ato-via-xss-in-cosmos-db-explorer/ | |
| https://blog.prodefense.io/little-bug-big-impact-25k-bounty-9e47773f959f | |
| https://medium.com/@feribytex/blind-xss-fired-on-admin-panel-worth-2000-abe2c83279b5 | |
| https://blog.trailofbits.com/2023/02/23/escaping-well-configured-vscode-extensions-for-profit/ | |
| https://medium.com/@bag0zathev2/how-i-used-js-files-inspection-and-fuzzing-to-do-admins-supports-stuff-dd4f700605a | |
| https://m3ez.medium.com/how-i-found-dom-based-xss-on-microsoft-msrc-and-how-they-fixed-it-8b71a6020c82 | |
| https://parkerzanta.medium.com/how-do-i-take-over-another-user-subdomain-name-worth-c66bb0c3f2f7 | |
| https://www.whiteoaksecurity.com/blog/logicaldoc-vulnerability-disclosure/ | |
| https://cylect.io/blog/cybr-2/exploit-airlines-to-get-free-wifi-airline-vulnerability-8 | |
| https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/ | |
| https://sensepost.com/blog/2023/decoding-blazorpack/ | |
| https://sl4x0.medium.com/how-i-got-into-nokia-hof-in-5-mins-99ce16583bd4 | |
| https://0x1int.gitbook.io/blogs/insufficient-graphql-api-vulnerability-due-to-lack-of-validation-of-authorization-bearer-token | |
| https://www.vicarius.io/vsociety/blog/unauthenticated-rce-in-goanywhere | |
| https://www.codean.io/blog/vulnerability-write-up---%22dangerous-assumptions%22 | |
| https://medium.com/@rramgattie/exploiting-parameter-pollution-in-golang-web-apps-daca72b28ce2 | |
| https://medium.com/@knassar702/with-a-single-request-you-can-kill-any-gitea-server-1275c5f3b226 | |
| https://servicenger.com/mobile/android/access-twitter-blue-features-using-deeplink-without-a-paid-subscription/ | |
| https://medium.com/@fattselimi/information-disclosure-vulnerability-in-adobe-experience-manager-affecting-multiple-companies-2fb0558cd957 | |
| https://medium.com/@chenshiri/taking-over-google-cloud-shell-by-utilizing-capabilities-and-kubelet-fd5e2417f286 | |
| https://www.vaadata.com/blog/exploiting-an-html-injection-with-dangling-markup/ | |
| https://www.synacktiv.com/sites/default/files/2023-02/Synacktiv-Security_Advisory-Dell_EMC_vApp_Manager-Multiple_Vulnerabilities.pdf | |
| https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html | |
| https://bishopfox.com/blog/what-the-vuln-zimbra | |
| https://onekey.com/blog/clamav-critical-patch-review/ | |
| https://www.synacktiv.com/sites/default/files/2023-02/Synacktiv-Nokia-BTS-AirScale-Asika-Multiple-Vulnerabilities.pdf | |
| https://jjainam16.medium.com/reflected-cross-site-scripting-on-reddit-website-bounty-awards-5000-99fa639cdd7 | |
| https://blog.trailofbits.com/2023/02/21/vscode-extension-escape-vulnerability/ | |
| https://www.praetorian.com/blog/using-crlf-injection-to-bypass-akamai-web-app-firewall/ | |
| https://aidilarf.medium.com/bypassing-sso-authentication-from-the-login-without-password-feature-lead-to-account-takeover-d2322a33a208 | |
| https://blog.robinjust.in/gov-in/2023/02/Exposing-Indian-Citizens-Sensitive-PII-and-more/ | |
| https://jjainam16.medium.com/reflected-cross-site-scripting-awards-3500-bounty-c8a619f129a1 | |
| https://medium.com/@siratsami71/1500-worth-slack-vulnerability-bypass-invite-accept-process-8204e5431d52 | |
| https://www.shockwave.cloud/blog/shockwave-works-with-openai-to-fix-critical-chatgpt-vulnerability | |
| https://www.archcloudlabs.com/projects/disabling-clamav-as-unprivileged-user/ | |
| https://vengeance.medium.com/found-an-url-in-the-android-application-source-code-which-lead-to-an-idor-1b8768708756 | |
| https://medium.com/@niraj1mahajan/hacking-the-search-bar-the-story-of-discovering-and-reporting-an-xss-vulnerability-on-bing-com-cac2f241835 | |
| https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/ | |
| https://medium.com/@win3zz/facebook-bug-a-journey-from-code-execution-to-s3-data-leak-698b7d2b02ef | |
| https://medium.com/@rajauzairabdullah/the-inside-story-of-finding-a-reverse-transaction-vulnerability-in-a-financial-application-d73f9cd40f6f | |
| https://blog.infiltrateops.io/hacking-apple-two-successful-exploits-and-positive-thoughts-on-their-bug-bounty-program-963efe7518f6 | |
| https://decoder.cloud/2023/02/16/eop-via-arbitrary-file-write-overwite-in-group-policy-client-gpsvc-cve-2022-37955/ | |
| https://portswigger.net/research/server-side-prototype-pollution | |
| https://blog.yeswehack.com/talent-development/server-side-prototype-pollution-how-to-detect-and-exploit/ | |
| https://www.intruder.io/research/server-side-prototype-pollution | |
| https://www.praetorian.com/blog/azure-b2c-crypto-misuse-and-account-compromise/ | |
| https://posts.specterops.io/abusing-azure-app-service-managed-identity-assignments-c3adefccff95 | |
| https://github.com/j00sean/CVE-2022-44666 | |
| https://medium.com/@tarang.parmar/xss-on-most-popular-entertaining-website-2fbf5a88df0f | |
| https://faiyazhacks.medium.com/i-got-united-nations-hall-of-fame-with-this-simple-technique-3d9a021e4a5d | |
| https://wesecureapp-smm.medium.com/assumed-breach-assessment-case-study-uncovering-wesecureapps-approach-45a512c0bd63 | |
| https://github.com/haproxy/haproxy/commit/a8598a2eb11b6c989e81f0dbf10be361782e8d32 | |
| https://checkmarx.com/blog/securing-open-source-solutions-a-study-of-osticket-vulnerabilities/ | |
| https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/ | |
| https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc | |
| https://mahmoudsec.blogspot.com/2023/02/sql-injection-utilizing-xml-functions.html | |
| https://pullerjsecu.medium.com/bypassing-cors-configurations-to-produce-an-account-takeover-for-fun-and-profit-3e50c3f2a124 | |
| https://medium.com/@kartikhunt3r/blind-time-based-sql-injection-vulnerability-in-an-indian-government-website-6bf3bb7daf25 | |
| https://medium.com/@deadoverflow/bypassing-samesite-lax-cookie-restrictions-to-preform-csrf-resulting-to-a-horizontal-privilege-1dfc8fb17b0a | |
| https://ophionsecurity.com/blog/hacking-our-way-into-an-internal-db | |
| https://www.synacktiv.com/publications/exploiting-a-remote-heap-overflow-with-a-custom-tcp-stack.html | |
| https://theevilbit.github.io/posts/cve-2022-22655/ | |
| https://medium.com/@ramkumarnadar47/zip-bomb-attack-88d84a98be9f | |
| https://basu-banakar.medium.com/ssrf-that-allowed-us-to-access-whole-infra-web-services-and-many-more-3424f8efa0e4 | |
| https://frycos.github.io/vulns4free/2023/02/12/install4j-xxe.html | |
| https://yaseenzubair.medium.com/idor-leads-to-mass-account-takeover-7548a03f5672 | |
| https://pvs-studio.com/en/blog/posts/csharp/0918/ | |
| https://infosecwriteups.com/a-tale-of-a-full-business-takeover-red-team-diaries-fe7a6a7acaef | |
| https://blog.cyberxplore.com/we-hacked-github-for-a-month-heres-what-we-found/ | |
| https://omar0x01.medium.com/hubspot-full-account-takeover-in-bug-bounty-4e2047914ab5 | |
| https://infosecwriteups.com/disabling-js-for-the-win-9d13c606f910 | |
| https://decoder.cloud/2023/02/13/localpotato-when-swapping-the-context-leads-you-to-system/ | |
| https://www.localpotato.com/localpotato_html/LocalPotato.html | |
| https://medium.com/@lukeberner/information-disclosure-to-gdpr-breach-a-google-tale-f9e99fd5d648 | |
| https://cupc4k3.medium.com/cve-2023-0759-privilege-escalation-in-the-cockpit-cms-6a4a28685f8e | |
| https://the-deniss.github.io/posts/2023/02/09/elevation-of-privileges-from-everyone-through-avast-av-sandbox-to-system-amppl.html | |
| https://skylightcyber.com/2023/02/09/a-salt-attacking-saltstack/ | |
| https://www.elttam.com/blog/cracking-randomness-in-java/ | |
| https://p4n7h3rx.medium.com/how-i-got-bounty-within-5-mins-f1448f6db9b5 | |
| https://www.trustedsec.com/blog/azure-ad-kerberos-tickets-pivoting-to-the-cloud/ | |
| https://www.synack.com/blog/default-credentials-still-a-problem-today/ | |
| https://www.blackhillsinfosec.com/exploit-development-a-sincere-form-of-flattery/ | |
| https://www.zerodayinitiative.com/blog/2023/2/6/pwn2owning-two-hosts-at-the-same-time-abusing-inductive-automation-ignitions-custom-deserialization | |
| https://infosecwriteups.com/chaining-bugs-to-get-my-first-bug-bounty-7e94afb704e7 | |
| https://jowin922.medium.com/reflected-xss-on-target-with-tough-waf-waf-bypass-3b7efd1ef2bc | |
| https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/ | |
| https://arnavtripathy98.medium.com/bypassing-api-restrictions-for-fun-and-profit-c9ab746b67be | |
| https://medium.com/@mydudehello91/how-i-got-1000-by-clickacking-233e89d76ffd | |
| https://hesec.de/posts/cve-2023-22855/ | |
| https://medium.com/@mares.viktor/code-injection-via-python-sandbox-escape-how-i-got-a-shell-inside-a-network-c977c35a82de | |
| https://blog.quarkslab.com/post-exploitation-abusing-the-keepass-plugin-cache.html | |
| https://www.cyberark.com/resources/threat-research-blog/the-linux-kernel-and-the-cursed-driver | |
| https://read.martiandefense.llc/a-zero-day-for-demo-servers-and-internal-government-networks-96acda9e83ed | |
| https://eaton-works.com/2023/02/06/toyota-gspims-hack/ | |
| https://securitylabs.datadoghq.com/articles/aws-console-rate-limit-bypass/ | |
| https://pyn3rd.github.io/2023/02/06/Apache-Commons-SCXML-Remote-Code-Execution/ | |
| https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html | |
| https://www.vidocsecurity.com/blog/2022-summary-how-we-made-120k-bug-bounty-in-a-year/ | |
| https://medium.com/@2os5/easy-account-takeover-on-dell-subdomain-6297460741fd | |
| https://bloggerrando.blogspot.com/2023/02/06-2.html | |
| https://btlfry.gitlab.io/notes/posts/memcached-command-injections-at-pylibmc/ | |
| https://security.lauritz-holtmann.de/post/xss-ato-gadgets/ | |
| https://kindergartner.computerhacker.ring0.lol | |
| https://medium.com/@jawadmahdi/a-weird-bug-that-leaked-pii-9e2e91a8b8c8 | |
| https://www.synacktiv.com/sites/default/files/2023-02/Synacktiv-Advisory-Izanami-CVE-2023-22495.pdf | |
| https://medium.com/@rezaduty/play-with-google-twitter-apple-dell-a90777faa779 | |
| https://molx32.github.io/blog/2023/Azure-access-panel-lack-of-access-control/ | |
| https://www.flashback.sh/blog/weekend-destroyer-wd-pr4100-rce | |
| https://medium.com/@bag0zathev2/discovering-5-xss-vulnerabilities-in-a-simple-way-with-xssor-go-a0a761631012 | |
| https://medium.com/@_yldrm/host-header-injection-to-complete-organization-takeover-67a8a2ddb188 | |
| https://shahjerry33.medium.com/idor-inside-the-session-storage-88af485fc899 | |
| https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-1 | |
| https://www.flashback.sh/blog/weekend-destroyer-wd-pr4100-rce | |
| https://blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/ | |
| https://www.synack.com/blog/exploits-explained-java-jmxs-exploitation-problems-and-resolutions/ | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vulnerability-causing-deletion-of-all-users-in-crushftp-admin-area/ | |
| https://www.whiteoaksecurity.com/blog/centrestack-disclosure/ | |
| https://www.metabaseq.com/imagemagick-zero-days/ | |
| https://infosecwriteups.com/an-idor-vulnerability-often-hides-many-others-2893ddd0a0d7 | |
| https://blog.assetnote.io/2023/02/01/rce-in-avaya-aura/ | |
| https://www.rapid7.com/blog/post/2023/02/01/cve-2023-22374-f5-big-ip-format-string-vulnerability/ | |
| https://webresearcher007.medium.com/broken-function-level-authorization-leads-to-disclosing-pii-information-of-all-company-users-35aee60b287b | |
| https://z-sec.co/mass-account-takeover | |
| https://eta.st/2023/01/31/rail-tickets.html | |
| https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/ | |
| https://www.akamai.com/blog/security-research/cant-wait-to-shut-you-down-msrpc-wininit | |
| https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable | |
| https://khaledyassen.medium.com/how-i-bypassed-the-registration-validation-and-logged-in-with-the-company-email-14eb12c45fb5 | |
| https://mazoka777.medium.com/how-i-hacked-all-zendesk-sites-265-000-site-by-one-line-c6b6485a7a6 | |
| https://medium.com/@mrhavit/how-i-found-an-insecure-direct-object-reference-in-tiktok-c7303addf223 | |
| https://medium.com/@abhisekr/discovered-a-critical-idor-and-earned-900-for-my-first-p1-vulnerability-57c1e72f42c1 | |
| https://www.jhaddix.com/post/the-100-million-person-data-disclosure | |
| https://medium.com/@DrakenKun/how-i-was-able-to-find-4-cross-site-scripting-xss-on-vulnerability-disclosure-program-e2f39199ae16 | |
| https://akashc99.medium.com/blind-xss-to-ssrf-e2bc579976d | |
| https://ysamm.com/?p=779 | |
| https://ysamm.com/?p=783 | |
| https://ysamm.com/?p=777 | |
| https://shells.systems/froxlor-v2-0-6-remote-command-execution-cve-2023-0315/ | |
| https://github.com/mhaskar/CVE-2023-0315 | |
| https://akashc99.medium.com/bypassing-account-lockout-through-password-reset-functionality-8ff5c256f380 | |
| https://hacksys.io/blogs/adobe-reader-resetform-cagg-rce-cve-2023-21608 | |
| https://github.com/alalng/CVE-2022-44789 | |
| https://blog.projectdiscovery.io/php-http-server-source-disclosure/ | |
| https://medium.com/@sudipshah_66336/disclosing-facebook-page-admins-by-playing-a-game-2b0f4ed082e4 | |
| https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/ | |
| https://medium.com/@severustalin/how-i-found-my-first-bug-in-android-41153093ba57 | |
| https://positive.security/blog/ransack-data-exfiltration | |
| https://www.sonarsource.com/blog/openemr-remote-code-execution-in-your-healthcare-system/ | |
| https://www.rtcsec.com/article/kamailio-exec-module-considered-harmful/ | |
| https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi | |
| https://swarm.ptsecurity.com/mybb-1-8-31-remote-code-execution-chain/ | |
| https://medium.com/@_deshine_/easy-2000-race-condition-b4d093c9bc3c | |
| https://sanderwind.medium.com/unleashing-the-power-of-css-injection-the-access-key-to-an-internal-api-789b166d0527 | |
| https://sensepost.com/blog/2023/jumping-into-socks/ | |
| https://blog.assetnote.io/2023/01/24/yellowfin-auth-bypass-to-rce/ | |
| https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html | |
| https://www.varonis.com/blog/okta-attack-vectors | |
| https://blog.stratumsecurity.com/2023/01/23/remote-code-execution-through-deserializtion/ | |
| https://www.zerodayinitiative.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation | |
| https://ph-hitachi.medium.com/how-i-hacked-scopely-using-sign-in-with-google-298a9c166ad | |
| https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/ | |
| https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900 | |
| https://infosecwriteups.com/reflected-xss-leads-to-3-000-bug-bounty-rewards-from-microsoft-forms-efe34fc6b261 | |
| https://sl4x0.medium.com/how-i-found-xss-on-admin-page-without-login-fe165a5f89c2 | |
| https://www.ukusormus.com/bypassing-cloudflare-waf-xss-via-sql-injection/ | |
| https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/? | |
| https://www.synacktiv.com/sites/default/files/2023-01/advisory_manageengine_adss_2023.pdf | |
| https://medium.com/@bag0zathev2/csrf-stored-xss-to-leading-to-full-account-takeover-39e9a79533e3 | |
| https://melotover.medium.com/bypassing-e2e-encryption-leads-to-multiple-high-vulnerabilities-65b708e5ad84 | |
| https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/ | |
| https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c | |
| https://www.secforce.com/blog/aws-cognito-pitfalls-default-settings-attackers-love-and-you-should-know-about/ | |
| https://www.zerodayinitiative.com/blog/2023/1/18/cve-2022-35690-unauthenticated-rce-in-adobe-coldfusion | |
| https://blog.viettelcybersecurity.com/saml-show-stopper/ | |
| https://medium.com/@siratsami71/the-easiest-way-i-used-to-bypass-an-admin-panel-93d4297ed4a6 | |
| https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced/ | |
| https://shahjerry33.medium.com/api-misconfiguration-no-swag-of-swaggerui-9b43135346be | |
| https://www.secureworks.com/research/azure-active-directory-flaw-allowed-saml-persistence | |
| https://security.humanativaspa.it/nothing-new-under-the-sun/ | |
| https://www.legitsecurity.com/blog/dos-via-software-supply-chain-innumerable-projects-exposed-to-a-markdown-library-vulnerability | |
| https://medium.com/@Parag_Bagul/how-i-identified-and-reported-vulnerabilities-in-oracle-and-the-rewards-of-responsible-43ee5fea457f | |
| https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf | |
| https://medium.com/@mohanad.hussam23/from-error-log-file-p4-to-company-account-takeover-p1-and-unauthorized-actions-on-api-35e45e43273a | |
| https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/ | |
| https://semgrep.dev/blog/2022/xml-security-in-java | |
| https://www.dsecbypass.com/en/centreon-map-vulnerability/ | |
| https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/ | |
| https://medium.com/@haroonhameed_76621/dom-based-xss-for-fun-and-profit-bug-bounty-poc-f4b9554e95d | |
| https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass/ | |
| https://onekey.com/blog/security-advisory-wago-unauthenticated-config-export-vulnerability/ | |
| https://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html | |
| https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/ | |
| https://medium.com/@xerox0x1/full-account-take-over-by-very-simple-trick-b4025a53047c | |
| https://medium.com/@_deshine_/account-take-over-due-to-aws-cognito-misconfiguration-7b092c667ee3 | |
| https://blog.hckrt.com/blog/thisclosed_2/ | |
| https://medium.com/@mares.viktor/critical-vulnerability-through-osint-only-56e56eb97516 | |
| https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/ | |
| https://blog.paradoxis.nl/yafpc-unauthenticated-remote-code-execution-755bf9e4d7c1 | |
| https://infosecwriteups.com/how-browsers-save-as-feature-might-lead-to-code-execution-cve-2022-45415-ebaa8711692 | |
| https://medium.com/@cachemoney/exploiting-application-logic-to-phish-internal-mailing-lists-486b94fc2ef1 | |
| https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/ | |
| https://sector7.computest.nl/post/2023-01-xar/ | |
| https://blog.stazot.com/ssh-key-injection-google-cloud/ | |
| https://googleprojectzero.blogspot.com/2023/01/der-entitlements-brief-return-of.html | |
| https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/ | |
| https://www.imperva.com/blog/google-chrome-symstealer-vulnerability/ | |
| https://ssd-disclosure.com/ssd-advisory-macos-mozilla-firefox-download-protections-were-bypassed-by-atloc-ftploc-files/ | |
| https://andika-here.medium.com/how-i-earned-1000-from-business-logic-vulnerability-account-takeover-f03547950c82 | |
| https://infosecwriteups.com/full-team-takeover-678c79842065 | |
| https://erasec.be/blog/client-side-path-manipulation/ | |
| https://dhakalbibek.medium.com/2022-a-year-of-fascinating-discoveries-d3277dfb006f | |
| https://tuhin1729.medium.com/full-team-takeover-678c79842065 | |
| https://krevetk0.medium.com/hacking-hackers-for-fun-and-profit-784e6c7897e8 | |
| https://github.com/blasty/lexmark/blob/main/writeup/writeup.md | |
| https://www.vulnano.com/2023/01/meta-quest-attacker-could-make-any.html | |
| https://ymohagheghi.medium.com/uploading-the-webshell-using-filename-of-content-disposition-header-story-59ba87752311 | |
| https://engrinside.medium.com/bug-hunting-open-access-to-s3-bucket-79f262a86a78 | |
| https://crypt0g30rgy.github.io/post/SSRFtoDos | |
| https://crypt0g30rgy.github.io/post/PaymentBypassOne | |
| https://medium.com/@sandro.einfeldt/advanced-csrf-exploitation-via-xss-4cd00c895ba | |
| https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed | |
| https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/ | |
| https://3sjay.github.io/2023/01/06/pandoraFMS-Pre-Auth-RCE.html | |
| https://karimrahal.com/2023/01/05/github-actions-leaking-secrets/ | |
| https://yaseenzubair.medium.com/blind-xss-in-email-field-1000-bounty-b19b25a23236 | |
| https://blog.abdulrah33m.com/prototype-pollution-in-python/ | |
| https://labs.nettitude.com/blog/cve-2022-25026-cve-2022-25027-vulnerabilities-in-rocket-trufusion-enterprise/ | |
| https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/ | |
| https://samcurry.net/web-hackers-vs-the-auto-industry/ | |
| https://acut3.pages.dev/posts/2023-01-03-fetch-diversion/ | |
| https://medium.com/@sid0krypt/vue-js-reflected-xss-fae04c9872d2 | |
| https://medium.com/@adhaamsayed3/access-to-page-with-default-credentials-that-require-authenticate-e59cebf0bced | |
| https://trufflesecurity.com/blog/of-cors/index.html | |
| https://servicenger.com/mobile/instagram-vulnerability-turn-off-message-requests-deeplink/ | |
| https://kailashbohara.com.np/blog/2023/01/02/exploiting-thousands-of-domains-for-XSS/ | |
| https://yaseenzubair.medium.com/web-cache-poisoning-worth-it-e7c6d88797b1 | |
| https://medium.com/@nakah_/an-amazing-way-to-turn-a-xss-into-an-ato-40bc92772195 | |
| https://0xlittlespidy.medium.com/indias-aadhar-card-source-code-disclosure-via-exposed-svn-wc-db-c05519ea7761 | |
| https://medium.com/@querylab/bypass-premium-account-payment-getpocket-d813b249687c | |
| https://medium.com/@coffeeaddict_exe/500-in-5-minutes-45977e89a337 | |
| https://medium.com/@mohammed01550038865/hello-hackers-a229fb5c821b | |
| https://0xprial.com/subdomain-hijacking-of-any-qwilrs-customer/ | |
| https://infosecwriteups.com/cve-2022-38627-a-journey-through-sqlite-injection-to-compromise-the-whole-enterprise-building-15cebd072ed6 | |
| https://sudhanshur705.medium.com/exploring-the-world-of-esi-injection-b86234e66f91 | |
| https://hamzadzworm.medium.com/how-i-got-a-bug-that-leads-to-takeover-accounts-of-any-user-who-view-my-profile-913c8704f6cd | |
| https://medium.com/@mukundbhuva/account-takeover-due-to-cognito-misconfiguration-earns-me-xxxx-3a7b8bb9a619 | |
| https://medium.com/@ashlyn.lau_17206/hooking-secret-key-to-building-custom-burp-extension-c6aeb6fd312a | |
| https://medium.com/@kandar.souvik6/feedback-analyzer-exploitation-dc44a91b7fcc | |
| https://infosecwriteups.com/unauthorized-sign-up-on-subdomain-of-subdomain-leading-to-organization-takeover-worth-2000-a7199952d80b | |
| https://tamimhasan404.medium.com/ldap-anonymous-login-story-of-my-3-simple-p3-findings-d5b4a991b345 | |
| https://www.yassineaboukir.com//blog/hunting-for-amazon-cognito-security-misconfigurations/ | |
| https://danaepp.com/hacking-a-net-api-in-the-real-world | |
| https://mtechghost.medium.com/stored-xss-vulnerability-in-microsoft-booking-e593de3344e0 | |
| https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html | |
| https://blog.viettelcybersecurity.com/tabshell-owassrf/ | |
| https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html | |
| https://bergee.it/blog/how-i-found-multiple-critical-bugs-in-red-bull/ | |
| https://cems.fun/2022/12/26/CVE-2017-8758.html | |
| https://sharanthehunter.medium.com/authentication-bypass-in-nexus-manager-version-3-37-3-02-712f0bdb2fb4 | |
| https://rashahacks.com/how-i-pwned-10-admin-panels-and-rewarded-8000/ | |
| https://medium.com/@mares.viktor/unusual-403-bypass-to-a-full-website-takeover-external-pentest-4970c788c6bf | |
| https://medium.com/@tobydavenn/bypassing-ssrf-protections-45e5e3ac31e9 | |
| https://infosecwriteups.com/bypass-apples-redirection-process-with-the-dot-character-c47d40537202 | |
| https://infosecwriteups.com/crlf-injection-xxx-how-was-it-possible-for-me-to-earn-a-bounty-with-the-cloudflare-waf-f581506f97f5 | |
| https://medium.com/supakiad-s-m3ez/microsoft-bug-reports-lead-to-ranking-on-microsoft-msrc-quarterly-leaderboard-q3-2022-c6c9f70e2ccd | |
| https://therceman.medium.com/350-xss-in-15-minutes-dcb74ad93d5f | |
| https://keerok.github.io/2022/12/22/Flickr-Stored-XSS/ | |
| https://github.com/PabloMK7/ENLBufferPwn | |
| https://www.mnemonic.io/resources/blog/acsessed-cross-tenant-network-bypass-in-azure-cognitive-search/ | |
| https://research.nccgroup.com/2022/12/22/puckungfu-a-netgear-wan-command-injection/ | |
| https://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_sqli_1.pdf | |
| https://web.archive.org/web/20221224215757/https://rashahacks.com/how-race-condition-helped-me-break-business-logic/ | |
| https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f | |
| https://medium.com/@yaala/account-takeover-and-two-factor-authentication-bypass-de56ed41d7f9 | |
| https://bugreader.com/social/write-ups-general-delete-any-video-or-reel-on-facebook-11-250--100965 | |
| https://m7arm4n.medium.com/zero-click-to-account-takeover-idor-xss-98dd6cce63c4 | |
| https://medium.com/@vamshivaran110/rce-on-admin-panel-of-web3-website-2d0acf34d6ea | |
| https://www.shielder.com/advisories/cisco-broadworks-commpilot-ssrf/ | |
| https://medium.com/@EX_097/my-first-bug-in-bugcrowd-76decc1f9901 | |
| https://www.trendmicro.com/en_us/research/22/l/a-technical-analysis-of-cve-2022-22583-and-cve-2022-32800.html | |
| https://crypt0g30rgy.github.io/post/AWSTakeover | |
| https://www.trendmicro.com/en_us/research/22/l/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypas.html | |
| https://dappsec.substack.com/p/an-advisory-for-cve-2019-16891-from | |
| https://rv09.medium.com/in-this-article-ill-tell-you-how-i-got-a-4-digits-bounty-from-an-indian-company-38e39a29f99e | |
| https://infosecwriteups.com/graphql-idor-leaking-credit-card-information-of-1000s-of-users-d07eec732979 | |
| https://kingcoolvikas.medium.com/how-i-found-my-first-xss-on-a-bug-bounty-program-c41107617ce1 | |
| https://www.rapid7.com/blog/post/2022/12/20/cengage-lti-session-management-leakage/ | |
| https://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html | |
| https://medium.com/@M0X0101/how-i-was-able-to-steal-users-credentials-via-swagger-ui-dom-xss-e84255eb8c96 | |
| https://infosecwriteups.com/directory-ttraversal-vulnerability-in-huawei-hg255s-products-dce941a1d015 | |
| https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/ | |
| https://spaceraccoon.dev/analyzing-clipboardevent-listeners-stored-xss/ | |
| https://crypt0g30rgy.github.io/post/PaymentBypassTwo | |
| https://0xraminfosec.medium.com/simple-cors-misconfig-leads-to-disclose-the-sensitive-token-worth-of-91433763f4d6 | |
| https://omar0x01.medium.com/cve-2022-42710-a-journey-through-xxe-to-stored-xss-851d74dfe917 | |
| https://infosecwriteups.com/param-hunting-to-injections-4365da5447cf | |
| https://hacksys.io/blogs/foxit-reader-uaf-rce-jit-spraying-cve-2022-28672 | |
| https://salt.security/blog/missing-bricks-finding-security-holes-in-lego-apis | |
| https://bishopfox.com/blog/flowscreencomponents-advisory | |
| https://medium.com/@jonathanbouman/unprotected-api-endpoint-at-hawebsso-nl-5f1951e212fe | |
| https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/ | |
| https://spyclub.tech/2022/12/14/unusual-cache-poisoning-akamai-s3/ | |
| https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/ | |
| https://www.akamai.com/blog/security-research/msrpc-lsm-cve-disturbing-hosts-rest | |
| https://medium.com/@h4ck3rp4tik/privilege-escalation-leads-to-deleting-other-users-account-and-company-workspace-access-control-7b709eb88ef | |
| https://aidenpearce369.github.io/offsec/My-First-RedTeam-Engagement/ | |
| https://medium.com/@jazdprince/doing-it-the-researchers-way-how-i-managed-to-get-ssti-server-side-template-injection-which-66b239ca0104 | |
| https://www.vaadata.com/blog/exploiting-an-sql-injection-with-waf-bypass/ | |
| https://blog.lightspin.io/aws-ecr-public-vulnerability | |
| https://yilmazcanyigit.medium.com/cve-2019-6238-apple-xar-directory-traversal-vulnerability-9a32ba8b3b7d | |
| https://www.secforce.com/blog/cve-2022-20942-its-not-old-functionality-its-vintage/ | |
| https://karol-mazurek95.medium.com/not-usual-csp-bypass-case-b538263e09d6 | |
| https://0xmayankgarg.medium.com/pii-data-exfiltration-within-minutes-f06d4587d201 | |
| https://0x4kd.medium.com/how-i-became-a-millionaire-in-3h-fintech-bug-bounty-part-1-90193c5bd86f | |
| https://0x4kd.medium.com/graphql-exploitation-techniques-fintech-bug-bounty-part-2-b05b9cb7d64b | |
| https://medium.com/@Iam5345/how-i-hacked-the-dutch-government-and-got-the-lousy-t-shirt-81fd0a0dd84d | |
| https://hopesamples.blogspot.com/2022/12/idor-allows-to-assign-deleted-tasks-to.html | |
| https://hopesamples.blogspot.com/2022/12/source-code-leakage-due-to-exposed.html | |
| https://hopesamples.blogspot.com/2022/12/user-names-and-email-addresses-are.html | |
| https://hopesamples.blogspot.com/2022/12/custom-role-details-are-exposed-in.html | |
| https://hopesamples.blogspot.com/2022/12/users-of-other-organizations-can-be.html | |
| https://medium.com/@mrd17x/scoring-for-a-very-simple-bug-you-dont-always-need-proxy-tools-872a832f83ea | |
| https://web.archive.org/web/20221212095559/https://medium.com/@seeu-inspace/automate-cross-site-scripting-xss-exploitation-with-unusal-events-and-burp-intruder-9dfed4369fff | |
| https://research.nccgroup.com/2022/12/09/public-report-vpn-by-google-one-security-assessment/ | |
| https://blog.viettelcybersecurity.com/the-first-step-to-pwn2own-but-a-sad-one/ | |
| https://medium.com/@kashyapherry147/privilege-escalation-to-remove-the-owner-from-the-organization-c029292a5d55 | |
| https://infosecwriteups.com/stripe-live-key-exposed-bounty-1000-dc670f2c5d9c | |
| https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf | |
| https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Noam-Moshe-JS-ON-Security-off.pdf | |
| https://jowin922.medium.com/cors-misconfig-on-out-of-scope-domain-bug-bounty-writeup-300-usd-reward-8a9e420d21e0 | |
| https://blog.agilehunt.com/blogs/security/race-condition-vulnerability-in-azure-video-indexer-allowed-trial-account-users-use-advance-premium-feature | |
| https://www.blackhat.com/eu-22/briefings/schedule/#databindingshell-novel-pathways-to-rce-web-frameworks-28583 | |
| https://tusharvaidya16.medium.com/a03-2021-injection-sql-injection-through-internal-directory-disclose-ecdef5230131 | |
| https://medium.com/@shellyshubh/how-you-can-find-your-first-bug-using-google-c9327f82632e | |
| https://www.synacktiv.com/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html | |
| https://starlabs.sg/blog/2022/12-the-last-breath-of-our-netgear-rax30-bugs-a-tragic-tale-before-pwn2own-toronto-2022/ | |
| https://medium.com/@cybercitizen.tech/how-we-breached-zdfheute-live-on-television-7530509b91be | |
| https://starlabs.sg/blog/2022/12-the-hole-new-world-how-a-small-leak-will-sink-a-great-browser-cve-2021-38003/ | |
| https://xcoder074.medium.com/bac-idor-how-my-father-credit-card-help-me-to-find-this-access-control-issue-7ff7c1ae463e | |
| https://ag3n7.medium.com/otp-leaking-through-cookie-leads-to-account-takeover-4fb96f255e2f | |
| https://www.pmnh.site/post/writeup_spring_el_waf_bypass/ | |
| https://blog.nietaanraken.nl/posts/gitub-popular-repository-namespace-retirement-bypass/ | |
| https://marvelmaniac.medium.com/the-most-underrated-injection-of-all-time-cypher-injection-fa2018ba0de8 | |
| https://marxchryz.medium.com/url-validation-bypass-using-browser-uri-normalization-cf545d33d13f | |
| https://karmainsecurity.com/KIS-2022-06 | |
| https://blog.dixitaditya.com/manipulating-aes-traffic-using-a-chain-of-proxies-and-hardcoded-keys | |
| https://shahjerry33.medium.com/account-takeover-inside-the-tenant-6101a3cafbee | |
| https://medium.com/@haroonhameed_76621/a-775-worth-of-cookies-reflected-dom-based-xss-bug-bounty-poc-3e7720c78fbe | |
| https://medium.com/@swapmaurya20/3-step-idor-in-hackerresume-a365f2632996 | |
| https://github.com/Wh04m1001/SysmonEoP | |
| http://rez0.blog/hacking/2022/12/02/hacking-on-a-plane.html | |
| https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html | |
| https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/ | |
| https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/ | |
| https://theshubh77.medium.com/write-up-irremovable-comments-on-fb-lite-app-a-story-of-a-simple-fb-lite-bug-that-i-found-just-125aaa826dd8 | |
| https://medium.com/@sathvika03/interesting-find-on-the-invite-link-17cf5a46d747 | |
| https://onekey.com/blog/security-advisory-asus-m25-nas-vulnerability/ | |
| https://www.rcesecurity.com/2022/12/from-zero-to-hero-part-2-intel-dcm-sql-injection-to-rce-cve-2022-21225/ | |
| https://abhishekmorla.medium.com/bypassing-the-client-side-encryption-to-read-internal-windows-server-files-e832da8b4ac8 | |
| https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql | |
| https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust | |
| https://medium.com/bored-engineer/xss-on-account-leagueoflegends-com-via-easyxdm-2016-75bcf9d582b5 | |
| https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf | |
| https://hopesamples.blogspot.com/2022/11/the-space-creators-can-still-see.html | |
| https://aidilarf.medium.com/stored-xss-at-https-www-tiktok-com-11fed6db0590 | |
| https://www.synacktiv.com/sites/default/files/2022-11/trufusion_enterprise_unauthenticated_arbitrary_file_write.pdf | |
| https://blog.bitcrack.net/fabric-os-8-0-2cs-rbash-escape-to-read-system-files/ | |
| https://mc0wn.blogspot.com/2022/11/rce-on-apache-struts-2530.html | |
| https://0xjin.medium.com/voip-spoofing-intigriti-1-250-57b99bf8bd2b | |
| https://www.synacktiv.com/sites/default/files/2022-11/CodeIgniter3_XSS_2022.pdf | |
| https://letshack.xyz/offensive/general-research/discord-exe-improper-input-validation | |
| https://medium.com/@Hossam.Mesbah/broken-access-control-misconfiguration-beautiful-privilege-escalation-e4fdfd018efa | |
| https://medium.com/@aa.pietruczuk/improper-error-handling-leads-to-exposing-internal-tokens-3355d6b43a32 | |
| https://ltidi.medium.com/the-untold-sendbird-misconfigurations-1496d252bc69 | |
| https://offsec.space/posts/airtel-vulnerabilities/ | |
| https://medium.com/@sharp488/2fa-enabled-accounts-can-bypass-authentication-access-account-after-deactivation-8276a586be82 | |
| https://infosecwriteups.com/unique-rate-limit-bypass-worth-1800-6e2947c7d972 | |
| https://medium.com/@damaidec/firebase-exploit-bug-bounty-be63f4dc1e4a | |
| https://medium.com/@sharp488/access-any-owner-account-without-authentication-auth-bypass-2fa-bypass-94d0d3ef0d9c | |
| https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html | |
| https://bhashit.in/?p=117 | |
| https://medium.com/@protostar0/hacking-bank-the-second-story-of-finding-critical-vulnerabilities-on-banking-application-ac20cd8f3dad | |
| https://infosecwriteups.com/a-great-weekend-hack-worth-8k-9bfda8ab65b9 | |
| https://shafouz.medium.com/webview-xss-account-takeover-349c1d69606e | |
| https://attackshipsonfi.re/p/exploiting-cors-misconfigurations | |
| https://iamgk808.medium.com/how-i-hacked-into-a-government-e-learning-website-ce8da8fb4ccc | |
| https://v1dr4x.medium.com/hacking-dutch-government-broken-authentication-to-full-website-takeover-p1-9af477604d54 | |
| https://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection | |
| https://hacklido.com/d/93-able-to-mass-change-profile-section-leads-to-my-first-bounty | |
| https://petrusviet.medium.com/cve-2022-43781-32bc29de8960 | |
| https://rashahacks.com/directory-enumeration-guide/ | |
| https://letshack.xyz/offensive/web-application/legally-hacking-a-government-satellite | |
| https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security | |
| https://www.synacktiv.com/sites/default/files/2022-11/h2o_multiple_vulnerabilities.pdf | |
| https://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-cve-2022-33942/ | |
| https://saligrama.io/blog/post/dodging-oauth-origin-restrictions/ | |
| https://www.zerodayinitiative.com/blog/2022/11/22/cve-2022-40300-sql-injection-in-manageengine-privileged-access-management | |
| https://fluidattacks.com/blog/account-takeover-kayak/ | |
| https://medium.com/@0xelkot/how-i-get-10-sqli-and-30-xss-via-automation-tool-cebbd9104479 | |
| https://0x36.github.io/CVE-2022-32898/ | |
| https://labs.guard.io/xss-vulnerability-found-in-connectwise-remote-access-platform-with-great-potential-for-misuse-by-scammers-a0773da2aacf | |
| https://hacklido.com/d/90-cve-2021-40662-chamilo-lms-11114-rce | |
| https://emily.id.au/tailscale | |
| https://basu-banakar.medium.com/ssrf-via-dns-rebinding-cve-2022-4096-b7bf75928bb2 | |
| https://medium.com/pentesternepal/interesting-stored-xss-via-meta-data-eb8fe1de8b33 | |
| https://ssd-disclosure.com/ssd-advisory-netgear-r7800-afpd-preauth/ | |
| https://github.com/0xacb/recollapse/blob/main/till_recollapse_fuzzing_the_web_for_mysterious_bugs.pdf | |
| https://0xacb.com/2022/11/21/recollapse/ | |
| https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/ | |
| https://feed.bugs.xdavidhu.me/bugs/0017 | |
| https://medium.com/@valluvarsploit/fastly-subdomain-takeover-2000-217bb180730f | |
| https://medium.com/@mrd17x/my-account-takeover-writeup-5000-6895492aa549 | |
| https://cybervelia.com/?p=1380 | |
| https://trufflesecurity.com/blog/email-graffiti/index.html | |
| https://dewcode.medium.com/how-i-found-29-stored-xss-in-modern-framework-1cfe60a107a0 | |
| https://www.alevsk.com/2022/11/system-misconfiguration-is-the-number-one-vulnerability-at-least-for-mastodon/ | |
| https://splint3rsec.medium.com/russian-roulette-xss-bbba6afd2570 | |
| https://bendtheory.medium.com/remediation-archeology-finding-and-decoding-an-ancient-xss-ea541c1106d1 | |
| https://r29k.com/articles/bb/account-takeover | |
| https://medium.com/@win3zz/remote-command-execution-in-a-bank-server-b213f9f42afe | |
| https://www.semperis.com/blog/syncjacking-azure-ad-account-takeover/ | |
| https://wojciechregula.blog/post/macos-sandbox-escape-via-terminal/ | |
| https://medium.com/@snoopy101/250-for-email-account-enumeration-using-nametomail-tool-cce02a17ade8 | |
| https://0xm5awy.medium.com/how-i-found-8-vulnerabilities-in-24h-aad3bd5fd487 | |
| https://hacklido.com/d/87-reflected-xss-using-double-encoding | |
| https://blog.rehack.xyz/2022/11/rescrutiny-delay-then-migrate-your.html | |
| https://nirmaldahal.com.np/posts/2022/11/megas-unlimited-cloud-storage-vulnerability/ | |
| https://ian.sh/etugra | |
| https://ag3n7.medium.com/got-another-xss-using-double-encoding-e6493a9f7368 | |
| https://mehedishakeel.medium.com/information-exposure-my-fourth-finding-on-hackerone-4fc4461920c4 | |
| https://gonzxph.medium.com/account-takeover-worth-of-2500-e643661f94e9 | |
| https://medium.com/@hf6452/a-story-of-a-strange-stored-idor-b6f2769bb6cb | |
| https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/ | |
| https://www.bentkowski.info/2022/11/google-roulette/ | |
| https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend | |
| https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/ | |
| https://www.oxeye.io/blog/remote-code-execution-in-spotifys-backstage | |
| https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp | |
| https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws | |
| https://blog.sonarsource.com/checkmk-rce-chain-1/ | |
| https://blog.sonarsource.com/checkmk-rce-chain-2/ | |
| https://blog.sonarsource.com/checkmk-rce-chain-3/ | |
| https://medium.com/@haroonhameed_76621/winning-qr-with-dom-based-xss-bug-bounty-poc-4b4048cf285d | |
| https://saligrama.io/blog/post/firebase-insecure-by-default/ | |
| https://ssd-disclosure.com/ssd-advisory-cisco-secure-manager-appliance-jwt_api_impl-hardcoded-jwt-secret-elevation-of-privilege/ | |
| https://ssd-disclosure.com/ssd-advisory-cisco-secure-manager-appliance-remediation_request_utils-sql-injection-remote-code-execution/ | |
| https://theevilbit.github.io/posts/cve-2022-32929/ | |
| https://sec-consult.com/vulnerability-lab/advisory/path-traversal-vulnerability-in-payara-platform/ | |
| https://medium.com/@jodyritonga/how-i-get-100-in-just-10-minutes-b018b28645ce | |
| https://medium.com/@raymond-lind/finding-reflected-xss-in-a-strange-way-289a4f3fa630 | |
| https://www.trendmicro.com/en_us/research/22/k/cve-2019-8561-a-hard-to-banish-packagekit-framework-vulnerabilit.html | |
| https://www.usenix.org/system/files/sec23summer_432-shcherbakov-prepub.pdf | |
| https://www.usenix.org/system/files/sec23summer_235-rohlmann-prepub.pdf | |
| https://www.usenix.org/system/files/sec23summer_198-gilsenan-prepub.pdf | |
| https://varmaanu001.medium.com/from-shodan-dork-to-grafana-local-file-inclusion-e77dc4cfc264 | |
| https://blog.northseapwn.top/2022/11/11/Windows-Kernel-Exploit-CVE-2022-35803-in-Common-Log-File-System/index.html | |
| https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/ | |
| https://unit42.paloaltonetworks.com/openlitespeed-vulnerabilities/ | |
| https://blog.sigstore.dev/how-sigstore-quickly-patched-an-upstream-vulnerability-76ba84ef1122 | |
| https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/ | |
| https://caesarevan23.medium.com/google-vrp-acquisitions-insecure-direct-object-reference-2nd-2ece9b185ade | |
| https://medium.com/@umeryousuf26/sleep-sql-injection-on-name-parameter-while-updating-profile-2bbac9f47336 | |
| https://blog.niksthehacker.com/chaining-path-traversal-with-ssrf-to-disclose-internal-git-repo-data-in-a-bank-asset-8af4de6f12e | |
| https://mu00d8.me/paper/bernhard22jitpicking.pdf | |
| https://medium.com/@nireshpandian19/my-first-account-takeover-fd5570f09c0a | |
| https://hdwsec.fr/blog/20221109-netgear/ | |
| https://medium.com/@nxenon/some-tips-to-finding-idors-more-easily-and-fixing-them-2c9d0c58bb4a | |
| https://fortbridge.co.uk/research/compromising-plesk-via-its-rest-api/ | |
| https://maordayanofficial.medium.com/comodo-from-git-to-takeover-803ffb8b57e3 | |
| https://breakdev.org/zip-motw-bug-analysis/ | |
| https://mickeydebaets.medium.com/how-we-hacked-telenet-s-cybersecurity-quiz-958c1d3ee2ba | |
| https://medium.com/@mehdi.alouache/stormshield-sns-cleartext-password-leak-b436ef312fe9 | |
| https://medium.com/@shellyshubh/idor-on-unsubscribe-emails-to-200-bounty-ae16fb783b01 | |
| https://0xm5awy.medium.com/exploit-feature-to-get-high-bug-impact-1d3ae6517680 | |
| https://srd.cx/cve-2022-26730/ | |
| https://infosecwriteups.com/story-of-a-1k-bounty-ssrf-d5c4868680f5 | |
| https://medium.com/@wrinnsec/directory-traversal-in-pdf-viewing-application-leading-to-full-database-takeover-376e68eadd86 | |
| https://medium.com/@armandjasharaj/pentest-tales-exif-data-manipulation-b36beb291229 | |
| https://mr-medi.github.io/research/2022/11/04/practical-client-side-path-traversal-attacks.html | |
| https://medium.com/@omarbakrey90/csrf-leads-to-delete-user-account-fc362078be2f | |
| https://medium.com/@prathamrajgor/how-i-hacked-into-a-cambridges-server-and-got-appreciation-letter-d19a830756b2 | |
| https://caffeinevulns.com/rces-and-acpvs/ | |
| https://medium.com/@vflexo/invitation-hijacking-4d6467f418cc | |
| https://redsiege.com/blog/2022/11/the-power-of-adaptability-through-experience/ | |
| https://infosecwriteups.com/get-blind-xss-within-5-minutes-100-9718bd056570 | |
| https://medium.com/@bobvanderstaak/how-i-could-have-been-the-administrator-for-all-dutch-companies-and-create-invoices-and-still-can-de181160cec5 | |
| https://googleprojectzero.blogspot.com/2022/11/gregor-samsa-exploiting-java-xml.html | |
| https://rohit-soni.medium.com/chaining-multiple-vulnerabilities-leads-to-remote-code-execution-rce-on-paytm-e77f2fd2295e | |
| https://medium.com/@calfcrusher/fuzzing-for-hidden-params-671724bf3fd7 | |
| https://mehedishakeel.medium.com/improper-access-control-my-third-finding-on-hackerone-1455e95b6c8c | |
| https://infosecwriteups.com/how-403-forbidden-bypass-got-me-nokia-hall-of-fame-hof-8acbd2c1c2c8 | |
| https://medium.com/@0xnaeem/how-i-get-5x-swag-from-sony-102dbefd0c2c | |
| https://github.com/colmmacc/CVE-2022-3602 | |
| https://positive.security/blog/urlscan-data-leaks | |
| https://portswigger.net/research/safari-is-hot-linking-images-to-semi-random-websites | |
| https://medium.com/@jawadmahdi/blind-sql-injection-on-delete-request-486770af75a6 | |
| https://pwning.systems/posts/easy-apple-kernel-bug/ | |
| https://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading | |
| https://akashhamal0x01.medium.com/2fa-bypass-due-to-information-disclosure-improper-access-control-f9a5a8a4e0af | |
| https://medium.com/@nanwinata/old-rce-worth-3362-1af0cd70c459 | |
| https://blog.assetnote.io/2022/10/28/exploiting-static-site-generators/ | |
| https://0xm5awy.medium.com/how-i-was-able-to-get-free-money-via-sending-negative-tokens-1ed2e0e710e0 | |
| https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part | |
| https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part2-exploit-analysis | |
| https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ | |
| https://jayateerthag.medium.com/blind-ssrf-in-skype-microsoft-6639f4961052 | |
| https://medium.com/@nanwinata/rce-docker-api-but-11ff70825935 | |
| https://sensepost.com/blog/2022/abusing-windows-tokens-to-compromise-active-directory-without-touching-lsass/ | |
| https://logicbomb.medium.com/a-bug-worth-1-75lacs-aws-ssrf-to-rce-8d43d5fda899 | |
| https://blog.doyensec.com/2022/10/27/jupytervscode.html | |
| https://medium.com/@dsonbacker/a-250-css-injection-my-first-finding-on-hackerone-8863ad253560 | |
| https://medium.com/@gguzelkokar.mdbf15/hatal%C4%B1-yap%C4%B1land%C4%B1r%C4%B1lm%C4%B1%C5%9F-aws-s3-bucket-%C3%BCzerinde-bulunan-g%C3%BCvenlik-a%C3%A7%C4%B1%C4%9F%C4%B1n%C4%B1n-yaratt%C4%B1%C4%9F%C4%B1-etkiler-cb073179360d | |
| https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html | |
| https://www.praetorian.com/blog/self-hosted-github-runners-are-backdoors/ | |
| https://blog.nietaanraken.nl/posts/aur-packages-expired-domains/ | |
| https://bpandasec.medium.com/client-side-desync-attack-cl-0-request-smuggling-bounty-of-150-327d3aeaeea6 | |
| https://rambo.codes/posts/2022-10-25-sirispy-ios-bug-allowed-apps-to-eavesdrop | |
| https://checkmarx.com/blog/attacking-the-software-supply-chain-with-a-simple-rename/ | |
| https://ssd-disclosure.com/ssd-advisory-galaxy-store-applications-installation-launching-without-user-interaction/ | |
| https://medium.com/@raymond-lind/ssrf-bug-leads-to-aws-metadata-exposure-f2ee7d43c6c3 | |
| https://medium.com/@raymond-lind/stored-xss-to-cookie-exfiltration-2cbca6a8c7f0 | |
| https://boschko.ca/glinet-router/ | |
| https://starlabs.sg/blog/2022/10-sharepoint-post-authenticated-ssrf-vulnerability/ | |
| https://web.archive.org/web/20221025185418/https://bergee.it/blog/chaining-multiple-vulnerabilities-for-credential-stealing/ | |
| https://mechboy.medium.com/support-supports-a-hacker-be9931104923 | |
| https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html | |
| https://www.varonis.com/blog/the-logging-dead-two-windows-event-log-vulnerabilities | |
| https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/ | |
| https://blog.stratumsecurity.com/2022/10/24/abusing-apache-spark-sql-to-get-code-execution/ | |
| https://hamzadzworm.medium.com/5000-for-apple-stored-xss-and-another-blind-xss-still-under-review-e9f6f5a76eb1 | |
| https://medium.com/@raymond-lind/ssrf-lfi-in-uploads-feature-a134aa467abf | |
| https://medium.com/@raymond-lind/how-i-found-a-simple-stored-xss-9a6b1c5e0afa | |
| https://bishopfox.com/blog/jira-align-advisory | |
| https://snapsec.co/blog/Hacking-Agorapulse/ | |
| https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-003/-missing-authentication-in-zkteco-zem-zmm-web-interface | |
| https://medium.com/@ittipatjitrada_72022/how-i-found-three-credentials-leak-on-one-google-dork-on-bugcrowd-3dba9a23ace4 | |
| https://mehedishakeel.medium.com/broken-link-hijacking-my-second-finding-on-hackerone-d715b0713fca | |
| https://sensepost.com/blog/2022/sail-away-sail-away-sail-away/ | |
| https://medium.com/the-gray-area/1-000-p1-pii-disclosure-w-idor-cb344c55d52e | |
| https://caesarevan23.medium.com/google-vrp-insecure-direct-object-reference-3133-70-a0e37023a4c7 | |
| https://www.trustedsec.com/blog/the-curious-case-of-the-password-database/ | |
| https://www.evilsocket.net/2022/10/20/Reverse-Engineering-the-Apple-MultiPeer-Connectivity-Framework/ | |
| https://mouha.be/sha-3-buffer-overflow/ | |
| https://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/ | |
| https://www.code-intelligence.com/blog/potential-remote-code-execution-in-hsqldb | |
| https://medium.com/@CI_Fuzz/potential-remote-code-execution-vulnerability-discovered-in-hsqldb-4a2dfa6275ee | |
| https://medium.com/@h4x0r_dz/23000-for-authentication-bypass-file-upload-arbitrary-file-overwrite-2578b730a5f8 | |
| https://devco.re/blog/2022/10/19/a-new-attack-surface-on-MS-exchange-part-4-ProxyRelay/ | |
| http://blog.orange.tw/2022/10/proxyrelay-a-new-attack-surface-on-ms-exchange-part-4.html | |
| https://portswigger.net/research/http-3-connection-contamination | |
| https://kuldeep.io/posts/second-order-xxe-exploitation/ | |
| https://orca.security/resources/blog/fabrixss-vulnerability-azure-fabric-explorer/ | |
| https://www.mdsec.co.uk/2022/10/microsoft-office-online-server-remote-code-execution/ | |
| https://www.zerodayinitiative.com/blog/2022/10/19/cve-2022-3236-sophos-firewall-user-portal-and-web-admin-code-injection | |
| https://medium.com/@sas.kunz/scan-qr-code-and-got-hacked-cve-2021-43530-uxss-on-firefox-android-version-768b24b326fb | |
| https://medium.com/@kandar.souvik6/found-vulnaribility-on-subdomain-of-nasa-gov-simply-using-censys-d93f253ff560 | |
| https://boschko.ca/tenda_ac1200_router/ | |
| https://blog.blacklanternsecurity.com/p/yet-another-telerik-ui-revisit | |
| https://blog.sonarsource.com/remote-code-execution-in-melis-platform/ | |
| https://blog.doyensec.com/2022/10/18/cloudsectidbit-dataimport.html | |
| https://www.jomar.fr/posts/2022/basic_recon_to_rce_iii/ | |
| https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it.html | |
| https://marcin-wolak.medium.com/cve-2022-24082-rce-in-the-pega-platform-discovery-remediation-technical-details-long-live-69efb5437316 | |
| https://microsoftedge.github.io/edgevr/posts/memory-corruption-vulnerabilities-in-edge/ | |
| https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/ | |
| https://sector7.computest.nl/post/2022-10-iconics-genesis64/ | |
| https://lokeshdlk77.medium.com/facebook-sms-captcha-was-vulnerable-to-csrf-attack-8db537b1e980 | |
| https://research.nccgroup.com/2022/10/17/toner-deaf-printing-your-next-persistence-hexacon-2022/ | |
| https://saajan.bhujel.cyou/blog/web/2022-10-16-how-i-got-10000-from-github-for-bypassing-filtration-of-html-tags | |
| https://infosecwriteups.com/how-i-got-10-000-from-github-for-bypassing-filtration-of-html-tags-db31173c8b37 | |
| https://web.archive.org/web/20221017025828/https://medium.com/@EX_097/my-first-critical-bug-in-hackerone-platform-2ce9adcb39a6 | |
| https://blog.kylebot.net/2022/10/16/CVE-2022-1786/ | |
| https://0x4kd.medium.com/google-sso-misconfiguration-leading-to-account-takeover-cf9bcf63e76e | |
| https://medium.com/@Cybervenom/story-about-escalation-of-html-injection-to-ec2-instance-credentials-leak-e2cbd7343a83 | |
| https://blog.infiltrateops.io/the-castles-latrine-10f9c16548bd | |
| https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation | |
| https://payatu.com/blog/p3n7a90n/wp-all-export-pro | |
| https://www.synacktiv.com/sites/default/files/2022-10/SSH.NET_weak_private_key_generation_0.pdf | |
| https://infosecwriteups.com/its-the-little-things-breaking-an-ai-40c30ae85f37 | |
| https://checkmarx.com/blog/some-vulnerabilities-dont-have-a-name/ | |
| https://medium.com/@iknowhatodo/fall-account-takeover-via-amazon-cognito-misconfiguration-ba5975b06c24 | |
| https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684 | |
| https://mr23r0.medium.com/code-flaws-leads-to-org-admin-account-takeover-ad9515a96eab | |
| https://0xgad.medium.com/sql-injection-in-graphql-2859c96547a8 | |
| https://hacksys.io/blogs/adobe-reader-xfa-ansi-unicode-confusion-information-leak | |
| https://www.directdefense.com/compromising-a-backup-system-by-iscsi-interface-during-a-routine-penetration-test/ | |
| https://medium.com/@nireshpandian19/the-story-of-a-p5-that-lead-me-to-a-p3-find-3f8a5ea2c6e1 | |
| https://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922 | |
| https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm | |
| https://abdelhameedghazy.medium.com/broken-access-control-leads-to-full-team-takeover-and-privilege-escalation-6f50174f29ce | |
| https://medium.com/@erik.wynter/pwning-manageengine-from-endpoint-to-exploit-bc5793836fd | |
| https://infosecwriteups.com/critical-idor-vulnerability-on-medium-f78346edbcb1 | |
| https://cyberlix.io/breaking-parser-logic-gain-access-to-nginx-plus-api-read-write-upstreams/ | |
| https://www.intruder.io/research/in-guid-we-trust | |
| https://www.akamai.com/blog/security-research/cold-hard-cache-bypassing-rpc-with-cache-abuse | |
| https://blog.yeswehack.com/yeswerhackers/web-application-firewall-bypass/ | |
| https://smaranchand.com.np/2022/10/taking-over-the-medium-subdomain-using-medium/ | |
| https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 | |
| https://medium.com/@protostar0/hacking-banks-broken-access-control-vulnerability-in-banking-application-part-i-c442ed5ae170 | |
| https://medium.com/@protostar0/hacking-bank-broken-access-control-vulnerability-in-banking-application-part-ii-89c8edc1baef | |
| https://talosintelligence.com/vulnerability_reports/TALOS-2022-1587 | |
| https://www.pentagrid.ch/de/blog/reflected-xss-vulnerability-in-crealogix-ebics-implementation/ | |
| https://nmochea.medium.com/gcash-vulnerability-walkthrough-c7c938163dfb | |
| https://www.synacktiv.com/publications/persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html | |
| https://debprasadbanerjee502.medium.com/the-easiest-bug-to-get-a-hall-of-fame-from-a-billion-dollar-company-8278fd7b3035 | |
| https://medium.com/@claudio_moranb/vulnerabilities-in-online-payment-systems-edd2d3c06905 | |
| https://crypt0g30rgy.github.io/post/AuthBypass | |
| https://mearegtu.medium.com/insecure-comments-73399193f804 | |
| https://medium.com/stolabs/cve-2022-36635-a-sql-injection-in-zksecuritybio-to-rce-c5bde2962d47 | |
| https://omar0x01.medium.com/company-building-takeover-10a422385390 | |
| https://research.nccgroup.com/2022/10/06/technical-advisory-openjdk-weak-parsing-logic-in-java-net-inetaddress-and-related-classes/ | |
| https://ssd-disclosure.com/ssd-advisory-pfsense-post-auth-rce/ | |
| https://ahmadaabdulla.medium.com/mr-robot-self-xss-from-informative-to-high-1200-csrf-open-redirect-self-xss-to-stored-92f371ba3da1 | |
| https://tantosec.com/blog/cve-2022-41343/ | |
| https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/ | |
| https://c0nqr0r.medium.com/error-based-sql-injection-with-waf-bypass-manual-exploit-100-bab36b769005 | |
| https://itnext.io/a-deep-dive-of-cve-2022-33987-got-allows-a-redirect-to-a-unix-socket-cdeed53944f7 | |
| https://pseudorandom.resistant.tech/disclosing-security-and-privacy-issues-in-thunderbird.html | |
| https://cloudsek.com/appsmith-patches-full-read-ssrf-vulnerabilities-reported-by-cloudsek/ | |
| https://medium.com/@amithc38/how-i-found-a-p1-bug-a9873819a2d0 | |
| https://blog.bricked.tech/posts/tmnf/part1/ | |
| https://blog.bricked.tech/posts/tmnf/part2/ | |
| https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/ | |
| https://medium.com/@302Found/bugcrowd-tale-of-multiple-misconfigurations-cb5b98f09302 | |
| https://medium.com/@nireshpandian19/my-first-and-second-bugs-are-2fa-bypass-1f6fd823b467 | |
| https://medium.com/@bug_vs_me/csrf-attack-0-click-account-delete-1st-write-up-3d67b267b931 | |
| https://rohit443.medium.com/using-default-credential-to-admin-account-takeover-677e782ff2f2 | |
| https://adilnbabras.medium.com/how-i-found-an-idor-worth-1500-d5f78bc22a7e | |
| https://thehemdeep.medium.com/breaking-business-logic-part-2-7-1-f19924b18783 | |
| https://medium.com/@Cybervenom/tale-of-easy-p1-bugs-in-wild-1b7f5bf80eef | |
| https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/ | |
| https://trenchant.io/two-lines-of-jscript-for-20000-pwn2own-miami-2022/ | |
| https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/ | |
| https://infosecwriteups.com/security-vs-compliance-cloudflare-password-policy-restriction-bypass-da07ca7df4f2 | |
| https://medium.com/@jacopotediosi/worldwide-server-side-cache-poisoning-on-all-akamai-edge-nodes-50k-bounty-earned-f97d80f3922b | |
| https://omar0x01.medium.com/orange-arbitrary-command-execution-75ba7f283d53 | |
| https://labs.ingredous.com/2022/09/29/ecdsa-nonce-reuse/ | |
| https://carvesystems.com/news/xss-through-dhcp-how-attackers-use-standards/ | |
| https://daturamater.medium.com/a-breach-on-patreon-and-their-elusive-bounty-program-5e7ea62dc738 | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2022-37461-two-reflected-xss-vulnerabilities-in-canon-medicals-vitrea-view/ | |
| https://starlabs.sg/blog/2022/09-apple-coretext-an-unexpected-journey-to-learn-about-failure/ | |
| https://consensys.net/diligence/blog/2022/09/the-forgotten-ipfs-vulnerabilities/ | |
| https://nebuchadnezzar-megolm.github.io | |
| https://www.blackhat.com/eu-22/briefings/schedule/#practically-exploitable-cryptographic--vulnerabilities-in-matrix-29883 | |
| https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques/ | |
| https://medium.com/@seeu-inspace/two-rces-are-better-than-one-write-up-of-an-interesting-lateral-movement-66a52d42e075 | |
| https://blog.silentsignal.eu/2022/09/28/another-tale-of-ibm-i-as-400-hacking/ | |
| https://webs3c.com/t/from-nothing-to-aws-credentials/220 | |
| https://blog.champtar.fr/VLAN0_LLC_SNAP/ | |
| https://blog.rehack.xyz/2022/09/tips-tricks-discovering-less-known.html | |
| https://notmyplate.com/whitepaper/ | |
| https://frycos.github.io/vulns4free/2022/09/26/skype-audit-part2.html | |
| https://www.semperis.com/blog/new-attack-paths-as-requested-sts/ | |
| https://bergee.it/blog/blind-account-takeover/ | |
| https://blog.infiltrateops.io/tesla-paid-me-10-000-because-of-directory-indexing-c1be06c77a3e | |
| https://nmochea.medium.com/shopping-app-deeplink-arbitrary-urls-91a143a45c11 | |
| https://xthemo.medium.com/stored-xss-at-nvidia-via-angular-js-template-injection-3c9793218860 | |
| https://sagarsajeev.medium.com/escalating-ssti-to-reflected-xss-using-curly-braces-825685bd93ec | |
| https://rohit443.medium.com/blind-xss-on-admin-portal-leads-to-information-disclosure-121d26b2a35a | |
| https://k4m1ll0.com/ShiftF10Bypass-and-privesc.html | |
| https://infosecwriteups.com/complete-take-over-of-cisco-unified-communications-manager-due-consecutively-misconfigurations-2a1b5ce8bd9a | |
| https://www.preludesecurity.com/blog/cve-2022-35256-http-request-smuggling-in-nodejs | |
| https://thinkloveshare.com/hacking/preauth_remote_code_execution_web_page_test/ | |
| https://medium.com/manomano-tech/pre-auth-remote-code-execution-web-page-test-9937d78d2f41 | |
| https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec | |
| https://nmochea.medium.com/arbitrary-file-corruption-end-to-end-encrypted-messaging-application-674963dceef8 | |
| https://medium.com/@digant_15/my-first-valid-bug-bypass-the-admin-panel-e859e72a1b7d | |
| https://medium.com/@AvyuktSyrine/my-first-xss-d88ee864df82 | |
| https://medium.com/@renwa/opera-browser-vpn-bypass-20877aaf08c0 | |
| https://www.form3.tech/engineering/content/exploiting-distroless-images | |
| https://frycos.github.io/vulns4free/2022/09/22/skype-audit-part1.html | |
| https://portswigger.net/research/making-http-header-injection-critical-via-response-queue-poisoning | |
| https://infosecwriteups.com/how-i-found-multiple-sql-injections-in-5-minutes-in-bug-bounty-40155964c498 | |
| https://www.trellix.com/en-us/about/newsroom/stories/research/tarfile-exploiting-the-world.html | |
| https://10degres.net/one-takeover-to-rule-them-all/ | |
| https://samcurry.net/universal-xss-on-netlifys-next-js-library/ | |
| https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/tarfile-exploiting-the-world.html | |
| https://doyensec.com/resources/Doyensec_Advisory_TypeORM_Q32022.pdf | |
| https://medium.com/@cyberali/mass-assignment-leading-to-pre-account-takeover-13041280a0d9 | |
| https://medium.com/cloud-security/parameters-in-lambda-functions-that-lead-to-xss-and-injection-1bc8e14fca6f | |
| https://www.cidersecurity.io/blog/research/how-we-abused-repository-webhooks-to-access-internal-ci-systems-at-scale/ | |
| https://blog.sonarsource.com/onedev-remote-code-execution/ | |
| https://doyensec.com/resources/Doyensec_Apollo_Report_Q22022_v4_AfterRetest.pdf | |
| https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access | |
| https://apapedulimu.click/idor-on-apple/ | |
| https://apapedulimu.click/tag-myself-in-your-favorite-tiktok-artist-video-idor/ | |
| https://x-vector.medium.com/privilege-escalation-leads-to-making-authenticated-actions-payment-processing-creating-invoices-2cf808d517ed | |
| https://www.x86matthew.com/view_post?id=windows_seagate_lpe | |
| https://ssd-disclosure.com/ssd-advisory-linux-clock_thread_cputime_id-lpe/ | |
| https://github.com/StackOverflowExcept1on/how-to-hack-github-actions | |
| https://medium.com/@cyberali/android-application-forgot-password-token-leakage-leading-to-account-takeover-8a0b28296531 | |
| https://breakpoint.sh/posts/turning-your-computer-into-a-gps-tracker-with-apple-maps | |
| https://srahulceh.medium.com/bug-bounty-how-i-found-an-sensitive-information-disclosure-reconnaissance-542daf10dd19 | |
| https://medium.com/@Parag_Bagul/ssrf-attack-leading-to-aws-metadata-e95155fa6c6f | |
| https://medium.com/@yashshirke7806/how-i-found-unauthorized-bypass-rce-3591a86425a9 | |
| https://blog.hacktivesecurity.com/index.php/2022/09/17/http/ | |
| https://systemweakness.com/how-i-made-the-multiple-hall-of-fame-in-nokia-within-2-minutes-535056fcb66d | |
| https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00 | |
| https://medium.com/@rdzsp/getting-paid-with-just-picking-color-bug-bounty-d3dbbac277fa | |
| https://infosecwriteups.com/abusing-broken-link-in-fitbit-google-acquisition-to-collect-bugbounty-reports-on-behalf-of-google-5885a556eb7c | |
| https://medium.com/@tobydavenn/the-tale-of-ssrf-to-rce-on-gov-domain-191185b32b37 | |
| https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md | |
| https://blog.assetnote.io/2022/09/14/rce-in-bitbucket-server/ | |
| https://onekey.com/blog/security-advisory-netgear-routers-funjsq-vulnerabilities/ | |
| https://infosecwriteups.com/how-i-abused-the-file-upload-function-to-get-a-high-severity-vulnerability-in-bug-bounty-7cdcf349080b | |
| https://sector7.computest.nl/post/2022-09-unified-automation-opcua-cpp/ | |
| https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone | |
| https://cturt.github.io/mast1c0re.html | |
| https://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilities | |
| https://arben.sh/bugbounty/Blind-XXE-CVE-2019-12154/ | |
| https://medium.com/@cyberali/blind-xss-and-time-based-sql-injection-to-admin-panel-control-and-database-takeover-9b7645a53748 | |
| https://blog.includesecurity.com/2021/06/hacking-unity-games-malicious-unity-game-objects/ | |
| https://blog.includesecurity.com/2022/09/hacking-unity-games-with-malicious-gameobjects-part-2/ | |
| https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens | |
| https://arben.sh/research/LiveHelperChat-RCE/ | |
| https://medium.com/@nynan/how-i-didnt-get-an-rce-in-a-200-billion-company-bug-bounty-377afb2fb4ec | |
| https://hesec.de/posts/bbh-csrf/ | |
| https://medium.com/@cyberali/contentful-access-token-disclosure-in-android-apk-ace5f7bdf98 | |
| https://0x01alka.medium.com/ssrf-g-vrp-for-5000-d08c8f515c95 | |
| https://rashahacks.com/privacy-violation-in-chat-system/ | |
| https://medium.com/@zer0d/how-i-found-3-bug-bounties-in-a-day-c82fe023716e | |
| https://medium.com/@Parag_Bagul/how-i-was-able-to-bypass-philips-authentication-c3bd3e1df9ff | |
| https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code | |
| https://www.graplsecurity.com/post/attacking-firecracker | |
| https://www.zerodayinitiative.com/blog/2022/9/7/riding-the-inforail-to-exploit-ivanti-avalanche-part-2 | |
| https://gist.github.com/karalabe/4d10a879e361bb5b85302d57c193f532 | |
| https://medium.com/@abbasheybati1/403-bypass-lyncdiscover-microsoft-com-db2778458c33 | |
| https://bloggerrando.blogspot.com/2022/09/09-1.html | |
| https://www.whiteoaksecurity.com/blog/fun-with-cors/ | |
| https://labs.jumpsec.com/quest-kace-desktop-authority-pre-auth-remote-code-execution-cve-2021-44031/ | |
| https://sector7.computest.nl/post/2022-09-aveva-edge/ | |
| https://www.rapid7.com/blog/post/2022/09/08/baxter-sigma-spectrum-infusion-pumps-multiple-vulnerabilities-fixed/ | |
| https://www.binarly.io/posts/Binarly_Finds_Six_High_Severity_Firmware_Vulnerabilities_in_HP_Enterprise_Devices/index.html | |
| https://starlabs.sg/blog/2022/09-step-by-step-walkthrough-of-cve-2022-32792/ | |
| https://security.humanativaspa.it/groovy-template-engine-exploitation-notes-from-a-real-case-scenario/ | |
| https://shinchina.in/blog/2022-09-07/$900-blind-xss.html | |
| https://mogwailabs.de/en/blog/2022/08/exploiting-laravel-based-applications-with-leaked-app_keys-and-queues/ | |
| https://omar0x01.medium.com/how-i-found-3-rxss-on-the-lululemon-bug-bounty-program-fa357a0154c2 | |
| https://security.humanativaspa.it/groovy-template-engine-exploitation-notes-from-a-real-case-scenario/ | |
| https://medium.com/@Parag_Bagul/how-i-found-moodle-cross-site-scripting-459a1c9ad4d5 | |
| https://marcyoung.us/post/zuckerpunch/ | |
| https://hopesamples.blogspot.com/2022/09/idor-leads-to-removing-members-from-any.html | |
| https://hopesamples.blogspot.com/2022/09/group-experts-pending-expertise-request.html | |
| https://hopesamples.blogspot.com/2022/09/details-about-future-collaboration.html | |
| https://taggart-tech.com/quasar-electron/ | |
| https://portswigger.net/research/how-to-turn-security-research-into-profit | |
| https://0xmahmoudjo0.medium.com/exploiting-out-of-band-xxe-in-the-wild-16fc6dad9ee2 | |
| https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/ | |
| https://bergee.it/blog/turning-cookie-based-xss-into-account-takeover/ | |
| https://www.bigous.me/2022/09/06/CVE-2022-35405.html | |
| https://srahulceh.medium.com/bug-bounty-how-i-found-an-ssrf-reconnaissance-7b1821a1b1fd | |
| https://www.zerodayinitiative.com/blog/2022/8/31/cve-2022-34715-more-microsoft-windows-nfs-v4-remote-code-execution | |
| https://www.shielder.com/blog/2022/09/how-to-decrypt-manage-engine-pmp-passwords-for-fun-and-domain-admin-a-red-teaming-tale/ | |
| https://medium.com/@jedus0r/idor-insecure-direct-object-references-my-first-p1-in-bugbounty-fb01f50e25df | |
| https://daniel.haxx.se/blog/2022/09/05/a-bug-that-was-23-years-old-or-not/ | |
| https://zolder.io/hacking-my-helium-crypto-miner/ | |
| https://ssd-disclosure.com/ssd-advisory-linux-config_watch_queue-lpe/ | |
| https://blog.silentsignal.eu/2022/09/05/simple-ibm-i-as-400-hacking/ | |
| https://vvx7.io/posts/2022/09/your-amiibos-haunted/ | |
| https://medium.com/@0x0Asif/how-i-found-my-first-rce-8f8033883dc4 | |
| https://medium.com/@mr.vrushabh/discovery-of-cve-2022-35406-303f4bca2742 | |
| https://nokline.github.io/bugbounty/2022/09/02/Glassdoor-Cache-Poisoning.html | |
| https://hackerone.com/reports/1621540 | |
| https://feed.bugs.xdavidhu.me/bugs/0015 | |
| https://mr23r0.medium.com/the-database-handover-a-dumb-mistake-critical-bug-f73c99e72e40 | |
| https://xthemo.medium.com/how-can-i-get-sql-injection-b8337c2c2bef | |
| https://www.legitsecurity.com/blog/github-privilege-escalation-vulnerability-0 | |
| https://medium.com/@xJay/angularjs-client-side-template-injection-the-orderby-filter-20002ca2a0e8 | |
| https://orca.security/resources/blog/synapse-local-privilege-escalation-vulnerability-spark/ | |
| https://portswigger.net/research/using-hackability-to-uncover-a-chrome-infoleak | |
| https://snapsec.co/blog/Log4shell-on-agorapulse/ | |
| https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/ | |
| https://blog.syss.com/posts/abusing-ms-teams-direct-routing/ | |
| https://c0nqr0r.medium.com/reading-robots-txt-got-me-4-xss-reports-9fd2234c635f | |
| https://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/ | |
| https://med-mahmoudi26.medium.com/saving-more-than-100-000-website-from-a-watering-hole-attack-a22f63a37f94 | |
| https://blog.riotsecurityteam.com/xsshtmli-crafting-better-pocs | |
| https://rhinosecuritylabs.com/research/cve-2022-26113-forticlient-arbitrary-file-write-as-system/ | |
| https://abdulsec.medium.com/mfa-bypass-in-private-program-the-abdulsec-way-f677fea209f7 | |
| https://eslam3kl.medium.com/idor-at-login-function-leads-to-leak-users-pii-data-d77e6613e9e0 | |
| https://falcon319.medium.com/my-findings-on-hack-u-s-program-43b692a5c057 | |
| https://mehedishakeel.medium.com/found-sql-injection-vulnerability-on-government-organization-website-3eb33c0c49a4 | |
| https://jfrog.com/blog/cve-2021-38297-analysis-of-a-go-web-assembly-vulnerability/ | |
| https://spaceraccoon.dev/exploiting-improper-validation-amazon-simple-notification-service/ | |
| https://s0md3v.github.io/blog/modsecurity-rce-bypass | |
| https://www.ambionics.io/blog/hacking-watchguard-firewalls | |
| https://infosecwriteups.com/bypassing-amazon-waf-to-pop-an-alert-4646ce35554e | |
| https://moustadif.medium.com/how-i-bypassed-reflected-xss-in-well-known-platform-274c07f97674 | |
| https://infosecwriteups.com/out-of-bond-remote-code-execution-rce-on-de-nederlandsche-bank-n-v-with-burp-suite-collaborator-2ce50260e2e4 | |
| https://notifybugme.medium.com/how-i-found-reflected-xss-on-idfc-bank-with-burp-suite-intruder-7c53275daf02 | |
| https://sagarsajeev.medium.com/unsubscribe-any-users-e-mail-notifications-via-idor-2c2e05b79dac | |
| https://fortbridge.co.uk/research/csrf-vulnerability-in-nodejs-ecosystem/ | |
| https://monish-basaniwal.medium.com/the-million-dollar-hack-8163892bfe2f | |
| https://infosecwriteups.com/ssrf-leads-to-access-aws-metadata-21952c220aeb | |
| https://akshayravic09yc47.medium.com/improper-input-validation-leads-to-email-spamming-5d1a53b2a579 | |
| https://joshuaarulsamy.medium.com/my-hall-of-fame-at-united-nations-success-story-97675232aed7 | |
| https://xcellerator.github.io/posts/tetsuji/ | |
| https://members.backbox.org/zimbra-open-bucket-data-leak-responsible-disclosure/ | |
| https://infosecwriteups.com/break-the-logic-5-different-perspectives-in-single-page-1500-5aa09da0fe7a | |
| https://pulsesecurity.co.nz/advisories/aspnetboilerplate-jwt | |
| https://ssd-disclosure.com/ssd-advisory-vhdmpivalidatevirtualdisksurface-lpe/ | |
| https://blog.nietaanraken.nl/posts/github-pages-command-injection/ | |
| https://dphoeniixx.medium.com/chaining-telegram-bugs-to-steal-session-related-files-c90eac4749bd | |
| https://jfrog.com/blog/satisfying-our-way-into-remote-code-execution-in-the-opc-ua-industrial-stack/ | |
| https://jfrog.com/blog/crashing-industrial-control-systems-at-pwn2own-miami-2022/ | |
| https://medium.com/@bobbyrsec/gifshell-covert-attack-chain-and-c2-utilizing-microsoft-teams-gifs-1618c4e64ed7 | |
| https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html | |
| https://canmustdie.medium.com/break-the-logic-insecure-parameters-300-e655cc4fcc42 | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/oracle-sbc-multiple-security-vulnerabilities-leading-to-unauthorized-access-and-denial-of-service/ | |
| https://blog.sonarsource.com/securing-developer-tools-argument-injection-in-vscode/ | |
| https://redrays.io/cve-2020-2733-jd-edwards/ | |
| https://www.zerodayinitiative.com/blog/2022/8/17/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-1 | |
| https://www.zerodayinitiative.com/blog/2022/8/23/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-2 | |
| https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe | |
| https://github.com/0vercl0k/paracosme | |
| https://redrays.io/cve-2020-6369-patch-bypass/ | |
| https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ | |
| https://security.humanativaspa.it/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030/ | |
| https://apth3hack3r.medium.com/ssrf-google-hof-hall-of-fame-2c159dda04e3 | |
| https://medium.com/@mullangisashank/how-a-port-scan-got-me-nokia-hall-of-fame-6f9b65e920e3 | |
| https://wesecureapp.com/blog/blockchain-network-is-secured-but-not-the-apps-and-their-integrations/ | |
| https://bergee.it/blog/blind-command-injection/ | |
| https://hackingguy.medium.com/failed-coding-assessment-to-remote-code-execution-a-case-study-part-1-1778934b3b34 | |
| https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php | |
| https://www.bugbounty.info/2022/08/never-underestimate-power-of-open.html | |
| https://medium.com/@faique/account-takeover-worth-1000-611452063cf | |
| https://www.microsoft.com/security/blog/2022/08/19/uncovering-a-chromeos-remote-memory-corruption-vulnerability/ | |
| https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/ | |
| https://monke.ie/xss-by-javascript-overriding/ | |
| https://blog.78researchlab.com/b9c80d00-d935-43b1-8805-969000df301d | |
| https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-35742 | |
| https://www.cyberark.com/resources/threat-research-blog/trust-me-i-m-a-robot-can-we-trust-rpa-with-our-most-guarded-secrets | |
| https://www.whiteoaksecurity.com/blog/fishbowl-disclosure-cve-2022-29805/ | |
| https://blog.orange.tw/2022/08/lets-dance-in-the-cache-destabilizing-hash-table-on-microsoft-iis.html | |
| https://spaceraccoon.dev/exploiting-icalendar-properties-enterprise-applications/ | |
| https://medium.com/@dirtycoder0124/n-a-to-750-bounty-for-a-blind-xss-dc218c84a340 | |
| https://bugcrowd.com/disclosures/f7ce8504-0152-483b-bbf3-fb9b759f9f89/critical-local-file-read-in-electron-desktop-app | |
| https://thinkloveshare.com/hacking/rce_on_spip_and_root_me_v2/ | |
| https://medium.com/@Dhamuharker/monitoring-linux-host-metrics-with-the-node-exporter-information-disclosure-350-bab3baa75bdc | |
| https://medium.com/@tobydavenn/dom-xss-on-a-gov-domain-bypassing-waf-93daec67fda9 | |
| https://bloggerrando.blogspot.com/2022/08/17-1.html | |
| https://medium.com/@ashlyn.lau_17206/2fa-bypass-do-re-mi-cfcfc3775d2e | |
| https://doyensec.com/resources/Doyensec_Advisory_SmokescreenGoProxy_Q12022.pdf | |
| https://accessvector.net/2022/freebsd-aio-lpe | |
| https://xthemo.medium.com/open-redirect-at-nvidia-62343b45f85b | |
| https://labs.nettitude.com/blog/cve-2022-30211-windows-l2tp-vpn-memory-leak-and-use-after-free-vulnerability/ | |
| https://www.immersivelabs.com/blog/we-discovered-major-vulnerabilities-in-control-web-panel-heres-how-we-found-them/ | |
| https://infosecwriteups.com/salesforce-bug-hunting-to-critical-bug-b5da44789d3 | |
| https://sagarsajeev.medium.com/business-logic-vulnerability-via-idor-6d510f1caea9 | |
| https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/ | |
| https://bergee.it/blog/five-minute-hunting-for-hidden-xss/ | |
| https://bergee.it/blog/the-forgotten-api-and-xss-filter-bypass/ | |
| https://bergee.it/blog/url-filter-bypass-rfi-and-xss/ | |
| http://www.hydrogen18.com/blog/hacking-zyxel-ip-cameras-pt-1.html | |
| https://blog.bugzero.io/how-i-get-into-united-nations-hall-of-fame-6975e3d3cc45 | |
| https://bergee.it/blog/xss-via-angular-template-injection/ | |
| https://blog.electrovolt.io/posts/element-rce/ | |
| https://twitter.com/S1r1u5_/status/1559561002349633536 | |
| https://medium.com/@lovely.goyal1998/story-of-5000-bounty-for-grafana-panel-access-in-apple-89c93ab4486f | |
| https://www.akamai.com/blog/security/authentication-coercion-windows-server-service | |
| https://web.archive.org/web/20220815093448/https://deb0con.medium.com/how-i-earned-a-7000-bug-bounty-from-grab-rce-unique-bugs-5e5037c5a58d | |
| https://sagarsajeev.medium.com/escalating-open-redirect-to-xss-d2b9355e5f05 | |
| https://sagarsajeev.medium.com/an-unusual-tale-of-email-verification-bypass-dcf884d544eb | |
| https://medium.com/@bharatsingh070601/bypassing-unexpected-idor-e6a9da2e0498 | |
| https://medium.com/@Bishoo97x/un-united-nations-host-header-injection-leads-to-any-full-account-takeover-ato-795bc9ebc670 | |
| https://doyensec.com/resources/Doyensec_Advisory_AnnounceKit_Q12022.pdf | |
| https://www.synacktiv.com/en/publications/exploiting-cve-2022-24816-a-code-injection-in-the-jt-jiffle-extension-of-geoserver.html | |
| https://medium.com/@fpatrik/how-i-found-an-xss-vulnerability-via-using-emojis-7ad72de49209 | |
| https://research.checkpoint.com/2022/researching-xiaomis-tee/ | |
| https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ | |
| https://sagarsajeev.medium.com/file-upload-bypass-to-rce-76991b47ad8f | |
| https://medium.com/@iknowhatodo/amazon-cognito-misconfiguration-lead-to-account-takeover-20694243ca40 | |
| https://bahruz.me/publications/11844 | |
| https://bahruz.me/posts/biological-inspiration | |
| https://srcincite.io/blog/2022/08/11/i-am-whoever-i-say-i-am-infiltrating-vmware-workspace-one-access-using-a-0-click-exploit.html | |
| https://github.com/sourceincite/hekate/ | |
| https://srcincite.io/assets/iam-who-i-say-iam.pdf | |
| https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities | |
| https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html | |
| https://gonzx.medium.com/my-experience-on-hacking-the-dutch-government-a2c5a5f43d83 | |
| https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/ | |
| https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-lei | |
| https://www.usenix.org/conference/usenixsecurity22/presentation/li-song | |
| https://www.usenix.org/conference/usenixsecurity22/presentation/mirheidari | |
| https://i.blackhat.com/USA-22/Wednesday/US-22-Doyhenard-Internal-Server-Error-wp.pdf | |
| https://i.blackhat.com/USA-22/Wednesday/US-22-Doyhenard-Internal-Server-Error.pdf | |
| https://portswigger.net/research/browser-powered-desync-attacks | |
| https://medium.com/@avinash_/email-confirmation-bypass-at-instagram-cc968f9a126 | |
| https://web.archive.org/web/20220812183449/https://deb0con.medium.com/how-i-earned-a-6000-bug-bounty-from-cloudflare-db6949e39cf7 | |
| https://bugra.ninja/posts/cloudshell-command-injection/ | |
| https://medium.com/@engrdrayc/403-forbidden-bypass-leading-to-admin-endpoint-access-b696a36665ed | |
| https://mohamedtarekq.medium.com/defeat-the-httponly-flag-to-achieve-account-takeover-rxss-c16849d3d192 | |
| https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser | |
| https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html | |
| https://blog.sonarsource.com/security-implications-of-url-parsing-differentials | |
| https://onekey.com/blog/advisory-cisco-small-business-rv-series-routers-web-filter-database-update-command-injection-vulnerability/ | |
| https://srcincite.io/blog/2022/08/09/from-shared-dash-to-root-bash-pre-authenticated-rce-in-vmware-vrealize-operations-manager.html | |
| https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd | |
| https://medium.com/@the_harvester/bypassed-cloudflares-web-application-firewall-waf-44da57f3a1d3 | |
| http://blog.h4rsh4d.com/2022/08/open-redirect-bypass.html | |
| https://systemweakness.com/rooting-jenkins-remote-code-execution-on-a-live-bug-bounty-target-fc2c12d89a2e | |
| https://alpinnnnnn13.medium.com/stored-xss-in-app-gitbook-com-6349f42661f7 | |
| https://ssd-disclosure.com/ssd-advisory-apple-safari-icu-out-of-bounds-write/ | |
| https://medium.com/@sharp488/2fa-bypass-via-google-identity-oauth-login-6c991ac837af | |
| https://vsrc.vng.com.vn/blog/liferay-revisited-a-tale-of-20k/ | |
| https://medium.com/@rajeevgyawali92/irremovable-guest-in-facebook-event-facebook-bug-bounty-e10e03c98cd5 | |
| https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ | |
| https://infosecwriteups.com/how-i-was-able-to-get-29-free-products-bug-bounty-845667ab4ad4 | |
| https://www.wiz.io/blog/omi-returns-lpe-technical-analysis | |
| https://www.rapid7.com/blog/post/2022/08/05/cve-2022-31660-and-cve-2022-31661-fixed-vmware-workspace-one-access-identity-manager-and-vrealize-automation-lpe/ | |
| https://nns.ee/blog/2022/08/05/routeros-container-rce.html | |
| https://www.rapid7.com/blog/post/2022/08/04/qnap-poisoned-xml-command-injection-silently-patched/ | |
| https://ibraradi.gitbook.io/write-up/came-looking-for-ssrf-and-found-xss | |
| https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/ | |
| https://tamimhasan404.medium.com/elasticsearch-a-easy-win-for-bug-bounty-hunters-how-to-find-and-report-ddd900395bcb | |
| https://www.adico.me/post/xss-in-gmail-s-amp4email | |
| https://labs.jumpsec.com/zoho-manage-engine-desktop-central-sql-injection-arbitrary-file-write/ | |
| https://labs.jumpsec.com/zoho-manageengine-desktop-central-path-traversal-arbitrary-file-write/ | |
| https://canmustdie.medium.com/multiple-bugs-in-one-program-leads-to-1500-c35fcde06bc7 | |
| https://medium.com/@seeu-inspace/how-i-earned-500-by-uploading-a-file-write-up-of-one-of-my-first-bug-bounty-c174cf8ea553 | |
| https://medium.com/@the_null_kid/instagram-photo-was-present-in-data-backup-nearly-after-two-years-being-deleted-f0e4d6e108 | |
| https://infosecwriteups.com/stored-xss-to-account-takeover-going-beyond-document-cookie-970e42362f43 | |
| https://gowtham-naidu.medium.com/how-i-earned-10-000-within-the-last-7-months-17y-o-edition-f566651cef82 | |
| https://www.zscaler.com/blogs/security-research/analysis-adobe-acrobat-reader-javascript-docprint-use-after-free | |
| https://medium.com/@mohamedtarekq/how-i-get-full-account-takeover-via-stealing-actions-login-form-xss-9e50068c2b2d | |
| https://medium.com/@whitehatcyber404/how-i-earned-150-in-2-minutes-html-injection-in-email-3f26f27d3822 | |
| https://y0ungdst.medium.com/my-second-cve-cve-2022-31855-6c071c4fb9d9 | |
| https://infosecwriteups.com/zero-day-xss-309916922ea6 | |
| https://blog.electrovolt.io/posts/discord-rce/ | |
| https://twitter.com/S1r1u5_/status/1558689435985752065 | |
| https://sagarsajeev.medium.com/business-logic-vulnerabilities-b4db2af08aaf | |
| https://derekabdine.com/blog/2022-arris-advisory | |
| https://mearegtu.medium.com/reading-message-from-microsofts-private-yammer-group-6be844639bca | |
| https://www.oxeye.io/blog/golang-parameter-smuggling-attack | |
| https://swarm.ptsecurity.com/researching-open-source-apps-for-xss-to-rce-flaws/ | |
| https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/ | |
| https://github.blog/2022-07-27-corrupting-memory-without-memory-corruption/ | |
| https://ssd-disclosure.com/ssd-advisory-apple-safari-idn-url-spoofing/ | |
| https://medium.com/@xpertwhitehat/reflected-cross-site-scripting-on-user-agent-dependent-response-b44258a3d978 | |
| https://medium.com/tinder/exploiting-github-actions-on-open-source-projects-5d93936d189f | |
| https://ndevtk.github.io/writeups/2022/07/26/google-xss/ | |
| https://shahjerry33.medium.com/http-parameter-pollution-its-contaminated-again-95c75b0295e1 | |
| https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html | |
| https://www.sonarsource.com/blog/disclosing-information-with-a-side-channel-in-django/ | |
| https://blog.includesecurity.com/2022/07/hunting-for-mass-assignment-vulnerabilities-using-github-codesearch-and-grep-app/ | |
| https://pentest.blog/advisory-roxy-wi-unauthenticated-remote-code-executions-cve-2022-31137/ | |
| https://medium.com/@xpertwhitehat/publicly-accessible-android-crash-reports-containing-sensitive-information-ec1220079f31 | |
| https://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable/ | |
| https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 | |
| https://adnanmalik.info/blog/digging-js-files-to-find-bugs/ | |
| https://medium.com/@iamdevansharya/outdated-php-version-leads-to-rce-380fb4db32f4 | |
| https://sagarsajeev.medium.com/dos-worth-650-interesting-right-144ff45ccf3b | |
| https://infosecwriteups.com/mail-server-misconfiguration-leads-to-sending-a-fax-from-anyones-account-on-hellofax-dropbox-bbp-aab3d97ab4e7 | |
| https://claroty.com/team82/blog/with-management-comes-risk-finding-flaws-in-filewave-mdm | |
| https://blog.viettelcybersecurity.com/deep-understand-aspx-file-handling-and-some-related-attack-vector/ | |
| https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/ | |
| https://medium.com/@talhakarakumru/how-i-gained-access-to-a-finance-companys-accounts-session-hijacking-2c6c5d9d84bd | |
| https://medium.com/@720922/a-developers-nightmare-story-of-a-simple-idor-and-some-poor-fixes-worth-1125-5ead70b0a1de | |
| https://0xpwn.wordpress.com/2022/07/23/how-i-made-300-github-repos-point-to-my-blog-using-azure-subdomains-takeover/ | |
| https://medium.com/@Steiner254/bounty-in-less-3-minutes-from-a-google-dork-54bd9bf3a650 | |
| https://infosecwriteups.com/un3xpected-dos-attack-on-profile-pictur3-b957979dcc7 | |
| https://medium.com/@rival.rvdt/secstory-how-i-found-multiple-p1-vulnerabilities-without-recon-c9f3a19cad45 | |
| https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/ | |
| https://www.yesnaveen.com/2022/07/permanently-crash-instagram-followers.html | |
| https://medium.com/@IroquoisPliskin/how-i-was-able-to-take-over-a-support-chat-using-leaked-keys-d5c4922bb3d4 | |
| https://sector7.computest.nl/post/2022-07-inductive-automation-ignition-rce/ | |
| https://infosecwriteups.com/i-mean-idor-is-not-only-about-others-id-2d26115072ba | |
| https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9 | |
| https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/ | |
| https://www.vectra.ai/blogpost/abusing-the-replicator-silently-exfiltrating-data-with-the-aws-s3-replication-service | |
| https://www.randorisec.fr/crack-linux-firewall/ | |
| https://www.vulnano.com/2022/07/react-debugkeystore-key-was-trusted-by.html | |
| https://www.zerodayinitiative.com/blog/2022/7/19/riding-the-inforail-to-exploit-ivanti-avalanche | |
| https://www.0xlanks.me/blog/blogengine-writeup | |
| https://captainhoook.medium.com/local-file-inclusion-interesting-method-8263c2cb7cd2 | |
| https://www.rapid7.com/blog/post/2022/07/19/cve-2022-30526-fixed-zyxel-firewall-local-privilege-escalation/ | |
| https://ssd-disclosure.com/ssd-advisory-microsoft-sharepoint-server-wizardconnecttodatastep4-deserialization-of-untrusted-data-rce/ | |
| https://medium.com/tenable-techblog/logging-passwords-in-plaintext-in-azure-arc-2f94cb046a | |
| https://hunter-55.medium.com/how-i-was-able-to-bypass-open-redirect-3-times-on-same-program-d78f9d2443f6 | |
| https://sector7.computest.nl/post/2022-07-opc-ua-net-standard-trusted-application-check-bypass/ | |
| https://www.authomize.com/blog/authomize-discovers-password-stealing-and-impersonation-risks-to-in-okta/ | |
| https://www.okta.com/blog/2022/07/okta-response-to-security-report/ | |
| https://0x1337.ninja/2022/07/19/mybb-0day-authenticated-remote-code-execution/ | |
| https://infosecwriteups.com/hacking-facebook-invoice-how-i-couldve-bought-anything-for-free-from-facebook-business-pages-42bcfaa73ec4 | |
| https://virtuvil.medium.com/hey-google-lets-submit-bug-from-victim-account-af6a25d390e1 | |
| https://infosecwriteups.com/story-of-my-first-valid-critical-bug-22029115f8d7 | |
| https://medium.com/stolabs/cve-2022-35909-cve-2022-35910-incorrect-access-control-and-xss-stored-to-jellyfin-967359c91058 | |
| https://infosecwriteups.com/ffuf-ing-recon-1ee4e79b3256 | |
| https://medium.com/@rajqureshi07/a-story-of-my-first-bug-bounty-dda320db78d9 | |
| https://securityflow.io/going-beyond-alert-with-xss/ | |
| https://medium.com/@moSec/crlf-to-account-takeover-chaining-bugs-21a25dfa1cdf | |
| https://medium.com/@the_null_kid/subdomain-takeover-and-text-injection-on-a-404-error-page-100-bounty-e47ccf359e6b | |
| https://medium.com/@anjaneyulukanakatla1996/business-logic-error-6922ba75cad8 | |
| https://medium.com/@faique/first-bug-bounty-from-dos-taking-the-service-down-30f9ad4e0246 | |
| https://vengeance.medium.com/authorization-token-leak-from-verifying-email-endpoint-f28803476680 | |
| https://medium.com/@bhatiagaurav1211/ability-to-login-as-google-staff-in-google-cloud-community-57c45809de05 | |
| https://medium.com/@milanjain7906/good-recon-leads-to-senssitive-accounts-a8abb6c21333 | |
| https://medium.com/@evilmango/this-is-what-i-call-mass-idor-20e6ec146c0e | |
| https://medium.com/@tobydavenn/how-i-got-my-first-cve-a157606cc86e | |
| https://medium.com/@shaunak007/how-i-spammed-a-google-meet-but-for-good-8bc5b328f1bb | |
| https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/ | |
| https://www.gosecure.net/blog/2022/07/13/tableau-server-leaks-sensitive-information-from-reflected-xss/ | |
| https://infosecwriteups.com/abusing-url-shortners-for-fun-and-profit-c83c67713916 | |
| https://www.zerodayinitiative.com/blog/2022/7/13/cve-2022-30136-microsoft-windows-network-file-system-v4-remote-code-execution-vulnerability | |
| https://medium.com/@rodricbr/from-open-redirect-to-reflected-xss-manually-64e633a3d23f | |
| https://infosecwriteups.com/how-i-found-my-first-rce-c063546114ef | |
| https://medium.com/@numanturle/microsoft-teams-stored-xss-bypass-csp-8b4a7f5fccbf | |
| https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/ | |
| https://thinkermaruf.medium.com/hacking-on-a-private-program-salseforce-crm-12bfef43fcc7 | |
| https://voidzone.me/cve-2022-29885-apache-tomcat-cluster-service-dos/ | |
| https://bishopfox.com/blog/netwrix-auditor-advisory | |
| https://nirmaldahal.com.np/posts/2022/07/leveraging-the-sql-injection-to-execute-the-xss-by-evading-csp/ | |
| https://blog.aquasec.com/cve-2022-32223-dll-hijacking | |
| https://medium.com/tenable-techblog/microsoft-azure-site-recovery-dll-hijacking-cd8cc34ef80c | |
| https://medium.com/@soufianehabti/write-up-1-hellosign-integration-full-read-ssrf-df5e1a5bc627 | |
| https://payatu.com/blog/rajesh.r/idor-to-account-deletion | |
| https://blog.sonarsource.com/blitzjs-prototype-pollution/ | |
| https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/ | |
| https://h3k.ro/2022/07/11/bsqli/ | |
| https://blog.lightspin.io/exploiting-eks-authentication-vulnerability-in-aws-iam-authenticator | |
| https://medium.com/@idan_malihi/how-i-earned-200-in-bug-bounty-program-6d7225a7ff1a | |
| https://www.techncyber.com/2022/07/sql-injection-at-authorization-token.html | |
| https://medium.com/@basudev_18233/exploiting-sql-injection-at-authorization-token-8764a0dcac1a | |
| https://hamzadzworm.medium.com/an-interesting-idor-that-allowed-me-to-see-all-projects-bounty-8cd74b5edf72 | |
| https://bloggerrando.blogspot.com/2022/07/09-1.html | |
| https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/ | |
| https://medium.com/@Bishoo97x/stored-xss-and-stored-html-injection-in-united-nations-website-db87d445e41 | |
| https://medium.com/@bughunt789/account-takeover-via-response-manipulation-96be568feb7e | |
| https://ahmdhalabi.medium.com/pii-disclosure-of-apple-users-10k-d1e3d29bae36 | |
| https://monke.ie/case-study-part-2/ | |
| https://medium.com/@abhinavsecondary/how-i-find-open-redirect-in-facebook-7e7aeb89535d | |
| https://ivreznap.medium.com/interesting-privilege-escalation-in-an-old-private-program-225d27253e13 | |
| https://labs.detectify.com/2022/07/06/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/ | |
| https://twitter.com/fransrosen/status/1554498536909201408 | |
| https://github.com/aeyesec/CVE-2022-34265 | |
| https://medium.com/@ittipatjitrada_72022/how-i-found-open-redirect-on-bug-crowd-public-program-in-2-day-a217cfb70f3 | |
| https://infosecwriteups.com/exposing-millions-of-voter-id-card-users-details-8a993c9a5d35 | |
| https://www.signal-labs.com/blog/rediscovering-epic-games-0-days | |
| https://web.archive.org/web/20220716152713/https://snapsec.co/blog/hacking-larksuite/ | |
| https://bhashit.in/?p=71 | |
| https://medium.com/@kashyapherry147/origin-ip-to-account-takeover-62d7a54abebf | |
| https://janmuhammadzaidi.medium.com/vertical-privilege-escalation-the-user-can-takeover-an-admin-account-via-response-manipulation-9237c8b2fefa | |
| https://infosecwriteups.com/a-swag-for-a-open-redirect-google-dork-bug-bounty-2143b943f34e | |
| https://0xmahmoudjo0.medium.com/admin-account-takeover-via-weird-password-reset-functionality-166ce90b1e58 | |
| https://worthdoingbadly.com/coretrust/ | |
| https://blog.fraktal.fi/two-faces-of-the-same-pdf-document-17e7a15522a0 | |
| https://medium.com/@unurbayar1998/facebook-portals-business-logic-error-lead-to-500-708e91b4055f | |
| https://blog.electrovolt.io/posts/vscode-rce/ | |
| https://portswigger.net/research/bypassing-firefoxs-html-sanitizer-api | |
| https://www.horizon3.ai/red-team-blog-cve-2022-28219/ | |
| https://aidilarf.medium.com/xss-blind-stored-at-2-assets-tiktok-f32829f11e58 | |
| https://medium.com/@aravindb26/my-first-apple-bug-and-my-first-writeup-8a833e8e953c | |
| https://iamnoob.medium.com/bugbounty-how-do-i-get-a-premium-tier-account-without-paying-a-penny-767921a6c4e4 | |
| https://medium.com/@TheKomodoconsulting/the-army-of-the-headless-browsers-11aad3f7ee81 | |
| https://medium.com/@erik.wynter/pwning-manageengine-from-poc-to-exploit-cfe5adb8c175 | |
| https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/ | |
| https://codewhitesec.blogspot.com/2022/06/bypassing-dotnet-serialization-binders.html | |
| https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/ | |
| https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21 | |
| https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/ | |
| https://jfrog.com/blog/cve-2022-30522-denial-of-service-dos-vulnerability-in-apache-httpd-mod_sed-filter/ | |
| https://infosecwriteups.com/html-and-hyperlink-injection-via-share-option-in-microsoft-onenote-application-47e94d0e6478 | |
| https://curl.se/docs/CVE-2022-32208.html | |
| https://curl.se/docs/CVE-2022-32207.html | |
| https://curl.se/docs/CVE-2022-32206.html | |
| https://curl.se/docs/CVE-2022-32205.html | |
| https://blog.assetnote.io/2022/06/26/exploiting-ssrf-in-jira/ | |
| https://medium.com/@deepmarketer/hyperlink-injection-on-irc-cloud-809e5243406f | |
| https://medium.com/@gerrygosselin/cisco-ios-snmpv3-acl-issues-66dbab0bd138 | |
| https://bugs.php.net/bug.php?id=81719 | |
| https://github.com/CFandR-github/PHP-binary-bugs/blob/main/cve_2022_31626_remote_exploit/cve_writeup.md | |
| https://tomorrowisnew.com/posts/moderation-filter-bypass/ | |
| https://medium.com/@shakti.gtp/an-out-of-scope-domain-leads-to-a-critical-bug-1500-f228d2c7db4b | |
| https://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3aed9edeea2 | |
| https://blog.viettelcybersecurity.com/pwn2own-2021-microsoft-exchange-exploit-chain/ | |
| https://www.rapid7.com/blog/post/2022/06/23/cve-2022-31749-watchguard-authenticated-arbitrary-file-read-write-fixed/ | |
| https://medium.com/maverislabs/lock-screen-bypass-exploit-of-android-devices-cve-2022-20006-604958fcee3a | |
| https://bishopfox.com/blog/filestack-upload-advisory | |
| https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/ | |
| https://www.volkis.com.au/blog/we-were-vulnerable/ | |
| https://medium.com/@tobydavenn/1500-of-broken-access-controls-503d8a5f56f5 | |
| https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47 | |
| https://portswigger.net/research/widespread-prototype-pollution-gadgets | |
| https://www.gosecure.net/blog/2022/06/21/xss-vulnerability-in-ibm-content-navigator-cve-2020-4757/ | |
| https://eaton-works.com/2022/06/20/hacking-into-the-worldwide-jacuzzi-smarttub-network/ | |
| https://7odamo.medium.com/response-manipulation-in-the-admin-panel-lead-to-pii-leakage-2926b89ea2d0 | |
| https://medium.com/@leomsec/every-xss-is-different-c98528fee5e0 | |
| https://codewithvamp.medium.com/account-takeover-by-otp-bypass-ec0cff67f516 | |
| https://security.lauritz-holtmann.de/advisories/asana-desktop-credential-disclosure/ | |
| https://bugcrowd.com/disclosures/caf10f76-f1fb-4dea-8434-9ed2c56a40bb/asana-desktop-application-includes-personal-access-token | |
| https://medium.com/@sazouki/how-i-hacked-one-of-the-biggest-airline-in-the-world-e7810dc43791 | |
| https://medium.com/@mahitman1/hacking-a-nft-platform-56fc59479d3b | |
| https://medium.com/@janijay007/how-i-was-able-to-see-likes-and-dislikes-count-which-is-hidden-by-victim-youtube-2-721d8e4686a5 | |
| https://www.cyberark.com/resources/threat-research-blog/that-pipe-is-still-leaking-revisiting-the-rdp-named-pipe-vulnerability | |
| https://webs3c.com/t/csrf-leads-to-account-takeover-in-yahoo/93 | |
| https://retr02332.medium.com/csrf-leads-to-account-takeover-in-yahoo-aa96c678d2aa | |
| https://www.praetorian.com/blog/stsgetsessiontoken-role-chaining-in-aws/ | |
| https://github.blog/2022-06-16-the-android-kernel-mitigations-obstacle-race/ | |
| https://aidilarf.medium.com/xss-blind-stored-at-asset-domain-android-apps-tiktok-ae2f4c2dbc07 | |
| https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality | |
| https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack | |
| https://github.com/justinsteven/advisories/blob/main/2022_amazon_log4j-cve-2021-44228-hotpatch_local_privesc.md | |
| https://fredericb.info/2022/06/breaking-secure-boot-on-google-nest-hub-2nd-gen-to-run-ubuntu.html | |
| https://www.securesystems.de/blog/privilege-escalation-in-aks-clusters/ | |
| https://labs.taszk.io/articles/post/unziploc/ | |
| https://www.hertzbleed.com | |
| https://notifybugme.medium.com/automating-reflected-xss-with-burp-suite-intruder-a39b2f060db7 | |
| https://medium.com/@sharp488/2fa-bypass-via-basic-authentication-on-private-bug-bounty-program-93bb457cd065 | |
| https://www.sonarsource.com/blog/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ | |
| https://medium.com/@damaidec/403-bypass-on-a-fortune-100-financial-institution-p3-156d33bc6ed | |
| https://github.com/andyperlitch/jsbn/issues/43 | |
| https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ | |
| https://twitter.com/TzahPahima/status/1536704823722184704 | |
| https://portswigger.net/research/bypassing-csp-with-dangling-iframes | |
| https://medium.com/@kashyapherry147/500-account-takeover-b008f1ccb4a2 | |
| https://medium.com/@janijay007/how-i-was-able-to-see-likes-and-dislikes-count-which-is-hidden-by-victim-youtube-1-fa9cfe7cce7d | |
| https://medium.com/tenable-techblog/microsoft-azure-synapse-pwnalytics-87c99c036291 | |
| https://www.randorisec.fr/yet-another-bug-netfilter/ | |
| https://haxatron.gitbook.io/vulnerability-research/vr2 | |
| https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor | |
| https://infosecwriteups.com/how-i-found-a-critical-bug-in-instagram-and-got-49500-bounty-from-facebook-626ff2c6a853 | |
| https://prajwoldhungana487.medium.com/same-bug-different-platform-4c648e91af6b | |
| https://medium.com/@joshibeast/from-blind-ssrf-to-localhost-dirbusting-and-asset-enumeration-dc0179310038 | |
| https://microsoftedge.github.io/edgevr/posts/a-story-of-a-bug-found-fuzzing/ | |
| https://github.com/MystenLabs/ed25519-unsafe-libs | |
| https://web.archive.org/web/20220611144030/https://medium.com/@pmmali/my-first-cve-2022-31289-4081c57e90fb | |
| https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79 | |
| https://blog.viettelcybersecurity.com/cve-2022-1040-sophos-xg-firewall-authentication-bypass/ | |
| https://blog.assetnote.io/2022/06/09/whatsup-gold-exploit/ | |
| https://www.shielder.com/advisories/autodesk-fusion-import-svg-blind-xxe/ | |
| https://jfrog.com/blog/denial-of-service-vulnerability-in-envoy-proxy-cve-2022-29225/ | |
| https://www.reversemode.com/2022/06/de-anonymization-attacks-against-proton.html | |
| https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory | |
| https://www.cyberark.com/resources/threat-research-blog/go-blue-a-protection-plan-for-credentials-in-chromium-based-browsers | |
| https://www.r29k.com/articles/bb/account-takeover-via-idors | |
| https://gatolouco.medium.com/exploiting-amazon-active-vulnerability-d2554c8c7ffd | |
| https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow | |
| https://liman.io/blog/gitlab-security-vulnerability-jupyter-notebooks | |
| https://medium.com/@ao64400225/an-unusual-way-to-find-xss-injection-in-one-minute-9ed2c7e2a848 | |
| https://security.humanativaspa.it/multiple-vulnerabilities-in-zyxel-zysh/ | |
| https://gccybermonks.com/posts/ssrfvision/ | |
| https://machevalia.blog/blog/ivanti-epm-remote-code-execution | |
| https://medium.com/@shakti.gtp/if-its-a-feature-let-s-abuse-it-for-750-19cfb9848d4b | |
| https://medium.com/@mahitman1/how-attacker-could-have-suffocated-the-company-staff-37a6b7192f12 | |
| https://www.zerodayinitiative.com/blog/2022/6/1/is-exploiting-a-null-pointer-deref-for-lpe-just-a-pipe-dream | |
| https://medium.com/@ratnadip1998/how-i-mass-hunt-for-admin-panel-access-8c2ad145054 | |
| https://hencohen10.medium.com/microsoft-dynamics-container-sandbox-rce-via-unauthenticated-docker-remote-api-20-000-bounty-7f726340a93b | |
| https://medium.com/@mahitman1/how-i-found-a-goldmine-but-got-no-gold-e912a89fa522 | |
| https://systemweakness.com/sql-injection-to-remote-command-execution-rce-dd9a75292d1d | |
| https://medium.com/@byq/from-open-redirect-to-rce-in-one-week-66a7f73fd082 | |
| https://medium.com/@terminatorLM/abusing-facebooks-feature-for-a-permanent-account-confusion-logic-vulnerability-d7f5160f373a | |
| https://medium.com/@ratnadip1998/how-to-find-access-admin-panel-by-digging-into-js-files-282d89391a2d | |
| https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/ | |
| https://infosecwriteups.com/domain-admin-compromise-in-3-hours-5778902604c9 | |
| https://xvnpw.github.io/posts/external_authentication_bypass_in_ingress_nginx/ | |
| https://web.archive.org/web/20220529130635/https://pwnsec.ninja/2022/05/29/exploiting-ios-app-for-fun-and-profit/ | |
| https://medium.com/@b0x_in/hall-of-fame-vice-media-hacking-while-sleepy-3eb931f124e1 | |
| https://medium.com/@vaibhavatkale/weird-email-verification-bypass-96c793c36d7e | |
| https://corben.io/blog/a-simple-sql-injection-in-an-air-force-website | |
| https://hoyahaxa.blogspot.com/2022/05/bygone-vulnerabilities-remote-code.html | |
| https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186 | |
| https://hogarth45.medium.com/social-media-take-over-easy-money-aa6274b4b70d | |
| https://infosecwriteups.com/how-an-open-redirection-leads-to-an-account-takeover-73ea883055d1 | |
| https://mc0wn.blogspot.com/2022/05/2nd-rce-and-xss-in-apache-struts-before-2530.html | |
| https://labs.ingredous.com/2022/05/25/hijacking-over-100k-godaddy-websites/ | |
| https://www.synacktiv.com/en/publications/the-printer-goes-brrrrr.html | |
| https://twitter.com/Synacktiv/status/1529399465618153473 | |
| https://vikaran101.medium.com/how-i-made-it-into-the-united-nations-hall-of-fame-as-i-slept-f567c90be227 | |
| https://infosecwriteups.com/how-i-found-a-companys-internal-s3-bucket-with-41k-files-94b453e588b5 | |
| https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/ | |
| https://www.rapid7.com/blog/post/2022/05/24/cve-2022-22977-vmware-guest-authentication-service-lpe-fixed/ | |
| https://medium.com/@ryuukhagetsu/how-i-get-bounty-from-takeover-account-ed17cd838b2a | |
| https://www.secjuice.cz0idsecom/breaking-parser-logic-gain-access-to-nginx-plus-api-read-write-upstreams/ | |
| https://www.reversemode.com/2022/05/finding-vulnerabilities-in-swiss-posts.html | |
| https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-improper-caching-mechanism-212c5912bd00 | |
| https://medium.com/@sharp488/2fa-bypass-on-private-bug-bounty-program-due-to-csrf-token-misconfiguration-5a9c82151a1 | |
| https://medium.com/@h4x0r_dz/vulnerability-in-paypal-worth-200000-bounty-attacker-can-steal-your-balance-by-one-click-2b358c1607cc | |
| https://mokhansec.medium.com/a-business-logic-issue-worth-1500-a0f1a0b76570 | |
| https://medium.com/@harshbanshpal/how-i-was-able-to-down-a-service-of-microsoft-denial-of-service-dos-attack-on-microsoft-ec9d599ab3f8 | |
| https://medium.com/@h4x0r_dz/paypal-idor-via-billing-agreement-token-closed-informative-payment-fraud-3245202fab38 | |
| https://systemweakness.com/i-obtained-admin-access-via-account-activation-link-in-30-seconds-dd7f115ae1d2 | |
| https://arxiv.org/pdf/2205.10174.pdf | |
| https://breakpoint.sh/posts/snyk-code-broken-access-control | |
| https://cyllective.com/blog/posts/wordpress-audit-plugins | |
| https://blog.bitcrack.net/pwning-portals-error-based-sqli-using-websockets/ | |
| https://medium.com/@mohamedtaha_42562/how-i-was-able-to-access-ibm-internal-documents-a33858387d30 | |
| https://motaha22.github.io/bugbounty/ibm-bounty/ | |
| https://medium.com/@mohamedtaha_42562/from-wayback-to-account-takeover-ea7e80600188 | |
| https://www.websec.ca/publication/Blog/CVE-2022-21404-Another-story-of-developers-fixing-vulnerabilities-unknowingly-because-of-CodeQL | |
| https://blog.ret2.io/2022/05/19/pwn2own-2021-parallels-desktop-exploit/ | |
| https://quip.com/Uks4AzL33oAu | |
| https://jspin.re/variant-cloud-analysis/ | |
| https://evowizz.dev/blog/huawei-appgallery-vulnerability | |
| https://www.paloaltonetworks.com/resources/whitepapers/kubernetes-privilege-escalation-excessive-permissions-in-popular-platforms | |
| https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/#post-126770-_5e5x5pdas37n | |
| https://blog.stazot.com/stealing-google-drive-oauth-tokens-from-dropbox/ | |
| https://infosecwriteups.com/bypassing-waf-to-weaponize-a-stored-xss-ff9963c421ee | |
| https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/ | |
| https://securityflow.io/impact-of-an-insecure-deep-link/ | |
| https://ysamm.com/?p=763 | |
| https://orwaatyat.medium.com/my-new-discovery-in-oracle-e-business-login-panel-that-allowed-to-access-for-all-employees-ed0ec4cad7ac | |
| https://medium.com/@odayalhalbe1/from-android-app-to-access-admin-dashboard-a8f825e8e806 | |
| https://basyounii.medium.com/forging-oauth-tokens-using-discovered-client-id-and-client-secret-d224e4e7892a | |
| https://www.starlabs.sg/blog/2022/05-new-wine-in-old-bottle-microsoft-sharepoint-post-auth-deserialization-rce-cve-2022-29108/ | |
| https://web.archive.org/web/20220513145411/https://pwnsec.ninja/2022/05/12/takeover-seller-accounts-worth-billions-millions/ | |
| https://www.varonis.com/blog/url-spoofing | |
| https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/ | |
| https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4 | |
| https://medium.com/@renwa/the-underrated-bugs-clickjacking-css-injection-drag-drop-xss-cookie-bomb-login-logout-csrf-84307a98fffa | |
| https://systemweakness.com/resolveuri-rxss-imperva-waf-bypass-c834ca573bd4 | |
| https://systemweakness.com/rce-via-dependency-confusion-e0ed2a127013 | |
| https://mokhansec.medium.com/account-verification-code-bypass-lead-to-a-4000-bounty-b31dda6f3011 | |
| https://melotover.medium.com/can-analyzing-javascript-files-lead-to-remote-code-execution-f24112f1aa1f | |
| https://web.archive.org/web/20220516024454/https://medium.com/@tobydavenn/how-i-paid-for-my-holiday-with-bug-bounty-668f1f59e6e5 | |
| https://medium.com/@huntersherlock11/p1-bug-pii-information-disclosure-7669ebbb91a8 | |
| https://medium.com/@anjaneyulukanakatla1996/its-all-about-2fa-bypass-or-account-takeover-f9521f0a03b5 | |
| https://medium.com/@masonhck357/the-16-000-dev-mistake-13e516e86be6 | |
| https://www.assetnote.io/resources/research/cloudflare-pages-part-1-the-fellowship-of-the-secret | |
| https://www.assetnote.io/resources/research/cloudflare-pages-part-2-the-two-privescs | |
| https://www.assetnote.io/resources/research/cloudflare-pages-part-3-the-return-of-the-secrets | |
| https://blog.cloudflare.com/pages-bug-bounty/ | |
| https://www.pmnh.site/post/advanced-sqlmap-case-study-1/ | |
| https://medium.com/@z.x/how-we-hacked-bypassed-admin-panel-just-by-js-file-eaa773b5cdb4 | |
| https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/ | |
| https://systemweakness.com/chained-bug-xml-file-upload-to-xss-to-csrf-to-full-account-take-over-ato-156409c41b57 | |
| https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/ | |
| https://labs.f-secure.com/advisories/samsung-flow-any-app-can-read-the-external-storage/ | |
| https://www.yesnaveen.com/remotely-permanent-crash-any-instagram | |
| https://shahjerry33.medium.com/business-logic-errors-art-of-testing-cards-4907cfb46a57 | |
| https://medium.com/@robert0/how-did-i-find-a-vulnerability-that-leads-to-access-any-users-sensitive-data-and-got-500-5cce1c21d86a | |
| https://github.com/Metnew/write-ups/tree/main/rce-gh-cli-run-download | |
| https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/ | |
| https://github.com/yuriisanin/CVE-2022-25262 | |
| https://maxva.medium.com/how-i-got-a-lousyt-shirt-from-the-dutch-goverment-2a0d13fe7675 | |
| https://www.legitsecurity.com/blog/github-actions-that-open-the-door-to-cicd-pipeline-attacks | |
| https://shreyaskoli.medium.com/ato-without-any-interaction-aws-cognito-misconfiguration-d690f4b3da11 | |
| https://zerocode-ph.medium.com/page-admin-disclosure-when-posting-a-reel-1bfac9bd7f71 | |
| https://medium.com/system-weakness/sensitive-data-exfiltration-through-xss-450-409162eced3a | |
| https://www.yassineaboukir.com//blog/exploitation-of-an-SSRF-vulnerability-against-EC2-IMDSv2/ | |
| https://lokeshdlk77.medium.com/contact-point-deanonymization-vulnerability-in-meta-90d575c4d8ef | |
| https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ | |
| https://www.cyberick.com/post/2fa-secret-value-disclosure-leads-to-2fa-bypass-bug-bounty-writeup | |
| https://blog.assetnote.io/2022/04/27/vmware-workspace-one-uem-ssrf/ | |
| https://divyanshsharma2401.medium.com/bypassing-waf-for-2222-f99b80cfdb9b | |
| https://securecloud.blog/2022/04/27/azure-monitor-malicious-kql-query/ | |
| https://www.aeth.cc/public/Article-Pass-Culture/mass-assignment-article-en.html | |
| https://blog.aquasec.com/npm-package-planting | |
| https://medium.com/@abdalrahman.alshammas/fuzzing-and-credentials-leakage-nice-bug-hunting-writeup-38b2e774b300 | |
| https://systemweakness.com/unlock-any-blur-text-picture-without-membership-subscription-on-scribd-com-by-neuchi-69237776e24 | |
| https://eslam.io/posts/ejs-server-side-template-injection-rce/ | |
| https://shubhdeepp.medium.com/how-i-got-apple-hall-of-fame-3d86f858c05f | |
| https://infosecwriteups.com/how-i-bypass-2fa-while-resetting-password-3f73bf665728 | |
| https://www.tnirmal.com.np/2022/04/adventures-into-meowcorp-bug-bounty.html | |
| https://github.com/cloudflare/odoh-server-go/issues/30 | |
| https://medium.com/@malwarejoe/smashing-the-modern-web-tech-stack-part-1-the-evolving-threat-landscape-in-2022-and-dom-based-324696684239 | |
| https://amit-lt.medium.com/open-redirection-into-bentley-system-d1ee188bfb25 | |
| https://securecloud.blog/2022/04/21/microsoft-cloud-security-research-public-disclosure-gaining-unlimited-access-to-graph-auditlogs-endpoint-using-complex-filters-with-non-privileged-user-account/ | |
| https://systemweakness.com/exploiting-a-file-upload-vulnerability-a-directory-traversal-attack-419308cdb059 | |
| https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ | |
| https://neilmadden.blog/2022/04/25/a-few-clarifications-about-cve-2022-21449/ | |
| https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app | |
| https://www.securecodewarrior.com/blog/psychic-signatures | |
| https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/ | |
| https://palant.info/2022/04/19/adobe-acrobat-hollowing-out-same-origin-policy/ | |
| https://palisade.consulting/blog/rarible-vulnerability | |
| https://systemweakness.com/stored-xss-to-other-users-via-messages-e033239821b5 | |
| https://medium.com/pentesternepal/sql-injection-in-harvards-subdomain-c3148f8be156 | |
| https://medium.com/@vflexo/full-account-takeover-via-open-redirection-41c167db46 | |
| https://blog.viettelcybersecurity.com/searching-against-the-flow/ | |
| https://medium.com/@hacxyk/how-we-spoofed-ens-domains-52acea2079f6 | |
| https://bloggerrando.blogspot.com/2022/04/15-1.html | |
| https://medium.com/@_ip_/3-3-cache-poisoning-lateral-movement-gitlab-9c6288708576 | |
| https://mr23r0.medium.com/crazy-smiple-insecure-design-300-bounty-16a2b8e80522 | |
| https://github.com/Sudistark/advisories/blob/main/2023/npm-package/fast-xml-parser.md | |
| https://github.com/snowyyowl/writeups/tree/main/CVE-2022-26133 | |
| https://firefart.at/post/multiple_vulnerabilities_cisco_expressway/ | |
| https://debprasadbanerjee502.medium.com/united-nations-bug-bounty-writeup-4bcfdefbb8d3 | |
| https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-azure-hybrid-workers-part-2/ | |
| https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/ | |
| https://infosecwriteups.com/bypass-rate-limit-a-blank-space-leads-to-this-random-encounter-e18e72fbf228 | |
| https://medium.com/@anjaneyulukanakatla1996/my-first-bug-in-hackerone-a68cf7b05510 | |
| https://medium.com/@_ip_/2-3-xss-through-the-front-door-gitlab-fc4b6799e743 | |
| https://falcnix.medium.com/threat-evasion-for-aws-multifactorauthpresent-condition-using-cloudshell-8296b34ecad4 | |
| https://www.sentinelone.com/labs/inside-the-black-box-how-we-fuzzed-microsoft-defender-for-iot-and-found-multiple-vulnerabilities/ | |
| https://medium.com/@StealthyBugs/bypass-apple-corp-sso-on-apple-admin-panel-dbfb72c7e634 | |
| https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/ | |
| https://medium.com/@Bishoo97x/idor-insecure-direct-object-reference-leads-to-listing-all-valid-users-and-edit-their-profiles-2d7bcba78890 | |
| https://www.rapid7.com/blog/post/2022/04/12/cve-2022-24527-microsoft-connected-cache-local-privilege-escalation-fixed/ | |
| https://shahjerry33.medium.com/xss-the-localstorage-robbery-d5fbf353c6b0 | |
| https://naveenroy008.medium.com/broken-session-control-leads-to-access-the-admin-panel-even-after-revoking-the-access-zoho-db219b19d2dd | |
| https://www.notgitbleed.com | |
| https://blog.lightspin.io/aws-rds-critical-security-vulnerability | |
| https://infosecwriteups.com/svg-ssrfs-and-saga-of-bypasses-777e035a17a7 | |
| https://medium.com/@_ip_/1-3-brute-force-protection-bypass-gitlab-15a17909bb | |
| https://njmulsqb.engineer/2022/04/10/the-100daysofhacking-challenge.html | |
| https://medium.com/@RheyJuls/privacy-disclosure-on-facebook-lite-after-creating-a-post-b12a1cad8d8a | |
| https://medium.com/@Bishoo97x/xss-html-injection-and-file-upload-bypass-in-huawei-subdomain-64966ba4f4ac | |
| https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482/ | |
| https://securecloud.blog/2022/04/09/msrc-join-security-research-write-up-azure-ad-consent-bypass-disclosure-with-kim-jamia-q1-2022/ | |
| https://infosecwriteups.com/how-a-youtube-video-lead-to-pwning-a-web-application-via-sql-injection-worth-4324-bounty-285f0a9b9f6c | |
| https://blog.fadyothman.com/metas-sparkar/ | |
| https://ahmadaabdulla.medium.com/vulnerabilitymultiple-vulnerability-leading-to-account-takeover-in-tiktok-smb-subdomain-c99e4a50b377 | |
| https://gokulap.medium.com/how-i-got-access-to-1600k-users-pii-data-64a27a540963 | |
| https://tech-blog.cymetrics.io/en/posts/huli/erpnext-ssrf-and-xss-to-account-takeover/ | |
| https://akashhamal0x01.medium.com/watch-out-the-links-account-takeover-32b9315390a7 | |
| https://www.secureworks.com/research/azure-active-directory-exposes-internal-information | |
| https://crypt0g30rgy.github.io/post/PaymentBypassThree | |
| https://haxatron.gitbook.io/vulnerability-research/vr1 | |
| https://blog.aquasec.com/npm-supply-chain-attack | |
| https://medium.com/@StealthyBugs/http-request-smuggling-on-business-apple-com-and-others-2c43e81bcc52 | |
| https://www.secureworks.com/research/azure-active-directory-exposes-internal-information | |
| https://tarekbouali.com/posts/how-i-hacked-one-of-the-biggest-airlines-group-of-the-world/ | |
| https://webs3c.com/t/how-i-hacked-one-of-the-biggest-airlines-group-in-the-world/32 | |
| https://feed.bugs.xdavidhu.me/bugs/0014 | |
| https://blog.viettelcybersecurity.com/moveit-transfer-cve/ | |
| https://zerocode-ph.medium.com/spoof-as-another-facebook-user-to-report-an-impostor-account-f2dd6683744d | |
| https://kuldeep.io/posts/nosql-injection-in-plain-sight/ | |
| https://www.synack.com/blog/exploits-explained-nosql-injection-returns-private-information/ | |
| https://www.trendmicro.com/en_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html | |
| https://github.com/jhftss/CVE-2022-22639 | |
| https://amit-lt.medium.com/hacked-nokia-with-reflected-cross-site-scripting-vulnerability-327daa8e62fb | |
| https://medium.com/stolabs/cloud-ssrf-exploitation-1f256bdc145f | |
| https://www.legitsecurity.com/blog/github-privilege-escalation-vulnerability | |
| https://www.yassineaboukir.com/blog/exploiting-a-double-edged-SSRF-for-server-and-client-side-impact/ | |
| https://amit-lt.medium.com/hacked-instagram-handle-of-samsung-cb1a35990a90 | |
| https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/ | |
| https://ph-hitachi.medium.com/view-friends-list-of-any-users-using-view-as-facebook-bug-bounty-edeb6af5640b | |
| https://amit-lt.medium.com/multiple-times-i-hacked-duke-university-with-rxss-vulnerability-7e291aad043a | |
| https://akashhamal0x01.medium.com/design-flaw-a-tale-of-permanent-dos-a9ef05181083 | |
| https://omespino.com/write-up-finapi-open-banking-api-oauth-credentials-exposed-in-plain-text-in-android-app/ | |
| https://medium.com/falconforce/debugging-the-undebuggable-and-finding-a-cve-in-microsoft-defender-for-endpoint-ce36f50bb31 | |
| https://medium.com/@terminatorLM/small-bugs-are-more-dangerous-than-you-think-9411618191ab | |
| https://blog.relyze.com/2022/04/pwning-cisco-rv340-with-4-bug-chain.html | |
| https://shenkaiwen.com/publication/2022-dkim/ | |
| https://blog.credshields.com/race-condition-in-tendermints-starport-7cebe176d935 | |
| https://blog.neolex.dev/13/ | |
| https://abdilahrf.github.io/bugbounty/got-access-to-dota-2-admin-panel-by-exploiting-in-game-feature | |
| https://blog.relyze.com/2022/03/cve-2022-27643-netgear-r6700v3-upnpd.html | |
| https://github.com/pedrib/PoC/blob/master/advisories/Cisco/DCNMPwn.md | |
| https://scribesecurity.com/blog/github-cache-poisoning | |
| https://pentera.io/blog/information-disclosure-in-vmware-vcenter/ | |
| https://karmainsecurity.com/KIS-2022-05 | |
| https://janmuhammadzaidi.medium.com/how-i-bypassed-403-forbidden-domain-using-a-simple-trick-c2d538de04b8 | |
| https://www.mdsec.co.uk/2022/03/abc-code-execution-for-veeam/ | |
| https://devco.re/blog/2022/03/28/your-NAS-is-not-your-NAS-en/ | |
| https://httpvoid.com/Ruby-Deserialization-Gadget-On-Rails.md | |
| https://www.sentinelone.com/labs/pwning-microsoft-azure-defender-for-iot-multiple-flaws-allow-remote-code-execution-for-all/ | |
| https://mizu.re/post/how-i-was-able-to-rick-roll-every-users-on-root-me.org | |
| https://web.archive.org/web/20220329163747/https://pwnsec.ninja/2022/03/27/stealing-cookies-from-subdomain-leads-to-takeover-user-accounts-at-redacted-com/ | |
| https://web.archive.org/web/20220405093345/https://pwnsec.ninja/2022/03/26/deleting-account-via-support-ticket/ | |
| https://machevalia.blog/blog/broken-access-control-idor | |
| https://blogs.opera.com/security/2022/03/bug-bounty-adventures-a-nodebb-0-day/ | |
| https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907 | |
| https://flattsecurity.medium.com/finding-bugs-to-trigger-unauthenticated-command-injection-in-a-netgear-router-psv-2022-0044-2b394fb9edc | |
| https://www.synacktiv.com/publications/pwn2own-austin-2021-defeating-the-netgear-r6700v3.html | |
| https://cryptograph3r.blogspot.com/2022/03/how-token-misconfiguration-can-lead-to.html | |
| https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/ | |
| https://medium.com/@tobydavenn/how-i-was-able-to-takeover-any-account-on-one-of-europes-largest-media-companies-e8d25e59c08 | |
| https://valsamaras.medium.com/when-equal-is-not-another-webview-takeover-story-730be8d6e202 | |
| https://infosecwriteups.com/authentication-bypass-using-root-array-4a179242b9f7 | |
| https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/ | |
| https://dhakalbibek.medium.com/story-about-more-than-3-5-million-pii-leakage-in-yahoo-3a530210dcc6 | |
| https://cupc4k3.co/caso-de-uso-não-autorizados-de-chave-da-api-do-google-maps-89498752cf7d | |
| https://markus-krell.de/itop-template-injection-inside-customer-portal/ | |
| https://ajpc500.github.io/macos/Targeting-Visual-Studio-Code-For-macOS/ | |
| https://twitter.com/patch1t/status/1511210634939023360 | |
| https://wahaz.medium.com/broken-authentication-and-idor-at-redacted-646de8d508e6 | |
| https://naveenroy008.medium.com/broken-session-control-leads-to-access-private-videos-using-the-shared-link-even-after-revoking-the-84e31ac16fe4 | |
| https://web.archive.org/web/20200928015008/https://pwnsec.ninja/2020/03/04/bug-bounty-catches-part-1/ | |
| https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera | |
| https://breakpoint.sh/posts/files.app-symbolic-link-following | |
| https://debprasadbanerjee502.medium.com/adobe-bug-bounty-using-idor-confidential-data-leaks-f6c55e5143d0 | |
| https://mearegtu.medium.com/insecure-direct-object-reference-exposes-all-users-of-microsoft-azure-independent-software-vendors-bed3b45e509 | |
| https://medium.com/@interc3pt3r/for-the-first-bounty-it-takes-a-few-challenging-months-but-only-a-few-days-for-the-second-7b53259b0199 | |
| https://yajdesu.medium.com/bypass-confirmation-to-add-payment-method-df2772a36561 | |
| https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks | |
| https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-azure-hybrid-workers-for-privilege-escalation/ | |
| https://medium.com/@vamshivaran110/my-first-blind-sql-injection-7db4b5e5c66d | |
| https://shahjerry33.medium.com/parameter-pollution-zero-day-3feb86ee8a02 | |
| https://positive.security/blog/dompdf-rce | |
| https://github.com/justinsteven/advisories/blob/main/2022_git_buried_bare_repos_and_fsmonitor_various_abuses.md | |
| https://infosecwriteups.com/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1 | |
| https://github.com/takshal/freq | |
| https://ssd-disclosure.com/ssd-advisory-exchange-server-getwacinfo-information-disclosure-vulnerability/ | |
| https://blog.sonarsource.com/securing-developer-tools-git-integrations | |
| https://research.nccgroup.com/2022/03/15/technical-advisory-apple-macos-xar-arbitrary-file-write-cve-2022-22582/ | |
| https://c4rrilat0r.medium.com/how-i-managed-to-trigger-xss-automatically-to-get-critical-account-takeover-92ea3abcaf9 | |
| https://jhftss.github.io/CVE-2022-22616-Gatekeeper-Bypass/ | |
| https://blog.haboob.sa/blog/adobe-reader-cjk-codecs-memory-disclosure-vulnerability | |
| https://www.cyberick.com/post/my-first-bug-on-vdp-bbp-bug-bounty | |
| https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users | |
| http://www.firstsight.me/2022/03/from-recon-via-censys-and-dnsdumpster-to-getting-p1-by-login-using-weak-password-password/ | |
| https://medium.com/@YoKoKho/from-recon-via-censys-and-dnsdumpster-to-getting-p1-by-login-using-weak-password-password-504e617956ce | |
| https://medium.com/@haroonhameed_76621/achieving-remote-code-execution-via-unrestricted-file-upload-6050f360c218 | |
| https://web.archive.org/web/20220315141258/https://eslam3kl.medium.com/sql-injection-at-spotify-d19e0861ddf0 | |
| https://xkurtph.medium.com/how-i-access-other-domains-in-infinityfree-net-using-directory-traversal-4625692d6a2d | |
| https://medium.com/@tobydavenn/how-i-made-the-bbc-hall-of-fame-3-times-2c816fa515d7 | |
| https://palant.info/2022/03/14/party-time-injecting-code-into-teleparty-extension/ | |
| https://melotover.medium.com/how-i-bypassed-disable-functions-in-php-to-get-a-remote-shell-48b827d54979 | |
| https://medium.com/@rifqihz/open-redirect-via-sendgrid-email-misconfiguration-cec4ccb07f9a | |
| https://medium.com/@tushar.tilak.sharma/a-tale-of-open-redirection-to-stored-xss-6ad426ae9d43 | |
| https://apth3hack3r.medium.com/xss-through-base64-encoded-json-4b0d96e5ccd4 | |
| https://bloggerrando.blogspot.com/2022/03/13-1.html | |
| https://medium.com/@botami143/i-have-found-microsoft-subdomain-website-database-list-database-username-password-1dab07d0c8ea | |
| https://canmustdie.medium.com/how-did-i-leak-5-2k-customer-data-from-a-large-company-via-broken-access-control-709eb4027409 | |
| https://www.trustedsec.com/blog/cve-2022-24696-glance-by-mirametrix-privilege-escalation/ | |
| https://medium.com/@tobydavenn/how-i-was-able-to-takeover-any-users-account-on-a-major-telecoms-website-2cd5aa43e3d6 | |
| https://medium.com/@girishbo58/rate-limit-bypass-at-readme-com-35c4fb0c7f85 | |
| https://medium.com/@tobydavenn/how-i-was-able-to-read-any-users-confidential-reports-on-a-public-level-domain-1e563857b0b9 | |
| https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-logic-app-contributor-escalation-to-root-owner/ | |
| https://medium.com/@tobydavenn/how-i-was-able-to-wipe-any-registered-account-3b738afc389 | |
| https://prajwoldhungana487.medium.com/demographic-misconfiguration-9359910c6fcf | |
| https://ssd-disclosure.com/ssd-advisory-netgear-dgnd3700v2-preauth-root-access/ | |
| https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316 | |
| https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/ | |
| https://medium.com/@amnotacat/log4shell-in-google-1337-00-144684269bf8 | |
| https://medium.com/@mrempy/how-i-managed-to-make-a-ddos-attack-by-exploiting-a-companys-service-bug-bounty-bfd25a178b45 | |
| https://httpvoid.com/Circumventing-Browser-Security-Mechanisms-For-SSRF.md | |
| https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ | |
| https://medium.com/@sandh0t/the-bad-twin-a-peculiar-case-of-jwt-exploitation-scenario-1efa03e891c0 | |
| https://infosecwriteups.com/some-critical-vulnerabilities-found-with-passive-analysis-on-bug-bounty-programs-explained-1da8b01c11ad | |
| https://infosecwriteups.com/whatsapp-bug-bounty-bypassing-biometric-authentication-using-voip-87548ef7a0ba | |
| https://zoidsec.medium.com/how-i-hacked-a-crypto-company-and-could-steal-1-million-dollars-worth-of-bitcoin-3174434b382c | |
| https://cyberlix.io/how-i-hacked-a-crypto-company-and-could-steal-1-million-dollars-worth-of-bitcoin/ | |
| https://ysamm.com/?p=742 | |
| https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/ | |
| https://medium.com/@nvmeeet/4300-instagram-idor-bug-2022-5386cf492cad | |
| https://muffsec.com/blog/moodle-2nd-order-sqli/ | |
| https://noob3xploiter.medium.com/idor-in-support-mozilla-org-through-code-review-ff2aa8ea1201 | |
| https://octagon.net/blog/2022/03/02/apache-jspwiki-preauth-xss-to-ato/ | |
| https://blog.recurity-labs.com/2022-03-02/webOS_Pt2.html | |
| https://web.archive.org/web/20220306040035/https://medium.com/@1337Fenrir/how-did-i-find-directory-traversal-attack-using-github-9b051ed749ca | |
| https://palant.info/2022/03/01/skype-extension-all-functionality-broken-still-exploitable/ | |
| https://medium.com/techiepedia/password-reset-to-admin-access-3b2a649bdc3 | |
| https://shenkaiwen.com/publication/2022-hdiff/ | |
| https://blog.dixitaditya.com/pwning-a-server-using-markdown | |
| https://research.nccgroup.com/2022/02/28/brokenprint-a-netgear-stack-overflow/ | |
| https://blog.securitybreached.org/2022/02/27/hacking-subscription-plans-for-free-service/ | |
| https://web.archive.org/web/20221128044142/https://wya.pl/2022/02/26/cve-2022-22947-spel-casting-and-evil-beans/ | |
| https://web.archive.org/web/20220315080229/https://medium.com/@raymond-lind/ssrf-lfi-in-uploads-feature-321d83b93ec0 | |
| https://swarm.ptsecurity.com/catching-bugs-in-vmware-carbon-black-cloud-workload-appliance-and-vrealize-operations-manager/ | |
| https://medium.com/@vflexo/a-weird-price-tampering-vulnerability-1251dfe8d2a1 | |
| https://medium.com/@Kntjrld/bypassing-default-visibility-for-newly-added-email-in-facebook-part-i-submitting-i-d-da78142f032d | |
| https://medium.com/@Kntjrld/bypassing-default-visibility-for-newly-added-email-in-facebook-part-ii-trusted-contacts-36176eeb103 | |
| https://philippeharewood.com/instagram-app-access-token/ | |
| https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf | |
| https://goktugkaya.medium.com/how-i-hacked-the-dutch-government-and-won-the-famous-t-shirt-b45cdf5dfaa1 | |
| https://blog.teddykatz.com/2022/02/23/ghosts-of-branches-past.html | |
| https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/ | |
| https://omespino.com/write-up-private-bug-bounty-bypass-redacted-android-application-screen-lock-via-local-brute-forcing/ | |
| https://servicenger.com/mobile/facebook-android-vulnerability-launching-internal-tighten-deeplink-onbehalf-of-user/ | |
| https://ninetyn1ne.github.io/2022-02-21-oauth-postmessage-misconfig/ | |
| https://infosecwriteups.com/how-i-couldve-bypassed-the-2fa-security-of-instagram-once-again-43c05cc9b755 | |
| https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4 | |
| https://systemweakness.com/what-an-injection-into-jquery-selector-can-lead-to-1fcaabfd51e5 | |
| https://f4t7.medium.com/xss-in-hidden-input-field-1b98a5fece26 | |
| https://infosecwriteups.com/send-a-email-to-me-and-get-kicked-out-of-google-groups-29b5c2c60e95 | |
| https://monke.ie/api-vulns-casestudy/ | |
| https://machevalia.blog/blog/access-control-violation-sensitive-data-exposure | |
| https://medium.com/@friendly_/bypassing-cloudflares-waf-b1b83a50fb2f | |
| https://gitlab.com/kop316/vvm-disclosure | |
| https://remonsec.com/posts/hacking-dutch-gov/ | |
| https://remonsec.com/posts/passive-recon-with-spyse-part-II/ | |
| https://remonsec.com/posts/passive-recon-with-spyse-part-I/ | |
| https://remonsec.com/posts/getting-first-swag-SIDN/ | |
| https://github.com/Metnew/write-ups/tree/main/rce-github-desktop-2.9.3 | |
| https://web.archive.org/web/20220220072733/https://bloggerrando.blogspot.com/2022/02/stored-xss-on-messagealibabacom-alibaba.html | |
| https://research.nccgroup.com/2022/02/18/analyzing-a-pjl-directory-traversal-vulnerability-exploiting-the-lexmark-mc3224i-printer-part-2/ | |
| https://medium.com/@720922/recon-and-youtube-is-that-a-thing-5523b48c32e3 | |
| https://medium.com/@vishnurajr/403-forbidden-bypass-accessing-config-files-using-a-header-4bd172c25ff1 | |
| https://www.iot-inspector.com/blog/advisory-cisco-rv340-dual-wan-gigabit-vpn-router-rce-over-lan/ | |
| https://web.archive.org/web/20220217212342/https://castilho101.github.io/posts/cve-2022-0478-woocommerce-event-manager-plugin-sql-injection/ | |
| https://junoonbro.medium.com/how-i-earned-9000-with-privilege-escalations-b187d1f8f4fe | |
| https://elinfosec.com/2022/my-first-report-on-hackerone-a-logic-flaw-in-npm/ | |
| https://infosecwriteups.com/my-first-reflected-xss-bug-bounty-google-dork-xxx-92ac1180e0d0 | |
| https://medium.com/@chander.romesh/hacked-dutch-government-website-all-i-got-was-this-l̶o̶u̶s̶y̶-cool-t-shirt-4fd62ed3e734 | |
| https://ashok314.medium.com/bug-report-bypassing-weekly-limits-in-basic-free-linkedin-account-f5265ac0418a | |
| https://swarm.ptsecurity.com/hunting-for-bugs-in-vmware-view-planner-and-vrealize-business-for-cloud/ | |
| https://medium.com/@yaala/trim-private-live-videos-and-access-them-a331447cc82a | |
| https://www.zerodayinitiative.com/blog/2022/2/14/static-taint-analysis-using-binary-ninja-a-case-study-of-mysql-cluster-vulnerabilities | |
| https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/ | |
| https://ozguralp.medium.com/bigquery-sql-injection-cheat-sheet-65ad70e11eac | |
| https://medium.com/@interc3pt3r/my-first-bounty-and-how-i-got-it-a6dba459c652 | |
| https://infosecwriteups.com/hacking-aws-cognito-misconfiguration-to-zero-click-account-takeover-36a209a0bd8a | |
| https://amakki.me/how-i-made-15k-from-remote-code-execution-vulnerability-2e1b14b3902a | |
| https://www.youtube.com/watch?v=O1uK_b1Tmts | |
| https://shahjerry33.medium.com/broken-link-hijacking-mr-user-agent-cd124297f6e6 | |
| https://infosecwriteups.com/a-tale-of-0-click-account-takeover-and-2fa-bypass-b369cd70e42f | |
| https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/ | |
| https://n0lsec.medium.com/qrcdr-path-traversal-vulnerability-bb89acc0c100 | |
| https://twitter.com/FlashbackPwn/status/1492074441450397698 | |
| https://twitter.com/m7mdharon/status/1492204287295897600 | |
| https://www.zerodayinitiative.com/blog/2022/2/10/mindshare-when-mysql-cluster-encounters-taint-analysis | |
| https://priyankraval.medium.com/microsoft-teams-unpatched-url-spoofing-vulnerability-c58f5949fac8 | |
| https://medium.com/@harishhacker3010/how-i-hacked-google-to-read-files-from-their-servers-for-free-e0486a674912 | |
| https://onapsis.com/threat-report/icmad-sap-vulnerabilities | |
| https://orca.security/resources/blog/oracle-server-side-request-forgery-ssrf-attack-metadata/ | |
| https://tech-blog.cymetrics.io/en/posts/huli/how-i-hacked-glints-and-your-resume-en/ | |
| https://blog.sonarsource.com/wordpress-object-injection-vulnerability | |
| https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81 | |
| https://www.cyberark.com/resources/threat-research-blog/how-docker-made-me-more-capable-and-the-host-less-secure | |
| https://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/ | |
| https://web.archive.org/web/20220214063345/https://7odamo.medium.com/sql-injection-reflected-xss-and-information-disclosure-in-one-subdomain-in-just-10-minutes-f2ce877b43d4 | |
| https://medium.com/@kojodaprogrammer/full-account-takeover-ato-a-tale-of-two-bugs-d1b3765ff1de | |
| https://medium.com/@harshbanshpal/you-can-takeover-any-google-account-f6f2d012466f | |
| https://www.cyberick.com/post/what-i-found-on-sony-vulnerability-disclosure-program | |
| https://bloggerrando.blogspot.com/2022/02/how-can-i-access-members-only-video.html | |
| https://wwws.nightwatchcybersecurity.com/2022/02/06/insecure-bootstrap-process-in-oracle-cloud-cli/ | |
| https://feed.bugs.xdavidhu.me/bugs/0012 | |
| https://feed.bugs.xdavidhu.me/bugs/0013 | |
| https://medium.com/@mrempy/how-i-found-a-critical-p1-bug-in-5-minutes-using-a-cellphone-bug-bounty-303ebec3edd6 | |
| https://medium.com/@yaala/facebook-oauth-bypass-446a073e687d | |
| https://edoverflow.com/2022/bypassing-razers-dom-based-xss-filter/ | |
| https://kailashbohara.com.np/blog/2022/02/04/bypassing-PHP-functions-to-read-system-file-copy/ | |
| https://kloudle.com/blog/the-infamous-8kb-aws-waf-request-body-inspection-limitation | |
| https://omespino.com/write-up-private-bug-bounty-rce-in-ec2-instance-via-ssh-with-private-key-exposed-on-public-github-repository-xx000-usd/ | |
| https://spaceraccoon.dev/solving-dom-xss-puzzles | |
| https://blog.sorcery.ie/posts/higherlogic_rce/ | |
| https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ | |
| https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html | |
| https://web.archive.org/web/20220612235502/https://bugs.0xdroopy.live/bugs/how-i-tracked-you-around-the-globe/ | |
| https://www.ash-king.co.uk/blog/abusing-Facebooks-call-to-action-to-launch-internal-deeplinks | |
| https://medium.com/@ladecruze/my-first-bounty-idor-self-xss-3000-cde89cbbc1b1 | |
| https://logicbomb.medium.com/a-misconfigured-apache-airflow-to-aws-account-compromise-c905dc49998d | |
| https://sanyamchawla1999.medium.com/my-experience-of-hacking-the-dutch-government-8c219c61c795 | |
| https://medium.com/@noob_master/no-rate-limiting-on-otp-sending-39a3a9fc93f6 | |
| https://medium.com/@damaidec/idor-vulnerability-on-invoice-and-weak-password-reset-leads-to-account-take-over-603b42143a8c | |
| https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin | |
| https://systemweakness.com/a-peculiar-case-of-xss-and-my-first-bug-19f2132390b6 | |
| https://medium.com/@emil.lerner/leaking-uninitialized-memory-from-fastly-83327bcbee1f | |
| https://hetroublemakr.medium.com/how-i-approached-dependency-confusion-272b46f66907 | |
| https://eaton-works.com/2022/01/31/microsoft-accidentally-exposed-their-private-xbox-game-developer-forums/ | |
| https://btlfry.gitlab.io/notes/posts/flask-security/ | |
| https://httpvoid.com/Hacking-Google-Drive-Integrations.md | |
| https://www.offensive-security.com/offsec/microsoft-onedrive-macos-local-privesc/ | |
| https://theshubh77.medium.com/write-up-missing-rate-limiting-how-i-was-able-to-add-any-unowned-phone-number-to-my-fb-account-fe4d7e67cf10 | |
| https://machevalia.blog/blog/remote-code-execution-in-tgz-file-upload | |
| https://machevalia.blog/blog/stored-cross-site-scripting-in-mediawiki | |
| https://web.archive.org/web/20221228134225/https://machevalia.blog/access-control-violation-wiki-page-creation/ | |
| https://medium.com/@abhijeetbiswas_/xss-cross-site-scripting-via-x-forwarded-host-header-20be114d4254 | |
| https://hackerone.com/reports/1392935 | |
| https://medium.com/@arthbajpai277/2fa-bypass-by-changing-request-method-to-delete-500fd0ed12b8 | |
| https://readme.security/how-i-hacked-my-way-to-the-top-of-darpas-hardware-bug-bounty-b66ec53b1973 | |
| https://bxmbn.medium.com/how-i-made-15-000-by-hacking-caching-servers-part-1-5541712a61c3 | |
| https://bxmbn.medium.com/how-i-made-16-500-hacking-cdn-caching-servers-part-2-4995ece4c6e6 | |
| https://infosecwriteups.com/how-i-made-16-500-hacking-cdn-caching-servers-part-3-91f9d836e046 | |
| https://lohigowda.medium.com/paytm-broken-link-hijacking-11624e4e9eef | |
| https://infosecwriteups.com/multiple-http-redirects-to-bypass-ssrf-protections-45c894e5d41c | |
| https://docs.google.com/document/d/1-TTCS6fS6kvFUkoJmX4Udr-czQ79lSUVXiWsiAED_bs/edit | |
| https://medium.com/@LIL__NIX/the-story-of-a-rce-on-a-java-web-application-2e400cddcd1e | |
| https://sirleeroyjenkins.medium.com/bypassing-ssrf-protection-to-exfiltrate-aws-metadata-from-larksuite-bf99a3599462 | |
| https://infosecwriteups.com/the-story-of-a-rce-on-a-java-web-application-2e400cddcd1e | |
| https://www.signal-labs.com/blog/vmware-driver-0day-reversing | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2020-0696-microsoft-outlook-security-feature-bypass-vulnerability/ | |
| https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/ | |
| https://blog.sorcery.ie/posts/adodb_auth_bypass/ | |
| https://blog.ret2.me/post/2022-01-26-exploiting-xiongmai-dvrs/ | |
| https://www.willsroot.io/2022/01/cve-2022-0185.html | |
| https://infosecwriteups.com/how-i-could-have-read-your-confidential-bug-reports-by-simple-mail-cfd2e4f8e25c | |
| https://www.ryanpickren.com/safari-uxss | |
| https://medium.com/@moSec/how-i-hacked-thousand-of-subdomains-6aa43b92282c | |
| https://infosecwriteups.com/how-i-was-able-to-takeover-accounts-in-websites-deal-with-github-as-a-sso-provider-294290358e0c | |
| https://aidilarf.medium.com/first-valid-bug-finding-at-microsoft-and-i-got-the-acknowledgments-page-microsoft-a2c185c53074 | |
| https://www.zerodayinitiative.com/blog/2022/1/25/cve-2021-44790-code-execution-on-apache-via-an-integer-underflow | |
| https://medium.com/@david_colombo/how-i-got-access-to-25-teslas-around-the-world-by-accident-and-curiosity-8b9ef040a028 | |
| https://blog.assetnote.io/2022/01/23/solarwinds-webhelpdesk-hsql-eval-harcoded-creds/ | |
| https://kuldeep.io/posts/path-traversal-paradise/ | |
| https://www.synack.com/blog/path-traversal-paradise/ | |
| https://infosecwriteups.com/how-i-was-able-to-find-multiple-vulnerabilities-of-a-symfony-web-framework-web-application-2b82cd5de144 | |
| https://coffeejunkie.me//120-Days-Of-Frequent-Hacking/ | |
| https://medium.com/@quelperlado/facebook-room-deep-linking-vulnerability-allow-malicious-user-to-know-the-code-for-anyones-4761b93481f1 | |
| https://medium.com/@SkiMask0/hashing-the-favicon-ico-a498fc3d665b | |
| https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html | |
| https://medium.com/@himmat1005/how-i-messed-up-my-own-profile-data-94a4b09cb54c | |
| https://medium.com/manomano-tech/the-tale-of-a-click-leading-to-rce-8f68fe93545d | |
| https://www.reversemode.com/2022/01/finding-vulnerabilities-in-swiss-posts.html | |
| https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection | |
| https://googleprojectzero.blogspot.com//2022/01/zooming-in-on-zero-click-exploits.html | |
| https://www.varonis.com/blog/box-mfa-bypass-sms | |
| https://blog.assetnote.io/2022/01/17/workspace-one-access-ssrf/ | |
| https://omespino.com/write-up-private-bug-bounty-firebase-database-exposed-by-misconfiguration-2000-usd/ | |
| https://medium.com/@p3rr0x22/critical-xss-in-chrome-extension-b55757a2074 | |
| https://medium.com/@robert0/how-i-found-broken-access-control-through-out-of-sync-setup-and-got-1000-9143fc5febdd | |
| https://www.cyberick.com/post/xxe-in-saml-sso-writeup-bug-bounty | |
| https://0xkasper.com/articles/moodle-sql-injection-broken-access-control.html | |
| https://kuldeep.io/posts/120-days-of-high-frequency-hunting/ | |
| https://hulkvision.github.io/blog/post1/ | |
| https://nmochea.medium.com/fb-lite-all-user-active-status-changed-99c5c36029e5 | |
| https://systemweakness.com/xss-filter-evasion-idor-3d4624758ff0 | |
| https://nmochea.medium.com/xiaomi-arbitrary-javascript-vulnerability-327a6f3a9b0e | |
| https://medium.com/@frycos/searching-for-deserialization-protection-bypasses-in-microsoft-exchange-cve-2022-21969-bfa38f63a62d | |
| https://systemweakness.com/c-s-t-i-lead-to-account-takeover-f21ea07d9141 | |
| https://www.bitcrack.net/pwning-the-portal-from-database-dump-to-session-hijacking/ | |
| https://medium.com/@veletisleri/how-i-downed-acronis-com-in-2-minutes-lucky-bug-write-up-a563bcdb563d | |
| https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside | |
| https://web-assets.claroty.com/exploiting-url-parsing-confusion.pdf | |
| https://sa1tama0.medium.com/cross-origin-resource-sharing-cors-misconfiguration-leads-to-users-pii-leaks-b31fd3246e64 | |
| https://haxolot.com/posts/2022/moodle_pre_auth_shibboleth_rce_part2/ | |
| https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/ | |
| https://medium.com/@pranav-gajjar/how-did-i-find-log4j-vulnerability-via-static-code-analysis-and-received-bounty-94f4d86cea88 | |
| https://systemweakness.com/host-header-injection-lead-to-account-takeover-2f025a645d13 | |
| https://noob3xploiter.medium.com/2fa-bypass-by-reading-the-documentation-3260a372d8a8 | |
| https://infosecwriteups.com/a-tale-of-5250-how-i-accessed-millions-of-users-data-including-their-national-id-s-fd48ca7ca0bf | |
| https://outflank.nl/blog/2022/01/07/a-phishing-document-signed-by-microsoft-part-2/ | |
| https://ian.sh/redash | |
| https://medium.com/@nvmeeet/how-i-was-able-to-spoof-any-instagram-username-on-instagram-shop-b4d6abdb474a | |
| https://infosecwriteups.com/authorization-bypass-gmail-2949af041fb | |
| https://systemweakness.com/accessing-godaddy-internal-instance-through-an-email-logic-bug-fdbea7b23542 | |
| https://zoidsec.medium.com/breaking-parse-logic-gain-access-to-nginx-api-read-write-upstreams-1cb062aa44ca | |
| https://cyberlix.io/breaking-parser-logic-gain-access-to-nginx-plus-api-read-write-upstreams/ | |
| https://blog.hckrt.com/blog/thisclosed_1/ | |
| https://shahjerry33.medium.com/sql-injection-the-file-upload-playground-6580b089d013 | |
| https://servicenger.com/mobile/facebook-android-webview-vulnerability/ | |
| https://medium.com/cider-sec/npm-might-be-executing-malicious-code-in-your-ci-without-your-knowledge-e5e45bab2fed | |
| https://medium.com/@tushar.tilak.sharma/p5-to-p1-intresting-account-takeover-6e59b879494b | |
| https://infosecwriteups.com/idor-leads-to-leak-private-details-866563365490 | |
| https://xko2x.medium.com/how-i-was-able-to-bypass-a-pin-code-protection-8352295bb4fb | |
| https://medium.com/@mrmax4o4/story-of-youtubes-unfixable-ads-bypass-b3bb7016c14e | |
| https://systemweakness.com/the-story-of-how-i-bypass-sso-login-6b93370196cf | |
| https://trevorspiniolas.com/doorlock/doorlock.html | |
| https://medium.com/pentesternepal/a-tale-of-zero-click-account-takeover-56b51fdbd7ae | |
| https://snapsec.co/blog/Abusing-Business-logic-of-an-application-to-create-backdoor-in-APP/ | |
| https://m7-arman.medium.com/one-click-to-account-takeover-1f78c6003eba | |
| https://bugs.xdavidhu.me/google/2021/12/31/fixing-the-unfixable-story-of-a-google-cloud-ssrf/ | |
| https://infosecwriteups.com/bug-hunting-journey-of-2021-1fa60b28d949 | |
| https://rv09.medium.com/my-first-google-hof-b66c54f6acfd | |
| https://faizanwrites.medium.com/heres-how-i-could-read-anyone-s-iphone-metrics-remotely-28459943b898 | |
| https://www.seblu.de/2021/12/iap-bypass.html | |
| https://wwws.nightwatchcybersecurity.com/2021/12/30/whatsapp-for-android-retains-deleted-contacts-locally/ | |
| https://medium.com/@sam0-0/how-i-am-able-to-crash-anyones-mozilla-firefox-browser-by-sending-an-email-a12563cc8d79 | |
| https://ndevtk.github.io/writeups/2021/12/30/cloud-shell-xss/ | |
| https://servicenger.com/mobile/idor-add-or-remove-the-linked-publications-from-author-publisher-settings-facebook-bug-bounty/ | |
| https://infosecwriteups.com/story-of-a-weird-csrf-bug-bde1129c106e | |
| https://mbrancato.github.io/2021/12/28/rce-dataflow.html | |
| https://amakki.me/full-account-takeover-vulnerability-in-minecraft-f56076c8287d | |
| https://medium.com/@taniyatesting11/bounty-evaluation-github-15-000-us-dollars-rate-limit-d6c07d73c948 | |
| https://systemweakness.com/common-nginx-misconfiguration-leads-to-path-traversal-d58701e997bc | |
| https://rezer0dai.github.io/biug-bounties/ | |
| https://sharmajijvs.medium.com/xss-via-file-upload-a2bcc1e5d7f7 | |
| https://infosecwriteups.com/how-i-bypassed-netflix-profile-lock-43901be1307c | |
| https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/ | |
| https://3bodymo.medium.com/xss-through-image-proxy-using-svg-image-49cdf955cf4f | |
| https://web.archive.org/web/20220325063636/https://bugs.0xdroopy.live/bugs/how-i-saved-the-christmas-for-google/ | |
| https://infosecwriteups.com/massive-users-account-takeovers-chaining-vulnerabilities-to-idor-ea4e1b6407d2 | |
| https://medium.com/@mamunwhh/information-disclosure-leads-to-sensitive-credential-35e779f6f4db | |
| https://www.tldr.engineering/how-i-found-and-fixed-a-vulnerability-in-python/ | |
| https://youst.in/posts/cache-poisoning-at-scale/ | |
| https://positive.security/blog/ms-teams-1-feature-4-vulns | |
| https://janmuhammadzaidi.medium.com/how-i-was-able-to-bypass-waf-and-find-the-origin-ip-and-a-few-sensitive-files-fc445180adb7 | |
| https://sector7.computest.nl/post/2021-12-storeprivilegedtaskservice/ | |
| https://www.wiz.io/blog/azure-app-service-source-code-leak | |
| https://medium.com/@yoshimlutfi/how-i-found-p2-broken-authentication-with-zero-skill-of-hacking-c40b5643fe4a | |
| https://ssd-disclosure.com/ssd-advisory-rocket-chat-client-side-remote-code-execution/ | |
| https://medium.com/@mohamedtaha_42562/how-i-earned-by-bypassing-2fa-b5487942a86d | |
| https://motaha22.github.io/bugbounty/2fa-bounty/ | |
| https://web.archive.org/web/20221128052252/https://wya.pl/2021/12/20/bring-your-own-ssrf-the-gateway-actuator/ | |
| https://web.archive.org/web/20220128200941/https://saeeds.medium.com/blackbox-cookie-testing-how-i-cracked-the-admins-cookie-c817dd4281c8 | |
| https://parsiya.net/blog/2021-12-20-rce-in-visual-studio-codes-remote-wsl-for-fun-and-negative-profit/ | |
| https://medium.com/pentesternepal/how-i-was-able-to-reveal-page-admin-of-almost-any-page-on-facebook-5a8d68253e0c | |
| https://amakki.me/stored-xss-by-bypassing-signature-61ebd83ece6 | |
| https://palant.info/2021/12/20/yes-fun-browser-extensions-can-have-vulnerabilities-too/ | |
| https://security.lauritz-holtmann.de/advisories/flickr-account-takeover/ | |
| https://infosecwriteups.com/hacked-google-meet-40f364bb8368 | |
| https://www.zerodayinitiative.com/blog/2021/12/15/exploitation-of-cve-2021-21220-from-incorrect-jit-behavior-to-rce | |
| https://mearegtu.medium.com/broken-access-control-cc6cfd793b15 | |
| https://securitylab.github.com/advisories/GHSL-2021-1053_Grafana/ | |
| https://www.pentestpartners.com/security-blog/gumtree-leaking-your-data-and-not-really-listening/ | |
| https://medium.com/@thedarkwayg/bypass-authentication-1bfab09332fe | |
| https://breakpoint.sh/posts/bypassing-the-macos-gatekeeper | |
| https://medium.com/@mohamedtaha_42562/how-i-found-xss-vulnerability-in-amazon-in-5-minutes-using-shodan-50b583655297 | |
| https://motaha22.github.io/bugbounty/bounty/ | |
| https://medium.com/@daudmalik06/how-i-bypassed-incapsula-waf-db0498b3a021 | |
| https://m7-arman.medium.com/zero-click-to-account-takeover-d764e12bee4b | |
| https://prashantbhatkal2000.medium.com/svg-based-stored-xss-ee6e9b240dee | |
| https://infosecwriteups.com/a-story-about-a-not-so-direct-ssrf-b2b98e128af0 | |
| https://shahjerry33.medium.com/open-redirection-qr-code-magic-18ace1a0170f | |
| https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/ | |
| https://thalium.github.io/blog/posts/leaking-aslr-through-rdp-printer-cache-registry/ | |
| https://medium.com/@Cho0k/protobuffer-reutilization-new-way-to-security-test-googlecaptcha-b3e0fc6cf7c4 | |
| https://jonbottarini.com/2021/12/09/dont-reply-a-clever-phishing-method-in-apples-mail-app/ | |
| https://outflank.nl/blog/2021/12/09/a-phishing-document-signed-by-microsoft/ | |
| https://ahmed8magdy.medium.com/file-upload-to-rce-538bb4128062 | |
| https://notifybugme.medium.com/exploiting-s3-bucket-with-path-folder-to-access-pii-info-of-a-bank-91d8563cb45 | |
| https://www.r29k.com/articles/bb/s3-sensitive-data-exposure | |
| https://www.r29k.com/articles/bb/priv-esc-via-stored-xss | |
| https://j0vsec.com/post/cve-2021-43798/ | |
| https://labs.detectify.com/2021/12/15/zero-day-path-traversal-grafana/ | |
| https://rizwansiddiqu1.medium.com/another-admin-panel-e0489dc76678 | |
| https://web.archive.org/web/20220823110821/https://cybernews.com/security/microsoft-vancouver-leaking-website-credentials-via-overlooked-ds-store-file/ | |
| https://blog.agilehunt.com/blogs/security/privilege-escalation-in-microsoft-teams-2021 | |
| https://positive.security/blog/ms-officecmd-rce | |
| https://web.archive.org/web/20240304202752/https://appsecure.security/how-i-was-able-to-change-reddit-acquired-dubsmashs-music-library-sound-tracks/ | |
| https://medium.com/@7azimo/hacking-into-admin-panel-of-u-s-federal-government-system-c-a-r-s-without-credentials-9117b865ba58 | |
| https://www.y-security.de/news-en/microsoft-azure-portal-csv-injection/index.html | |
| https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html | |
| https://www.p1boom.com/2021/12/accidental-idor-in-elearnsecurity-to.html | |
| https://pathleax.medium.com/this-is-how-i-was-able-to-see-and-delete-your-private-facebook-portal-photos-a93ed22f875b | |
| https://medium.com/@vishnu0002/how-i-managed-to-hack-into-a-billion-dollar-sport-platform-7cc667081229 | |
| https://infosecwriteups.com/how-i-hacked-yandex-with-ssrf-vulnerability-e19af20ed4d | |
| https://pawanchhabria.medium.com/how-i-accessed-the-sensitive-document-which-i-had-already-deleted-adbc1e6fbb25 | |
| https://omespino.com/write-up-xss-stored-in-files-slack-com-via-xml-svg-file-ios-1000-usd/ | |
| https://www.yesnaveen.com/Instagram-ad-account-disclosure | |
| https://www.varonis.com/blog/box-mfa-bypass-totp/ | |
| https://blog.lightspin.io/aws-sagemaker-notebook-takeover-vulnerability | |
| https://security.googleblog.com/2021/12/exploring-container-security-storage.html | |
| https://hector0x.medium.com/easy-sqli-in-amazon-subsidiary-using-sqlmap-ff469013671b | |
| https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html | |
| https://cyberguy0xd1.medium.com/how-i-was-able-to-bypass-cloudflare-waf-for-sqli-payload-b9e7a4260026 | |
| https://web.archive.org/web/20211202081008/https://medium.com/@saurabhsankhwar3/p1-bug-in-apple-that-phase-old-is-gold-6eb99da5bbca | |
| https://www.y-security.de/news-en/microsoft-teams-csv-injection/index.html | |
| https://palisade.consulting/blog/tld-hacking | |
| https://certitude.consulting/blog/en/citrix-header-injection-2/ | |
| https://github.com/l0ggg/VMware_vCenter | |
| https://cyberguy0xd1.medium.com/my-write-up-in-hacking-ibms-administration-panel-and-getting-sqli-on-it-51404c7bee27 | |
| https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot | |
| https://www.synack.com/blog/this-microsoft-windows-rce-vulnerability-gives-an-attacker-complete-control/ | |
| https://www.inputzero.io/2021/04/play-the-opera-please.html | |
| https://marxchryz.medium.com/price-manipulation-bypass-using-integer-overflow-method-36ff23ebe91d | |
| https://sh1yo.art/post/websocket_hijacking/ | |
| https://sh1yo.art/post/sec-596/ | |
| https://medium.com/@thenighthawk0/how-i-got-my-first-bounty-on-financial-sector-gateway-site-by-using-previous-graphql-462cca7389ca | |
| https://ssd-disclosure.com/ssd-advisory-chrome-ad-heavy-bypass-via-history-back/ | |
| https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/ | |
| https://web.archive.org/web/20221001151628/https://galnagli.com/Wordpress_Plugin_Update_Confusion/ | |
| https://securifyinc.com/disclosures/rocketchat-monitor-messages | |
| https://medium.com/@thedarkwayg/how-i-found-my-first-xss-bug-96fb8e85a24c | |
| https://wahaz.medium.com/unauthenticated-sensitive-information-disclosure-at-redacted-2702224098c | |
| https://fortbridge.co.uk/research/multiple-vulnerabilities-in-concrete-cms-part2/ | |
| https://web.archive.org/web/20220119155429/https://0xgodson.medium.com/account-takeover-in-million-company-report-rejected-whats-wrong-60041f1815fb | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/ | |
| https://zseano.medium.com/finding-xss-on-apple-com-and-building-a-proof-of-concept-to-leak-your-pii-information-d7bc93cff2df | |
| https://blog.bugbountyhunter.com/xss-on-apple/ | |
| https://r0.haxors.org/posts?id=26 | |
| https://itsdeepceh.medium.com/a-business-logic-error-bug-worth-600-a0050720bfee | |
| https://blog.xss.am/2021/11/vuejs-script-gadget-intigriti/ | |
| https://www.gosecure.net/blog/2021/11/22/gosecure-investigates-abusing-windows-server-update-services-wsus-to-enable-ntlm-relaying-attacks/ | |
| https://lethanhphuc-pk.medium.com/bugbounty-xss-with-markdown-exploit-fix-on-opensource-1baecebe9645 | |
| https://cirius.medium.com/peeping-through-a-web-socket-936ed55a2c31 | |
| https://monish-basaniwal.medium.com/open-redirect-vulnerability-on-zapier-an-accidental-find-4cbbf029956c | |
| https://hackrzvijay.medium.com/hacking-apple-security-report-system-db84850002fb | |
| https://blog.dixitaditya.com/2021/11/19/account-takeover-chain.html | |
| https://krevetk0.medium.com/how-i-accidentally-hacked-many-companies-using-n-a-vulnerability-in-atlassian-cloud-d4ff8e7dbef1 | |
| https://www.p1boom.com/2021/11/a-story-of-epic-blind-remote-code.html | |
| https://threedr3am.github.io/2021/11/18/一种普遍存在于java系统的缺陷-Memory%20DoS/ | |
| https://feed.bugs.xdavidhu.me/bugs/0008 | |
| https://www.youtube.com/watch?v=UyemBjyQ4qA | |
| https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/ | |
| https://omespino.com/write-up-apple-bug-bounty-n-a-arbitrary-local-file-read-via-zip-file-and-symlinks-usd/ | |
| https://medium.com/techiepedia/the-tale-of-cve-2021-34479-vscode-xss-b336ba6cf3d6 | |
| https://www.oliviaohara.com/keybase | |
| https://medium.com/manomano-tech/finding-zero-day-vulnerabilities-in-the-supply-chain-28afa43b0f6e | |
| https://starlabs.sg/blog/2021/11-diving-into-open-source-lms-ccodebases/ | |
| https://hector0x.medium.com/dos-attack-in-yahoo-how-i-was-able-to-deny-new-users-from-service-6b222e744e61 | |
| https://hector0x.medium.com/broken-authentication-through-referral-code-25cd0e8bccc2 | |
| https://bahruz.me/publications/11847 | |
| https://hector0x.medium.com/dos-attack-in-yahoo-how-i-was-able-to-deny-new-users-from-service-6b222e744e61 | |
| https://piyushshuklabug.medium.com/how-i-found-p1-bug-due-to-sensitive-data-exposer-and-earn-99ebcb342bcd | |
| https://proviesec.medium.com/broken-link-hijacking-404-google-play-store-xxx-bounty-96e79a8dfd71 | |
| https://threatnix.io/blog/exploiting-csp-in-webkit-to-break-authentication-authorization/ | |
| https://securityflow.io/impact-of-an-insecure-deep-link/ | |
| https://secureitmania.medium.com/never-leave-this-tip-while-you-hunting-broken-access-control-f63c00b1e96a | |
| https://medium.com/@kashyapherry147/privilege-escalation-worth-of-300-b9a6eac3b0fa | |
| https://medium.com/@yashhunter772/how-i-got-200-in-30-seconds-3dd742f60186 | |
| https://tox7cv3nom.github.io/2021/11/12/chaining-of-csrf-token-misconfiguration-and-no-rate-limit-leads-to-mass-account-takeover.html | |
| https://hector0x.medium.com/from-url-dumps-digging-to-idor-bac-massive-phishing-in-udemy-6fa7f94ef256 | |
| https://coffeejunkie.me/Simple-SSRF/ | |
| https://omespino.com/write-up-google-vrp-bug-bounty-etc-environment-local-variables-exfiltrated-on-linux-google-earth-pro-desktop-app-1337-usd/ | |
| https://itsfading.github.io/posts/Unrestricted-File-Upload-Leads-to-SSRF-and-RCE/ | |
| https://thalium.github.io/blog/posts/fuzzing-microsoft-rdp-client-using-virtual-channels/ | |
| https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-vulnerability-walkthrough | |
| https://www.intruder.io/research/practical-http-header-smuggling | |
| https://medium.com/@fcwdbrqmr/400-bounty-again-using-google-dorks-6dc8e438f017 | |
| https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html | |
| https://0x0021h.medium.com/bypass-chrome-ad-heavy-detection-mechanism-25c9e2e4a0c4 | |
| https://0xmahmoudjo0.medium.com/how-i-found-multiple-sql-injection-with-ffuf-and-sqlmap-in-a-few-minutes-9c3bb3780e8f | |
| https://infosecwriteups.com/sony-hunting-i-discovering-hidden-parameters-5x-swag-c3396c0064bc | |
| https://security.lauritz-holtmann.de/post/sso-security-redirect-uri-ii/ | |
| https://web.archive.org/web/20211106100048/https://monke.ie/unicorn-programs/ | |
| https://philippeharewood.com/bypass-video-capture-limit-on-ray-ban-stories/ | |
| https://medium.com/techiepedia/unauthenticated-access-to-cloud-portal-a-without-%EF%B8%8F-9f29c387b937 | |
| https://fortbridge.co.uk/research/multiple-vulnerabilities-in-concrete-cms-part1-rce/ | |
| https://medium.com/@varmaanu001/hacktoberfest2k21-vulnerability-how-users-metadata-can-be-changed-via-auth-jwt-tokens-leaking-from-3028f8ad6991 | |
| https://thinkermaruf.medium.com/fiverr-email-restriction-bypassed-36b797cb7e9 | |
| https://perception-point.io/a-technical-analysis-of-cve-2021-30864-bypassing-app-sandbox-restrictions/ | |
| https://blog.assetnote.io/2021/11/02/sitecore-rce/ | |
| https://nassimchami.medium.com/stored-xss-to-account-take-over-45a7e09116a7 | |
| https://medium.com/@bababounty99/never-give-up-story-of-hacking-dutch-government-and-earning-that-swag-b518cca81c78 | |
| https://pathleax.medium.com/this-is-how-i-was-able-to-permanently-crash-all-mapillary-users-within-minutes-c7276def5a94 | |
| https://sushant-kamble.medium.com/how-i-found-command-injection-via-obsolete-phpthumb-p1-vulnerability-e4811248ce12 | |
| https://medium.com/@saurabh5392/one-misconfiguration-to-rule-them-all-b45f50fd3df4 | |
| https://pawanchhabria.medium.com/how-i-was-able-to-access-a-properly-configured-s3-bucket-a0e949446341 | |
| https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/ | |
| https://omespino.com/write-up-xss-stored-in-api-media-atlassian-com-via-doc-file-ios/ | |
| https://shubhamchaskar.com/xxe-to-ntlm/ | |
| https://research.nccgroup.com/2021/10/28/technical-advisory-apple-xar-arbitrary-file-write-cve-2021-30833/ | |
| https://medium.com/@priyanshbansal25/unauthenticated-cache-purge-c56fac8569e8 | |
| https://medium.com/@vikramroot/unauthorized-access-to-any-users-account-600e8efe7de0 | |
| https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover | |
| https://web.archive.org/web/20211216032639/https://xelkomy.medium.com/easy-ssrf-from-wayback-machine-edf946486120 | |
| https://blog.zecops.com/research/use-after-free-in-voice-control-cve-2021-30902/ | |
| https://darrenmartyn.ie/2021/10/27/zimbra-zmslapd-local-root-exploit/ | |
| https://renganathanofficial.medium.com/an-effective-5-min-recon-leads-to-a-hall-of-fame-ae7f20e5cf1a | |
| https://darrenmartyn.ie/2021/10/25/zimbra-nginx-local-root-exploit/ | |
| https://r0ckinxj3.wordpress.com/2021/10/24/a-7500-google-sites-idor/ | |
| https://gauravnarwani.com/account-takeover-via-improper-input-validation/ | |
| https://dhiyaneshgeek.github.io/web/security/2021/10/23/how-i-was-able-to-revoke-your-instagram-2fa/ | |
| https://securityforeveryone.com/blog/google-chrome-zero-day-vulnerability-cve-2021-30573 | |
| https://0day.click/recipe/discourse-sns-rce/ | |
| https://mrkrhy-xyz.medium.com/tagged-user-could-delete-facebook-story-d7f9cdde92aa | |
| https://xdev05.github.io/How-i-Got-3-SQLI-in-just-10-minutes/ | |
| https://infosecwriteups.com/a-story-of-another-awesome-old-school-hacking-that-lead-to-a-cool-p1-bug-f88da04b1ecf | |
| https://r0.haxors.org/posts?id=20 | |
| https://spaceraccoon.dev/all-your-d-base-are-belong-to-us-part-2-code-execution-in-microsoft-office | |
| https://web.archive.org/web/20231004134528/https://appsecure.security/unauthorized-access-to-any-face-book-users-draft-profile-picture-frames/ | |
| https://pyn3rd.github.io/2021/10/22/mysql-jdbc-xxe/ | |
| https://med-mahmoudi26.medium.com/from-staging-to-0-click-account-takeover-528a5ecaa3eb | |
| https://dphoeniixx.medium.com/exploiting-request-forgery-on-mobile-applications-e1d196d187b3 | |
| https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/ | |
| https://web.archive.org/web/20221128060608/https://wya.pl/2021/10/18/shells-and-soap-websphere-deserialization-to-rce/ | |
| https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea | |
| https://fortbridge.co.uk/research/independently-secure-together-not-so-much-a-story-of-2-wp-plugins/ | |
| https://infosecwriteups.com/how-i-escalated-a-time-based-sql-injection-to-rce-bbf0d68cb398 | |
| https://shahjerry33.medium.com/business-logic-errors-a-logic-destruction-477c4ebc824b | |
| https://muhammad-aamir.medium.com/exploitation-of-files-download-parameters-to-create-potential-risk-of-malware-delivery-200-bug-e2bcce0e737 | |
| https://lf.lc/vrp/203177829/ | |
| https://omespino.com/write-up-google-vrp-n-a-arbitrary-local-file-read-macos-via-a-tag-and-null-byte-in-google-earth-pro-desktop-app/ | |
| https://gowtham-naidu.medium.com/500-bug-sensitive-data-exposure-to-broken-access-control-leads-how-i-able-to-take-over-any-33658f16e265 | |
| https://jub0bs.com/posts/2021-10-12-xsleak-stack/ | |
| https://medium.com/@mehdi.alouache/eset-endpoint-security-credentials-theft-90082dfdf474 | |
| https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7 | |
| https://joranhonig.nl/stealing-info-using-ipfs-fuse/ | |
| https://medium.com/@mehdi.alouache/eset-endpoint-security-credentials-theft-90082dfdf474 | |
| https://medium.com/@mehdi.alouache/pulse-secure-version-number-disclosure-in-error-messages-143aa76c90cd | |
| https://realkeyboardwarrior.github.io/security/2021/10/11/hacking-youtube.html | |
| https://mhmdiaa.com/blog/exploiting-html-imports/ | |
| https://medium.com/@cappriciosec/how-i-hacked-billion-android-users-social-and-3rd-party-account-a-story-about-5000-bug-c422ca43bd2 | |
| https://medium.com/@mamunwhh/how-i-got-500-with-open-redirect-48fd80c82631 | |
| https://svennergr.github.io/writeups/google/ads_dom_xss/ | |
| https://hunter-55.medium.com/account-takeover-story-of-2-same-issues-in-a-single-program-but-different-sub-domains-in-10-minutes-840b2701db91 | |
| https://feed.bugs.xdavidhu.me/bugs/0011 | |
| https://mikekitckchan.medium.com/power-of-your-own-wordlist-fuzz-for-log-file-leads-to-information-leakage-ad46958b4729 | |
| https://medium.com/@oxygenne/request-smuggling-in-major-crypto-site-road-to-disappointment-a71a461f3b1f | |
| https://shail-official.medium.com/accessing-apples-internal-uat-slackbot-for-fun-and-non-profit-25b167605f38 | |
| https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation | |
| https://medium.com/@mfocuz/hacking-netflix-eureka-8e5957b2f539 | |
| https://medium.com/@saneem7/csrf-to-one-tray-red-bull-6564cd884a47 | |
| https://www.aeth.cc/public/Article-Pass-Culture/stored-xss-article-en.html | |
| https://supras.io/how-i-got-access-to-many-piis-through-a-source-code-leak/ | |
| https://github.com/snowyyowl/writeups/blob/main/CVE-2021-26084/CVE-2021-26084.md | |
| https://blog.hacktivesecurity.com/index.php/2021/10/05/cve-2021-43136-formalms-the-evil-default-value-that-leads-to-authentication-bypass/ | |
| https://sapt.medium.com/bypassing-403-protection-to-get-pagespeed-admin-access-822fab64c0b3 | |
| https://encodedguy.medium.com/600-for-idor-file-or-folder-download-243166452dad | |
| https://rishuranjanofficial.medium.com/html-injection-in-itunesconnect-apple-com-3f8a898f21ee | |
| https://vanshal.medium.com/pre-auth-ssrf-to-full-mailbox-access-microsoft-exchange-server-exploit-a62c8ac04b47 | |
| https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/ | |
| https://labs.f-secure.com/blog/analysis-of-cve-2021-1810-gatekeeper-bypass/ | |
| https://rohit443.medium.com/privilege-escalation-to-stored-xss-dff01314bc7e | |
| https://pentera.io/blog/vscalation-cve-2021-22015-local-privilege-escalation-in-vmware-vcenter-pentera-labs/ | |
| https://www.gremwell.com/spring-n1ql-injection | |
| https://blog.tint0.com/2021/09/pinging-xmlsec.html | |
| https://sinsinology.medium.com/expect-the-unexpected-discovering-fresh-zeroday-for-bounty-d074f3175847 | |
| https://medium.com/@anuragbhoir06/hello-everyone-this-is-anurag-bhoir-and-its-my-first-writeup-d8904d539ad2 | |
| https://ysamm.com/?p=729 | |
| https://dewcode.medium.com/force-browsing-bug-at-facebook-business-plan-500-bounty-73d1bb4883af | |
| https://habr.com/en/post/580582/ | |
| https://blog.s1r1us.ninja/research/PP | |
| https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216 | |
| https://deepsurface.com/deepsurface-security-advisory-lpe-in-firefox-on-windows/ | |
| https://medium.com/@dheerajkmadhukar/bypass-of-biometrics-password-security-functionality-for-android-8e0174ac7cac | |
| https://sick.codes/sick-2021-111/ | |
| https://sheshasai.medium.com/improper-phone-number-validation-to-account-takeover-f8b78b08ed05 | |
| https://parsiya.net/blog/2021-09-26-attack-surface-analysis-part-3-resurrected-code-execution/ | |
| https://hack5.dev/telegram/bug/2021/09/24/telegram-sessions-bug.html | |
| https://www.shielder.it/advisories/remote-command-execution-in-visual-studio-code-remote-development-extension/ | |
| https://habr.com/en/post/579714/ | |
| https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser | |
| https://medium.com/@the.white.soul.0/bug-bounty-fastmail-pobox-com-account-takeover-e1e2fd190a2 | |
| https://medium.com/@the.white.soul.0/bug-bounty-fastmail-topicbox-com-privileges-escalation-organization-takeover-815466876ad4 | |
| https://www.vulnano.com/2021/09/facebook-messenger-for-macos-contained.html | |
| https://trenchant.io/pwn2own-2021-parallels-desktop-guest-to-host-escape/ | |
| https://rizwansiddiqu1.medium.com/super-admin-panel-without-credentials-c2022a23bb35 | |
| https://www.akamai.com/blog/security/autodiscovering-the-great-leak | |
| https://gccybermonks.com/posts/mxss/ | |
| https://medium.com/@shakti.gtp/a-fever-worth-750-accessing-private-projects-d113c561311f | |
| https://medium.com/@varmaanu001/cookie-stealing-via-clickjacking-using-burp-collaborator-ff6f4ac1c18b | |
| https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html | |
| https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html | |
| https://robertchen.cc/blog/2021/09/20/npm-rce | |
| https://infosecwriteups.com/unlimited-report-user-in-instagram-facebook-leads-to-abuse-risk-efcca325aada | |
| https://manasharsh.medium.com/chaining-bugs-for-better-bounties-f14d6b2129de | |
| https://dewangpanchal98.medium.com/admin-access-799b50694965 | |
| https://fardeen-ahmed.medium.com/a-small-change-and-things-go-in-your-hand-story-of-a-250-bounty-5ddc43c31463 | |
| https://u-itachi.medium.com/from-phpinfo-page-to-many-p1-bugs-and-rce-symfony-bce432605662 | |
| https://mikekitckchan.medium.com/from-google-dorking-to-information-disclosure-5da4f1d771e5 | |
| https://medium.com/csg-govtech/all-your-d-base-are-belong-to-us-part-1-code-execution-in-apache-openoffice-cve-2021-33035-767fc7d6daf7 | |
| https://medium.com/hacking-info-sec/how-to-have-free-internet-wifi-on-united-airlines-flights-65ead4087bc9 | |
| https://medium.com/@sarveshblogs/a-small-tale-of-account-takeover-2eba07a6ef5f | |
| https://pwnsauc3.medium.com/weaponizing-reflected-xss-to-account-takeover-ae8aeea7aca3 | |
| https://mrpentestguy.medium.com/how-i-was-able-to-find-100-xss-in-united-nations-bug-bounty-program-a675573c006d | |
| https://medium.com/@soufianehabti/this-is-why-you-shouldnt-trust-your-federated-identity-provider-62160f50d8b2 | |
| https://iamsaugat.medium.com/a-facebook-bug-that-exposes-email-phone-number-to-your-friends-a980d24e5ea8 | |
| https://asterfiester.medium.com/how-i-was-able-to-send-sms-from-google-to-anyone-google-vulnerability-3277ea0cc9d1 | |
| https://s3c.medium.com/how-i-hacked-world-wide-tiktok-users-24e794d310d2 | |
| https://web.archive.org/web/20210914214020/https://s3c.medium.com/how-i-hacked-world-wide-tiktok-users-24e794d310d2 | |
| https://www.y-security.de/news-en/microsoft-azure-portal-persistent-cross-site-scripting/index.html | |
| https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure | |
| https://infosecwriteups.com/10-golden-minutes-for-taking-over-a-chess-com-account-56e73f7c5f0d | |
| https://blog.stmcyber.com/powershell-unicode-quotes-and-command-injection/ | |
| https://labs.detectify.com/2021/09/13/hacking-cloudkit-how-i-accidentally-deleted-your-apple-shortcuts/ | |
| https://www.netspi.com/blog/technical/cloud-penetration-testing/escalating-azure-privileges-with-the-log-analystics-contributor-role/ | |
| https://asterfiester.medium.com/3133-70-google-dialogflow-idor-vulnerability-7a72771678dd | |
| https://infosecwriteups.com/exposing-millions-of-irctc-passengers-ticket-details-53338280fb9e | |
| https://asterfiester.medium.com/5000-google-idor-vulnerability-writeup-c7b45926abe9 | |
| https://vedanttekale20.medium.com/how-i-found-my-first-aem-related-bug-5ea901aad3f4 | |
| https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html | |
| https://kattraxler.github.io/gcp/hacking/2021/09/11/gcp-ai-notebooks-vulnerability-remediation-update.html | |
| https://sank-dahal.medium.com/how-i-was-able-to-delete-any-facebook-story-where-am-i-mentioned-or-tagged-10c38a50e55c | |
| https://blog.chichou.me/2021/08/04/mistuned-part-i/ | |
| https://blog.chichou.me/2021/08/05/mistuned-part-ii/ | |
| https://blog.chichou.me/2021/09/10/mistuned-part-iii/ | |
| https://unit42.paloaltonetworks.com/azure-container-instances/ | |
| https://wojciechregula.blog/post/change-home-directory-and-bypass-tcc-aka-cve-2020-27937/ | |
| https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md | |
| https://www.spookjs.com | |
| https://medium.com/@gguzelkokar.mdbf15/xss-via-account-takeover-in-e-signature-feature-worth-2500-435f3f8325bf | |
| https://rikeshbaniyaaa.medium.com/facebook-email-disclosure-and-account-takeover-ecdb44ee12e9 | |
| https://blogs.opera.com/security/2021/09/bug-bounty-guest-post-local-file-read-via-stored-xss-in-the-opera-browser/ | |
| https://infosecwriteups.com/accessing-grofers-grafana-instance-using-shodan-52c585ada797 | |
| https://websecblog.com/vulns/google-threadit/ | |
| https://xhzeem.me/posts/SSRF-in-PDF-export-with-PhantomJs/read | |
| https://u-itachi.medium.com/full-structure-takeover-to-many-brands-of-company-e0ca434890ee | |
| https://ssd-disclosure.com/ssd-advisory-netgear-d7000-authentication-bypass/ | |
| https://apapedulimu.click/story-of-idor-on-google-product/ | |
| https://medium.com/@katikitala.sushmitha078/how-i-can-take-over-any-users-account-with-their-mobile-number-6d820a364cad | |
| https://web.archive.org/web/20211025081016/http://noahblog.360.cn/burp-suite-rce/ | |
| https://infosecwriteups.com/eye-for-an-eye-unusual-single-click-jwt-token-takeover-2e58f88cf44d | |
| https://shahjerry33.medium.com/business-logic-errors-must-vote-68f642b60fb7 | |
| https://infosecwriteups.com/bypassed-and-uploaded-a-sweet-reverse-shell-d15e1bbf5836 | |
| https://cyberguy0xd1.medium.com/how-i-hacked-bbc-mail-servers-e61bb6faed2d | |
| https://ysamm.com/?p=708 | |
| https://aob-89072.medium.com/how-mailru-handled-with-my-report-on-their-program-5e1f587ecaa | |
| https://aidilarf.medium.com/idor-vulnerability-in-graphql-api-on-website-bc45e050d1d3 | |
| https://irsl.medium.com/google-cloud-build-under-the-hood-bc00c68ad9de | |
| https://wojciechregula.blog/post/play-the-music-and-bypass-tcc-aka-cve-2020-29621/ | |
| https://4bdoz.medium.com/rce-by-code-injection-perl-reverse-shell-a2e90181b10 | |
| https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html | |
| https://www.synacktiv.com/publications/your-vulnerability-is-in-another-oem.html | |
| https://noob3xploiter.medium.com/sql-injection-in-harvard-subdomain-be67a5dbf664 | |
| https://medium.com/nerd-for-tech/breaking-applications-logic-to-dos-attack-88326cd0dd82 | |
| https://medium.com/@behnam.yazdanpanah/chaining-bugs-from-self-xss-to-account-takeover-82d572136bdf | |
| https://marxchryz.medium.com/how-i-found-multiple-xss-in-hidden-legacy-pages-a57a25d8ff1f | |
| https://medium.com/pentesternepal/hacking-dutch-government-for-a-lousy-t-shirt-8e1fd1b56deb | |
| https://www.zerodayinitiative.com/blog/2021/9/2/cve-2021-2429-a-heap-based-buffer-overflow-bug-in-the-mysql-innodb-memcached-plugin | |
| https://tomorrowisnew.com/posts/sql-injection-in-harvard-subdomain/ | |
| https://research.checkpoint.com/2021/now-patched-vulnerability-in-whatsapp-could-have-led-to-data-exposure-of-users/ | |
| https://cho0k.com/wp-content/uploads/2021/08/FullPoC.pdf | |
| https://www.tnirmal.com.np/2021/08/dropping-root-shell-in-crypto-exchange.html | |
| https://theshubh77.medium.com/bypassing-2-factor-authentication-for-facebook-business-manager-bounty-1000-usd-c78c858459d6 | |
| https://v3d.medium.com/broken-access-control-leads-to-change-of-admin-details-a783e31729c4 | |
| https://translate.google.com/translate?hl=en&sl=zh-CN&u=https://www.leavesongs.com/PENETRATION/cachet-from-laravel-sqli-to-bug-bounty.html&prev=search&pto=aue | |
| https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server | |
| https://itsfading.github.io/posts/I-owe-your-Request-HTTP-Request-Smuggling-leads-to-Full-Accounts-takeover/ | |
| https://blog.usamav.dev/two-account-takeover-bugs-worth-4300-dollar-bounty | |
| https://ian.sh/markmonitor | |
| https://medium.com/codex/hunting-for-xss-with-codeql-57f70763b938 | |
| https://medium.com/@iambroot/what-would-you-do-if-oracles-mailing-server-sent-you-this-bc275b1bf967 | |
| https://riteshgohil-25.medium.com/ato-of-wordpress-website-4-digits-bounty-in-5-minute-cc888c4054c9 | |
| https://rizwansiddiqu1.medium.com/information-disclosure-via-api-misconfiguration-c05ed327f9d2 | |
| https://0xjin.medium.com/bug-bounty-my-remote-code-execution-da7bbd00925a | |
| https://web.archive.org/web/20210829191303/https://0u.ma/5 | |
| https://caesarevan23.medium.com/ssrf-external-service-interaction-for-find-real-ip-cloudflare-and-leads-to-sql-injection-c22c02243299 | |
| https://medium.com/@hackrider/exploiting-devops-get-source-code-d4f5825eb373 | |
| https://infosecwriteups.com/how-i-scored-2k-bounty-via-an-idor-32eb2fa8aa1e | |
| https://infosecwriteups.com/how-did-i-earned-6000-from-tokens-and-scopes-in-one-day-12f95c6bf8aa | |
| https://chaosdb.wiz.io | |
| https://web.archive.org/web/20210920030213/https://pmoc.netsoc.cloud/oauth-idor-pii/ | |
| https://medium.com/@friendly_/reflective-xss-via-search-box-bypassing-cloudflare-waf-841ed420b7f | |
| https://sunilyedla.medium.com/websocket-hijacking-to-steal-session-id-of-victim-users-bca84243830 | |
| https://srcincite.io/blog/2021/08/25/pwn2own-vancouver-2021-microsoft-exchange-server-remote-code-execution.html | |
| https://maxwelldulin.com/BlogPost?post=7676291072 | |
| https://web.archive.org/web/20210826141443/https://medium.com/@navnz/retrieve-archived-stories-of-any-public-instagram-account-b3f5a26851f5 | |
| https://robertheaton.com/bumble-vulnerability/ | |
| https://irsl.medium.com/the-nomulus-rift-935a3c4d9300 | |
| https://medium.com/@amnotacat/how-companies-need-to-widen-there-scopes-75ba19ac50c7 | |
| https://web.archive.org/web/20211207210720/https://securityflow.io/one-endpoint-two-account-takeovers/ | |
| https://medium.com/@noob.assassin/5k-misconfigured-reset-password-that-leads-to-account-takeover-no-user-interaction-ato-e6a36b8ef183 | |
| https://web.archive.org/web/20210825045217/https://medium.com/@imunissar786/how-i-was-able-to-steal-private-files-of-any-user-on-larksuite-c0e2757429e2 | |
| https://www.upguard.com/breaches/power-apps | |
| https://medium.com/techiepedia/hey-google-delete-my-data-properly-googlevrp-83349ca8e0e1 | |
| https://sector7.computest.nl/post/2021-08-zoom/ | |
| https://medium.com/@gguzelkokar.mdbf15/huge-impact-server-side-request-forgery-in-production-app-20bf0cc5731 | |
| https://medium.com/@nehpatel/story-of-unexpected-bugs-75734d51ac57 | |
| https://web.archive.org/web/20210909040725/https://obsrva.org/2021/08/22/monkeytype-disclosure.html | |
| https://xelkomy.medium.com/how-i-was-able-to-get-1000-bounty-from-a-ds-store-file-dc2b7175e92c | |
| https://aswinthambi.blogspot.com/2021/08/recon-for-bug-bounty.html | |
| https://soatok.blog/2021/08/20/lobste-rs-password-reset-vulnerability/ | |
| https://monish-basaniwal.medium.com/how-i-found-my-first-subdomain-takeover-vulnerability-b7d5c17b61fd | |
| https://infosecwriteups.com/how-i-got-rce-in-the-world-largest-russian-company-8e6e8288bc4e | |
| https://www.yesnaveen.com/whatsapp-number-disclosure | |
| https://tuhin1729.medium.com/account-takeover-via-access-token-leakage-687276953408 | |
| https://devco.re/blog/2021/08/06/a-new-attack-surface-on-MS-exchange-part-1-ProxyLogon/ | |
| https://devco.re/blog/2021/08/06/a-new-attack-surface-on-MS-exchange-part-2-ProxyOracle/ | |
| https://devco.re/blog/2021/08/22/a-new-attack-surface-on-MS-exchange-part-3-ProxyShell/ | |
| https://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell | |
| https://zemnmez.medium.com/how-to-hack-apple-id-f3cc9b483a41 | |
| https://lokeshdlk77.medium.com/confirming-any-new-email-address-bug-in-facebook-part-4-70cfe1b4dca5 | |
| https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-announcekit | |
| https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/ | |
| https://sick.codes/sick-2021-109/ | |
| https://tiszka.com/blog/CVE_2021_21225.html | |
| https://tiszka.com/blog/CVE_2021_21225_exploit.html | |
| https://infosecwriteups.com/why-u-should-use-burp-to-test-path-traversal-vulnerability-and-also-get-rxss-2743cbb16a3c | |
| https://blogs.msmvps.com/alunj/2021/08/15/second-order-subdomain-takeovers-they-do-exist/ | |
| https://nassimchami.medium.com/1st-bug-bounty-writeup-open-redirect-to-xss-on-login-page-313221da2879 | |
| https://ahmdhalabi.medium.com/taking-over-employee-accounts-by-managers-with-zero-employee-interaction-b60784c3ad84 | |
| https://notifybugme.medium.com/finding-multiple-ssrf-with-aws-metadata-access-on-a-bank-system-7e73ac28e50a | |
| https://medium.com/@viralbhatt100/bypass-google-captcha-parameter-pollution-leads-to-send-email-to-any-user-on-behalf-of-9013aebbabae | |
| https://medium.com/bug-bounty-hunting/facebook-bug-invite-user-to-like-a-page-even-after-they-decline-the-page-like-invite-f83d9ec845b3 | |
| https://infosecwriteups.com/how-we-was-able-to-takeover-whole-organization-via-privilege-escalation-4f74b31a84a6 | |
| https://medium.com/@psr595bro/how-i-found-read-write-access-to-the-personal-data-of-3-million-users-of-an-e-commerce-website-b9026b0d4bd3 | |
| https://yasshk.medium.com/blind-ssrf-in-url-validator-93cbe7521c68 | |
| https://medium.com/@chaitanyarajhans024/simple-html-injection-to-250-895b760409ed | |
| https://www.usenix.org/conference/usenixsecurity21/presentation/bock | |
| https://craighays.com/how-i-bought-a-240-pound-annual-subscription-for-bargain-1-penny/ | |
| https://github.com/justinsteven/advisories/blob/master/2021_vscode_ipynb_xss_arbitrary_file_read.md | |
| https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/ | |
| https://medium.com/@gonzalocarrascosec/fuzzing-idor-admin-takeover-5343bb8f436e | |
| https://infosecwriteups.com/what-is-bola-3-digit-bounty-from-topcoder-a25e7fae0d64 | |
| https://j0vsec.com/post/cve-2021-25738/ | |
| https://bohops.com/2021/08/07/cve-2021-0090-intel-driver-support-assistant-dsa-elevation-of-privilege-eop/ | |
| https://valsamaras.medium.com/size-matters-cve-2021-0485-cfa0a291f903 | |
| https://philippeharewood.com/access-to-crowdtangle-deletion-framework-api/ | |
| https://philippeharewood.com/view-the-country-of-a-private-instagram-user/ | |
| https://philippeharewood.com/access-to-crowdtangle-deletion-framework-api/ | |
| https://santoshdbobade.medium.com/how-i-got-reflected-cross-site-scripting-rxss-on-manchester-metropolitan-university-700b36cb4f53 | |
| https://research.checkpoint.com/2021/i-can-take-over-your-kindle/ | |
| https://infosecwriteups.com/account-takeover-user-admin-via-password-reset-322b8020ea6 | |
| https://gonzx.medium.com/how-i-found-open-redirect-on-hashnode-com-5f3e9ecb8dc6 | |
| Youghourta Ghannei (@YoughartaG) | |
| https://yashswarup12.medium.com/how-the-use-of-hidden-form-fields-lead-to-email-verification-bypass-3c8d7c25bd31 | |
| https://infosecwriteups.com/how-i-scored-1k-bounty-using-waybackurls-717d9673ca52 | |
| https://blog.gypsyengineer.com/en/security/detecting-jackson-deserialization-vulnerabilities-with-codeql.html | |
| https://servicenger.com/blog/mobile/android/facebook-messenger-for-android-indirect-thread-deletion/ | |
| https://blog.azuki.vip/csrf/ | |
| https://ja1sharma.medium.com/bugbounty-idor-how-i-was-able-to-exfiltrate-any-users-credit-coupons-49631d9f3bc8 | |
| https://medium.com/@abhinda1996/privilege-escalation-private-program-bugcrowd-831a7eb58b6c | |
| https://medium.com/@sicks3c/tale-of-xss-in-angular-c5c057a56156 | |
| https://molx32.github.io/blog/2021/Bug-bounty-00/ | |
| https://coffeejunkie.me/Blind-XXE-Port-Scanning/ | |
| https://coffeejunkie.me/Multi-Domain-DOM-Cross-Site-Scripting/ | |
| https://medium.com/pentesternepal/the-journey-from-google-honorable-mention-to-hall-of-fame-f62d9d5882ea | |
| https://philippeharewood.com/missing-permission-check-for-facebook-gaming-community-invites/ | |
| https://web.archive.org/web/20220303093431/https://securitygoat.medium.com/bug-bounty-stories-1-tale-of-csp-bypass-in-an-electron-app-f669f6ecefc9 | |
| https://medium.com/@mumeido/from-hobby-to-hacking-5d8befb3adde | |
| https://gonzx.medium.com/how-i-escalate-my-self-stored-xss-to-account-takeover-with-the-help-of-idor-f20733ecdbe9 | |
| https://web.archive.org/web/20210824230504/https://medium.com/@yusifceferov_/how-i-bypassed-website-using-akamai-waf-e4e907aeb161 | |
| https://medium.com/@muhammadsholikhin/facebook-vulnerability-expose-group-member-3000-cca809a53f6b | |
| https://blog.niksthehacker.com/xxe-in-public-transport-ticketing-mobile-app-81ae245c01a1 | |
| https://medium.com/@vikramroot/account-takeover-via-stored-xss-b774f7a2a3ab | |
| https://infosecwriteups.com/google-bug-bounty-500-worth-client-side-dos-on-google-keep-35aab6aef279 | |
| https://medium.com/@sebastien.kaul/gaining-access-to-gcp-of-google-stadia-500-bounty-22f76ecc8e60 | |
| https://n1ghtmar3.medium.com/how-i-found-my-first-idor-in-hackerone-5d5f17bb431 | |
| https://infosecwriteups.com/how-i-could-have-hacked-your-medium-account-by-phishing-your-fb-twitter-google-credentials-d53bf7096da7 | |
| https://radianid.medium.com/chaining-open-redirect-with-xss-to-account-takeover-36acf218a6d5 | |
| https://3bodymo.medium.com/how-i-earned-by-amazon-s3-bucket-misconfigurations-29d51ee510de | |
| https://sunilyedla.medium.com/information-disclosure-to-account-takeover-a21b2b54147a | |
| https://haxolot.com/posts/2021/moodle_pre_auth_shibboleth_rce_part1/ | |
| https://web.archive.org/web/20210927021132/https://0xdln.ml/XSS-Special-Cases/ | |
| https://filipaze.medium.com/abusing-json-web-token-to-steal-accounts-3000-b9f7daeaef81 | |
| https://medium.com/bug-bounty/telegram-report-ssrf-leads-to-dos-attack-908bea5f5802 | |
| https://innotommy.com/You’ve%20Got%20%28a%20Reset%29%20Mail.pdf | |
| https://innotommy.com/You’ve_Got_(a_Reset)_Mail-Slide.pdf | |
| https://cinzinga.com/XXE-Case-Studies/ | |
| https://sapt.medium.com/apple-hall-of-fame-for-a-small-misconfiguration-unauth-cache-purging-faf81b19419b | |
| https://www.shielder.it/advisories/mattermost-server-reflected-xss-oauth/ | |
| https://hackerone.com/reports/1216203 | |
| https://medium.com/@shubhayumajumdar/bug-chain-leads-to-mass-account-takeover-25dc76205f5d | |
| https://mrd0x.com/easy-bounty-with-exposed-buckets-and-blobs/ | |
| https://medium.com/pentesternepal/how-i-found-a-bug-in-apple-within-just-in-5min-d7357237d7a0 | |
| https://medium.com/@Kntjrld/not-valid-bug-that-leads-to-us-a-multiple-valid-report-in-facebook-25a3fb8cb51 | |
| https://0x80dotblog.wordpress.com/2021/07/24/ebay-xss-demo-and-guide-to-spear-phishing/ | |
| https://orwaatyat.medium.com/how-i-found-multiple-bugs-on-facebook-in-1-month-and-a-part-for-my-methodology-tools-58a677a9040c | |
| https://imajk.medium.com/story-of-my-3rd-bounty-from-facebook-fef352853d1b | |
| https://github.com/vanhoefm/fragattacks#fragattacks-fragmentation--aggregation-attacks | |
| https://hackerone.com/reports/1238470 | |
| https://craighays.com/pre-account-takeover-by-reversing-a-weak-email-verification-token-algorithm/ | |
| https://pratikkhalane91.medium.com/unauthenticated-access-to-mongodb-database-of-oracle-corporation-d825c271267a | |
| https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/ | |
| https://www.r29k.com/articles/bb/self-xss-to-stored-xss | |
| https://microsoftedge.github.io/edgevr/posts/attacking-the-devtools/ | |
| https://web.archive.org/web/20210924032932/https://0xdln.ml/XSS-Through-Fuzzing-Default-IIS/ | |
| https://notifybugme.medium.com/how-i-was-able-find-mass-leaked-aws-s3-bucket-from-js-file-6064a5c247f8 | |
| https://tomcope.com/exploit/2021/07/19/ibm-hmc-exploit-cve-2021-29707.html | |
| https://blog.takemyhand.xyz/2021/07/hacking-on-xiaomis-android-apps.html | |
| https://melotover.medium.com/how-i-bypassed-a-tough-waf-to-steal-user-cookies-using-xss-da75f28108e4 | |
| https://medium.com/@muhammadsholikhin/facebook-vulnerability-1500-for-removing-document-cover-9ffd0173877b | |
| https://medium.com/@kalvik/account-takeover-a-bonus-vulnerability-3c2dc4e607ea | |
| https://shahjerry33.medium.com/rce-via-webdav-power-of-put-7e1c06c71e60 | |
| https://web.archive.org/web/20211017061704/https://0xdln.ml/IIS-Default-Page-to-Information-Disclosure/ | |
| https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/ | |
| https://infosecwriteups.com/logical-flaw-resulting-path-hijacking-dd4d1e1e832f | |
| https://infosecwriteups.com/how-i-was-able-to-bypass-cloudflare-for-xss-e94cd827a5d6 | |
| https://kabilan1290.medium.com/rfd-vulnerability-and-content-disposition-header-bypass-story-f8f962f54c7d | |
| https://jasminderpalsingh.info/stored-xss-in-google-doubleclick-studio-google-research-grant/ | |
| https://medium.com/@jawadmahdi/how-i-found-blind-sql-injection-just-by-browsing-and-getting-a-unique-url-ed87fa1f35ed | |
| https://krevetk0.medium.com/credential-stuffing-in-bug-bounty-hunting-7168dc1d3153 | |
| https://aidilarf.medium.com/380-xss-stored-in-bigo-bug-bounty-program-a8b9529adcc4 | |
| https://vijetareigns.medium.com/forced-browsing-to-access-admin-panel-214a7defa2a5 | |
| https://feed.bugs.xdavidhu.me/bugs/0010 | |
| https://rakesh-thodupunoori.medium.com/part-2-dive-into-zoom-applications-1b01091345c1 | |
| https://medium.com/macoclock/apple-security-bounty-a-personal-experience-fe9a57a81943 | |
| https://tomorrowisnew.com/posts/broken-access-control-bug-bypassing-403-s-by-finding-another-endpoint-that-do-the-same-thing/ | |
| https://4bdoz.medium.com/trick-to-bypass-rate-limit-of-password-reset-functionality-a9923d3d7c4b | |
| https://medium.com/@kalvik/pre-denial-of-service-set-up-2fa-on-unverified-account-8399af52ea2d | |
| https://infosecwriteups.com/critical-bug-bounty-reports-part-1-6fd9aef4b486 | |
| https://infosecwriteups.com/reflected-xss-through-insecure-dynamic-loading-dbf4d33611e0 | |
| https://web.archive.org/web/20210711090831/https://palisade.consulting/blog/link-hijacking-binances-shortlinks-through-appsflyer | |
| https://infosecwriteups.com/account-takeovers-believe-the-unbelievable-bb98a0c251a4 | |
| https://medium.com/pentesternepal/facebook-email-phone-disclosure-using-binary-search-d50430758c54 | |
| https://mrd0x.com/discovering-mcafee-products-zero-day-vulnerabilities/ | |
| https://feed.bugs.xdavidhu.me/bugs/0009 | |
| https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html | |
| https://adnanmalik.info/blog/lets-cancel-the-subscription/ | |
| https://donjon.ledger.com/kaspersky-password-manager/ | |
| https://saadahmedx.medium.com/exploiting-auto-save-functionality-to-steal-login-credentials-bf4c7e1594da | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/solarwinds-serv-u-1523-share-url-xss-cve-2021-32604/ | |
| https://hackrzvijay.medium.com/blind-xss-in-apple-school-enrollment-data-disclosure-a94c1da5bf54 | |
| https://gevakun.medium.com/view-other-user-private-livestream-data-e30a0acb5972 | |
| https://philippeharewood.com/bulletin-com-email-address-leak/ | |
| https://sankalpa02.medium.com/testing-cookies-worth-500-8fc2310e6d7e | |
| https://portswigger.net/research/finding-dom-polyglot-xss-in-paypal-the-easy-way | |
| https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 | |
| https://medium.com/techiepedia/how-i-was-able-to-takeover-any-account-on-foxit-com-7a08efa0144f | |
| https://github.com/irsl/gcp-dhcp-takeover-code-exec | |
| https://vovohelo.medium.com/how-i-found-my-first-chrome-bug-cve-2021-21210-248a21272248 | |
| https://blog.tyage.net/posts/2021-06-27-dependabot-rce/ | |
| https://web.archive.org/web/20210706150728/https://blog.assetnote.io/2021/06/27/uber-account-takeover-voicemail/ | |
| https://medium.com/techiepedia/misconfigured-3-bucket-a-semi-opened-environment-9cfb9dee782d | |
| https://www.pethuraj.com/blog/escalating-xss-to-arbitrary-file-read/ | |
| https://ysamm.com/?p=702 | |
| https://ysamm.com/?p=700 | |
| https://16521092.medium.com/some-ways-to-find-more-idor-da16c93954e5 | |
| https://blog.mzfr.me/posts/2021-06-24-unexported-component/ | |
| https://dudy2kk.medium.com/from-information-disclosure-to-interesting-privilege-escalation-61ed3aaaf218 | |
| https://shahjerry33.medium.com/pii-leakage-revealing-secrets-8b617071bd1c | |
| https://research.checkpoint.com/2021/a-supply-chain-breach-taking-over-an-atlassian-account/ | |
| https://smaranchand.com.np/2021/06/flywheel-subdomain-takeover/ | |
| https://web.archive.org/web/20210910154714/https://ricardoiramar.medium.com/msrc-is-confused-5d86b23c2e88 | |
| https://gccybermonks.com/posts/msstorebypass/ | |
| https://gccybermonks.com/posts/msstore/ | |
| https://fardeen-ahmed.medium.com/how-i-was-able-to-get-appreciation-from-the-organization-of-a-website-just-by-changing-a-sign-661042c97a98 | |
| https://blog.evanricafort.com/2021/06/generate-online-votes-using-race.html | |
| https://craighays.com/cracking-encrypted-credit-card-numbers-exposed-by-api/ | |
| https://sm4rty.medium.com/stored-xss-via-invite-leading-to-mass-account-takeover-at-opera-a85ed257dd12 | |
| https://ertugrull.medium.com/unprivileged-user-with-read-write-permission-to-user-access-can-escalate-their-role-to-admin-a217d2d280a8 | |
| https://thezerohack.com/apple-vulnerability-bug-bounty | |
| https://pwn.vg/articles/2021-06/local-file-read-via-error-based-xxe | |
| https://medium.com/@zahirtariq/zero-click-account-takeover-32e888d13e73 | |
| https://rohit-soni.medium.com/exploiting-file-upload-functionality-in-unique-way-6081b8f658dd | |
| https://imranhudaa.medium.com/accessing-restricted-documentswith-extra-json-body-content-c59bc7224189 | |
| https://0xbadb00da.medium.com/account-takeover-via-stored-xss-with-arbitrary-file-upload-2774ec6cff51 | |
| https://wojciechregula.blog/post/m1-macs-gatekeeper-bypass-aka-cve-2021-30658/ | |
| https://cyberxplore.medium.com/how-we-are-able-to-hack-any-company-by-sending-message-including-facebook-google-microsoft-b7773626e447 | |
| https://www.youtube.com/watch?v=XfTN7fPtB1s | |
| https://posts.specterops.io/certified-pre-owned-d95910965cd2 | |
| https://blog.evanricafort.com/2021/06/html-injection-and-a-dream.html | |
| https://infosecwriteups.com/crashing-your-linkedin-app-with-a-connection-request-257f9b484550 | |
| https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/ | |
| https://rakesh-thodupunoori.medium.com/part-1-dive-into-zoom-applications-d70f3de53ec5 | |
| https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468 | |
| https://inakcf.medium.com/one-click-dos-via-response-manipulation-2f08da421104 | |
| https://infosecwriteups.com/authentication-bypass-easy-p1-in-10-minutes-54d5a2093e54 | |
| https://vin01.github.io/piptagole/gitlab/ssrf/security/bugbounty/2021/06/15/gitlab-ssrf.html | |
| https://blog.cyberxplore.com/how-we-are-able-to-hack-any-company-by-sending-message-20000-bounty-cve-2021-34506/ | |
| https://fartademayur.medium.com/this-is-how-i-was-able-to-see-private-archived-posts-stories-of-users-on-instagram-without-de70ca39165c | |
| https://infosecwriteups.com/importance-of-burp-history-analysis-to-bypass-403-afc7af6c08b | |
| https://ian.sh/airflow | |
| https://securitytrails.com/blog/blast-radius-airflow | |
| https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138 | |
| https://shahjerry33.medium.com/blind-command-injection-it-hurts-9f396c1f63f2 | |
| https://hosein-vita.medium.com/an-exciting-journey-to-find-ssrf-bypass-cloudflare-and-extract-aws-metadata-fdb8be0b5f79 | |
| https://otmastimi.medium.com/users-location-diclosure-in-the-nearby-friends-feature-fabd24be05cb | |
| https://0x01alka.medium.com/google-vrp-privilege-escalation-on-https-dialogflow-cloud-google-com-599af6c4516d | |
| https://kaif0x01.medium.com/story-of-account-takeover-using-social-login-with-mass-assignment-vulnerability-to-hack-accounts-21e4d5856f5e | |
| https://sinsinology.medium.com/how-i-found-the-silliest-logical-vulnerability-for-750-d4f49e5b8763 | |
| https://pratikkhalane91.medium.com/how-i-was-able-to-bypass-the-admin-panel-without-the-credentials-d65f90e0e1e4 | |
| https://youst.in/posts/bypassing-2fa-using-openid-misconfiguration/ | |
| https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/ | |
| https://0xdekster.medium.com/second-order-race-condition-be8aaf774783 | |
| https://blog.evanricafort.com/2021/06/2usd-idor-bug-in-redacted.html | |
| https://www.ehpus.com/post/author-spoofing-in-google-colaboratory | |
| https://infosecwriteups.com/how-i-was-able-to-bypass-parental-pin-of-showmax-e6d6ec3af92d | |
| https://fortbridge.co.uk/research/joomla-password-reset-vulnerability-and-stored-xss-for-full-compromise/ | |
| https://vedanttekale20.medium.com/story-of-my-first-cash-bounty-on-hackerone-acad282ae962 | |
| https://samiparyal.medium.com/how-i-could-have-accessed-all-your-private-videos-photos-saved-inside-your-device-without-even-1a7e455ddcc8 | |
| https://notifybugme.medium.com/how-github-recon-help-me-to-find-nine-full-ssrf-vulnerability-with-aws-metadata-access-531d931413a5 | |
| https://batee5a.medium.com/shopify-multipass-misconfiguration-2bc85e92ad1d | |
| https://gccybermonks.com/posts/popups/ | |
| https://infosecwriteups.com/executing-csrf-with-phone-validation-103c525dd310 | |
| https://dewangpanchal98.medium.com/403-forbidden-bypass-fc8b5df109b7 | |
| https://bloggerrando.blogspot.com/2021/06/how-many-likes-and-dislikes-that-was.html | |
| https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse/ | |
| https://shahjerry33.medium.com/server-side-request-forgery-a-forged-document-6359ef25058d | |
| https://medium.com/@abhishake21/bypassing-lfi-local-file-inclusion-ebf4274e7027 | |
| https://frichetten.com/blog/xss_in_aws_console/ | |
| https://payatu.com/blog/gaurav/exploiting-open-redirect | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/huawei-lte-usb-stick-e3372-file-overwrite-to-code-execution/ | |
| https://infosecwriteups.com/admin-panel-pwned-89db333f3836 | |
| https://notifybugme.medium.com/escalating-ssrf-to-accessing-all-user-pii-information-by-aws-metadata-aabcfd5a3e0e | |
| https://justintaft.com/blog/2021/06/01/cve-2021-29084-synology-crlf-unauthenticated-file-downloads | |
| https://infosecwriteups.com/facebook-page-admin-disclosure-7d8893a4a674 | |
| https://blog.lbherrera.me/posts/appcache-forgotten-tales/ | |
| https://notifybugme.medium.com/escalating-ssrf-to-accessing-all-user-pii-information-by-aws-metadata-aabcfd5a3e0e | |
| https://github.com/champtar/blog/tree/main/runc-symlink-CVE-2021-30465 | |
| https://github.com/champtar/blog/tree/main/Metadata_MITM_root_EKS_GKE | |
| https://github.com/xbforce/Blog/blob/main/writeup/account-takeover-via-iframe-injection.md | |
| https://master-sec.medium.com/the-beauty-of-chaining-client-side-bugs-759e1091eabf | |
| https://sinsinology.medium.com/cafebazaar-and-subdomain-takeover-a0ab61a19ce8 | |
| https://web.archive.org/web/20210621221618/https://savirsuda.github.io/Github-The-Goldmine-for-P1s-and-P2s-Sensitive-Information-Exposure-via-Github-by-a-Company-Employee/ | |
| https://akashroxstarz.medium.com/hey-waf-better-luck-next-time-a1df7f444863 | |
| https://cirius.medium.com/how-i-hacked-a-target-again-and-again-6db2e462221f | |
| https://feed.bugs.xdavidhu.me/bugs/0007 | |
| https://ledz1996.gitlab.io/blog/writeups/CVE-2021-22203-gitlab-arbitrary-file-read-write-through-kroki | |
| https://joelmcg1993.medium.com/stored-xss-with-two-different-parameters-d9243cae3e6a | |
| https://blog.theori.io/research/webkit-type-confusion/ | |
| https://n1ghtmar3.medium.com/chaining-xss-with-authentication-issues-to-turn-it-into-full-account-takeover-ae886ac696bb | |
| https://medium.com/fraktal/content-spoofing-vulnerability-in-shibboleth-service-provider-a6619404eaf1 | |
| https://amineaboud.medium.com/disclose-leads-form-details-of-any-facebook-business-account-or-facebook-page-bug-bounty-7ecae6cff312 | |
| https://mikekitckchan.medium.com/cors-misconfig-that-worths-usd200-4696eda5ab4c | |
| https://bendtheory.medium.com/finding-and-exploiting-unintended-functionality-in-main-web-app-apis-6eca3ef000af | |
| https://rohitcoder.medium.com/victims-anti-csrf-token-could-be-exposed-to-third-party-applications-installed-on-user-s-device-be8e40d511ba | |
| https://rohitcoder.medium.com/csrf-from-which-we-can-create-a-support-ticket-in-victims-account-500-c1aa61f99c17 | |
| https://shrirangdiwakar.medium.com/how-i-turned-0000-into-600-phone-verification-bypass-b1c0f6eb568e | |
| https://dewangpanchal98.medium.com/403-forbidden-bypass-fc8b5df109b7 | |
| https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/ | |
| https://ysamm.com/?p=697 | |
| https://keerok.github.io/2021/05/09/XSS-via-postMessage-in-chat-mozilla-org-CVE-2021-21320/ | |
| https://infosecwriteups.com/third-party-apps-were-still-getting-your-private-facebook-data-even-after-their-access-expiry-6e4be4880e6e | |
| https://infosecwriteups.com/writeups-facebook-whitehat-program-2021-instagram-live-setting-bug-500-usd-d2d076b3f8bb | |
| https://pwn.vg/articles/2021-05/ssrf-in-pdf-renderer-using-svg | |
| https://thevillagehacker.medium.com/time-based-sql-injection-to-dumping-the-database-da0e5bcaa9df | |
| https://blog.riotsecurityteam.com/dos-and-stored-html-injection-bug-bounty-writeup | |
| https://www.sonarsource.com/blog/nosql-injections-in-rocket-chat/ | |
| https://n3t-hunt3r.medium.com/finding-my-first-critical-web-cache-poisoning-6f956799371c | |
| https://feed.bugs.xdavidhu.me/bugs/0006 | |
| https://www.fortbridge.co.uk/research/drupal-insecure-default-leads-to-password-reset-poisoning/ | |
| https://sirleeroyjenkins.medium.com/just-gopher-it-escalating-a-blind-ssrf-to-rce-for-15k-f5329a974530 | |
| https://feed.bugs.xdavidhu.me/bugs/0005 | |
| https://seaman00o.medium.com/my-fourth-account-takeover-through-password-reset-28a36dfebaf | |
| https://nvk0x.medium.com/how-i-hijacked-12-subdomains-in-one-program-eea468bcd64f | |
| https://feed.bugs.xdavidhu.me/bugs/0004 | |
| https://kailashbohara.com.np/blog/2021/05/16/MSSQL-Injection-in-JSON-request/ | |
| https://www.pethuraj.com/blog/edmodo-bug-bounty-writeup/ | |
| https://omar0x01.medium.com/how-to-prevent-more-than-200-million-users-from-using-google-services-136b3b8e221f | |
| https://infosecwriteups.com/2fa-bypass-via-forced-browsing-9e511dfdb8df | |
| https://web.archive.org/web/20221001135941/https://galnagli.com/Mass_Assignment/ | |
| https://ysamm.com/?p=695 | |
| https://kailashbohara.com.np/blog/2021/05/13/Google-blind-XSS/ | |
| https://secret.club/2021/05/13/source-engine-rce-join.html | |
| https://filipaze.medium.com/how-i-find-my-first-stored-xss-c6f57155cc1a | |
| https://tuhin1729.medium.com/story-of-my-hacking-dutch-government-46b7a3c8b75a | |
| https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html | |
| https://www.intezer.com/blog/cloud-security/cve-2021-27075-microsoft-azure-vulnerability-allows-privilege-escalation-and-leak-of-data/ | |
| https://blog.evanricafort.com/2021/05/2fa-verification-bypass-in-shapeshift.html | |
| https://infosecwriteups.com/stored-xss-to-organisation-takeover-6eaaa2fdcd5b | |
| https://sndpgiriz.medium.com/simple-logical-bug-turned-into-a-bounty-a3d7ac214606 | |
| https://mrcyberwarrior.medium.com/exploiting-activity-in-medium-android-app-e2e6f3553eef | |
| https://notifybugme.medium.com/unauthorized-access-to-django-admin-dashboard-by-endpoint-leaked-on-github-5336969ddbbc | |
| https://dewangpanchal98.medium.com/microsoft-bug-bounty-writeup-5ee4a7264dbf | |
| https://mvinni.medium.com/workplace-by-facebook-unauthorized-access-to-companies-environment-27-5k-a593a57092f1 | |
| https://takashi-suzuki.medium.com/apple-bug-bounty-xss-2021-78c2f4fc4106 | |
| https://ysamm.com/?p=691 | |
| https://www.offensive-security.com/offsec/macos-preferences-priv-escalation/ | |
| https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html | |
| https://ysamm.com/?p=684 | |
| https://ahmadaabdulla.medium.com/how-i-found-sql-injection-on-intensedebate-com-h1-in-5-minute-350-a36c2890882d | |
| https://infosecwriteups.com/xss-through-parameter-pollution-9a55da150ab2 | |
| https://justm0rph3u5.medium.com/injecting-punycode-url-within-the-arbitrary-text-via-comment-box-in-google-photos-sharing-option-8b424065deb3 | |
| https://saajan.bhujel.cyou/blog/web/2021-05-05-xss-through-parameter-pollution | |
| https://infosecwriteups.com/xss-through-parameter-pollution-9a55da150ab2 | |
| https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html | |
| https://hackerone.com/reports/1154542 | |
| https://ctf.re//source-engine/exploitation/2021/05/01/source-engine-2/ | |
| https://ctf.re/source-engine/exploitation/reverse-engineering/2018/08/02/source-engine-1/ | |
| https://web.archive.org/web/20210728030437/https://ritiksahni.me/open-source-bug-bounty-tutorial | |
| https://web.archive.org/web/20210620102348/https://ipanda.co.in/blog1.html | |
| https://0xprial.com/idor-leads-to-leak-any-uber-eats-restaurant-analytics/ | |
| https://www.jomar.fr/posts/2021/basic_recon_to_rce/ | |
| https://notifybugme.medium.com/chaining-csrf-with-xss-to-deactivate-mass-user-accounts-by-single-click-b463c0d26587 | |
| https://www.jomar.fr/posts/2021/ssrf_through_pdf_generation/ | |
| https://web.archive.org/web/20220922223136/https://ipanda.co.in/blog0.html | |
| https://blog.usamav.dev/how-i-got-400-usd-for-my-first-ssrf-bug | |
| https://www.pentagrid.ch/de/blog/password-reset-code-brute-force-vulnerability-in-AWS-Cognito/ | |
| https://ysamm.com/?p=667 | |
| https://www.jomar.fr/posts/2021/my_first_oob_xxe_exploitation/ | |
| https://web.archive.org/web/20210621213025/https://savirsuda.github.io/How-I-was-able-to-Retrieve-your-Personal-Documents-using-the-Wayback-Machine/ | |
| https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/ | |
| https://blog.sonarsource.com/php-supply-chain-attack-on-composer/ | |
| https://bughunter25.medium.com/a-tale-of-html-to-pdf-converter-ssrf-and-various-bypasses-4a3e11030c77 | |
| https://feed.bugs.xdavidhu.me/bugs/0003 | |
| https://polarply.medium.com/the-false-oracle-azure-functions-padding-oracle-issue-2025e0e6b8a | |
| https://dewcode.medium.com/how-did-i-earn-by-breaking-the-back-end-logic-of-the-server-fd94882cbdf6 | |
| https://n45ht.or.id/post/reflected-dom-xss-on-domainesia/en | |
| https://n45ht.or.id/post/exploiting-xss-via-markdown-on-xiaomi/en | |
| https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/ | |
| https://hackerone.com/reports/1095645 | |
| https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/ | |
| https://blog.bricked.tech/posts/exiftool/ | |
| https://n45ht.or.id/post/reflected-xss-on-microsoft/en | |
| https://r29k.com/articles/bb/ato | |
| https://wwws.nightwatchcybersecurity.com/2021/04/25/supply-chain-attacks-via-github-com-releases/ | |
| https://mrsinister1501.medium.com/how-i-found-cross-site-scripting-reflected-on-more-than-300-systems-81d8118d9de5 | |
| https://www.r29k.com/articles/bb/ato | |
| https://infosecwriteups.com/rce-via-internal-access-to-adminer-database-management-critical-d3dc2a1d392a | |
| https://notifybugme.medium.com/aws-internal-metadata-accessed-through-ssrf-by-chaining-an-open-redirect-bug-c4b0e4838dc | |
| https://baibhavjha.com.np/blogs/deactivateduserspageroles/ | |
| https://infosecwriteups.com/brave-stealing-your-cookies-remotely-1e09d1184675 | |
| https://davtur19.medium.com/telegram-bug-bounties-xss-privacy-issues-official-bot-exploitation-and-more-5277fa78435 | |
| https://parthdeshani.medium.com/got-nice-catch-by-google-5e6a8211371c | |
| https://www.hoyahaxa.com/2021/04/ssrf-in-coldfusioncfml-tags-and.html | |
| https://privatedrop.github.io | |
| https://www.lutasecurity.com/post/new-clubhouse-security-vulnerabilities-could-happen-to-any-growing-unicorn | |
| https://blog.ryotak.me/post/homebrew-security-incident-en/ | |
| https://noobx.in/blogs/how-i-was-able-to-inject-xss-payload-into-any-user-s-mailbox | |
| https://websec.nl/blog/606ecfec2f798a048269340e/dmcacom%20hack%20full%20disclosure%20with%20proof-of-concept | |
| https://secret.club/2021/04/20/source-engine-rce-invite.html | |
| https://jmrcsnchz.medium.com/playing-with-iframes-bypassing-content-security-policy-987c2f0b8e8a | |
| https://feed.bugs.xdavidhu.me/bugs/0002 | |
| https://bloggerrando.blogspot.com/2021/04/idor-leads-to-how-many-likes-that-was.html | |
| https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ | |
| https://pharish4948.medium.com/blind-ssrf-to-port-scanning-through-response-time-d7336667299d | |
| https://notifybugme.medium.com/unauthorized-access-to-admin-setpassword-page-by-bypass-403-forbidden-f10bbb92ab35 | |
| https://edmundaa222.medium.com/poc-untrim-any-live-video-on-facebook-ad6b97bad7c0 | |
| https://mase289.medium.com/exploiting-unrestricted-file-upload-to-achieve-remote-code-execution-on-a-bug-bounty-program-85661516712 | |
| https://infosecwriteups.com/pwning-your-assignments-stored-xss-via-graphql-endpoint-6dd36c8a19d5 | |
| https://0x2m.medium.com/misconfiguration-in-change-password-functionality-leads-to-account-takeover-1314b5507abf | |
| https://shahjerry33.medium.com/xss-via-exif-data-the-p2-elevator-d09e7b7fe9b9 | |
| https://0day.click/recipe/2021-04-18-discourse-themes/ | |
| https://edmundaa222.medium.com/poc-remove-any-facebooks-live-video-14-000-bounty-70c8135b7b4c | |
| https://aseemshrey.in/lets-learn-english-hacking-10M-Users/ | |
| https://edmundaa222.medium.com/poc-update-business-fyi-message-as-facebook-page-analyst-d36170fdede2 | |
| https://pharish4948.medium.com/how-i-earned-3200-in-4hours-through-stored-xss-38597877d3e1 | |
| https://infosecwriteups.com/fun-sql-injection-mod-security-bypass-644b54b0c445 | |
| https://positive.security/blog/url-open-rce | |
| https://fernale.blogspot.com/2021/04/how-i-got-9000-usd-by-hacking-into.html | |
| https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/ | |
| https://blog.talosintelligence.com/2021/04/vuln-spotlight-azure-sphere-april-2021.html | |
| https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/ | |
| https://onekey.com/blog/advisory-cisco-rv34x-authentication-bypass-remote-command-execution/ | |
| https://arben.sh/bugbounty/Local-File-Inclusion/ | |
| https://mc0wn.blogspot.com/2021/04/exploiting-struts-rce-on-2526.html | |
| https://starlabs.sg/blog/2021/04-you-talking-to-me/ | |
| https://leethax0.rs/2021/04/ElectricChrome/ | |
| https://infosecwriteups.com/unauthenticated-account-takeover-through-forget-password-c120b4c1141d | |
| https://monke.ie/duckduckgoxss/ | |
| https://gatolouco.medium.com/cookie-poisoning-leads-to-dos-and-privacy-violation-8aa773547c96 | |
| https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues | |
| https://gatolouco.medium.com/critical-blind-storage-xss-my-first-bug-bounty-d318f6ba570c/ | |
| https://mikey96.medium.com/what-if-you-could-deposit-money-into-your-betting-account-for-free-24f6690aff46 | |
| https://notifybugme.medium.com/chaining-an-blind-ssrf-bug-to-get-an-rce-92c09de3c0ba | |
| https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/ | |
| https://0xra.github.io/posts/apple-tv-code-execution/ | |
| https://mikey96.medium.com/cloud-based-storage-misconfigurations-critical-bounties-361647f78a29 | |
| https://infosecwriteups.com/weird-and-very-easy-authentication-bypass-found-with-google-dorking-c13230a038ed | |
| https://huntr.dev/blog/intro-to-open-source-bug-bounty/ | |
| https://feed.bugs.xdavidhu.me/bugs/0001 | |
| https://robertchen.cc/blog/2021/04/03/github-pages-xss | |
| https://www.sjoerdlangkemper.nl/2021/04/04/remote-code-execution-through-unsafe-unserialize/ | |
| https://bendtheory.medium.com/journeys-in-quoteless-and-multi-reflection-xss-b1d67bb0c5dd | |
| http://www.kamilonurozkaleli.com/posts/rce-on-starbucks-singapore-and-more/ | |
| https://nns.ee/blog/2021/04/03/modem-rce.html | |
| https://blog.tyage.net/posts/2021-04-02-improper-access-control-github-workflow/ | |
| https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning | |
| https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html | |
| https://infosecwriteups.com/bragging-rights-lets-head-back-to-bug-bucket-88c94730b6fa | |
| https://security.lauritz-holtmann.de/post/xss-parameter-guessing/ | |
| https://sriram-offcl.medium.com/play-a-game-get-subscribed-to-my-channel-youtube-clickjacking-bug-googlevrp-6ce1d15542d3 | |
| https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html | |
| https://ysamm.com/?p=654 | |
| https://ysamm.com/?p=646 | |
| https://mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c | |
| https://lf.lc/vrp/181521559d/ | |
| https://philippeharewood.com/download-facebook-internal-mobile-builds/ | |
| https://medium.com/@Kntjrld/my-first-bug-report-at-facebook-2021-bab2c2373ee3 | |
| https://nirajmodi51.medium.com/missing-cors-leads-to-complete-account-takeover-1ed4b53bf9f2 | |
| https://thexssrat.medium.com/i-felt-like-there-were-no-more-bugs-left-after-winning-2000-but-an-email-worth-750-changed-my-c7a507649060 | |
| https://infosecwriteups.com/a-weird-xss-77c13d135c9f | |
| https://medium.com/@ashrafharb997/csrf-to-full-account-takeover-5196cef9d166 | |
| https://xhzeem.me/posts/PHP-fopen-function-to-local-file-inclusion/read/ | |
| https://www.pethuraj.com/blog/paypal-bug-bounty-writeup/ | |
| https://bloggerrando.blogspot.com/2021/03/bug-bounty-like-and-dislike-count.html | |
| https://jychp.medium.com/how-to-bypass-cloudflare-bot-protection-1f2c6c0c36fb | |
| https://abhisek3122.medium.com/increasing-impact-of-information-disclosure-full-account-takeover-2f12d8963d5c | |
| https://bloggerrando.blogspot.com/2021/03/bug-bounty-idor-in-youtube-bounty.html | |
| https://shrirangdiwakar.medium.com/encrypted-payload-decrypted-execution-600-stored-xss-3e517cea8f13 | |
| https://thexssrat.medium.com/poc-the-easiest-125-euros-i-ever-made-4dc87f01e286 | |
| https://melotover.medium.com/how-i-leveraged-xss-to-make-privilege-escalation-to-be-super-admin-e120b6090451 | |
| https://www.ehpus.com/post/multiple-authorization-bypass-issues-in-google-s-richmedia-studio | |
| https://3bodymo.medium.com/bypass-rate-limit-to-enumeration-users-through-google-drive-ed64e07c879c | |
| https://dewcode.in/2021/03/24/Finding-and-exploiting-race-condition-vulnerability-on-facebook-server.html | |
| https://emptynebuli.github.io/tooling/2021/03/22/rustyiron.html | |
| https://sudhanshur705.medium.com/how-i-made-it-to-google-hof-f1cec85fdb1b | |
| https://thexssrat.medium.com/how-i-found-my-first-critical-vulnerability-in-bug-bounties-f890d420764b | |
| https://bilalabdulmuqeet.medium.com/brute-forcing-otp-via-bypassing-rate-limit-c5ee6b25c2a8 | |
| https://shahjerry33.medium.com/cross-site-port-attack-a-strangers-call-c2467f93792f | |
| https://muhammad-aamir.medium.com/oauth-misconfiguration-found-in-small-time-window-of-attack-b585afcb94c6 | |
| https://godiego.co/posts/STO-AWS/ | |
| https://gccybermonks.com/posts/xss-mozilla/ | |
| https://clarkvoss.medium.com/how-to-harpon-big-blue-c163722638d8 | |
| https://blog.assetnote.io/2021/03/18/h2c-smuggling/ | |
| https://medium.com/@dPhoeniixx/tiktok-for-android-1-click-rce-240266e78105 | |
| https://infosecwriteups.com/how-i-hacked-facebook-part-two-ffab96d57b19 | |
| https://med-mahmoudi26.medium.com/chaining-bugs-for-the-greater-good-664412ae85f8 | |
| https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html | |
| https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites | |
| https://hx01.me/Abusing_Data_Protection_Laws_For_D0xing_and_Account_Takeovers.pdf | |
| https://www.thezdi.com/blog/2021/3/17/cve-2021-27076-a-replay-style-deserialization-attack-against-sharepoint | |
| https://secureitmania.medium.com/an-unknown-linux-secret-that-turned-ssrf-to-os-command-injection-6fe2f4edc202 | |
| https://mayank-01.medium.com/an-interesting-account-takeover-3a33f42d609d | |
| https://www.pantaprakash.com.np/posts/categories/bugbounty-writeup/5.html | |
| https://noobx.in/blogs/API-Misconfiguration-which-leads-to-unauthorized-access-to-servicedesk-tickets | |
| https://baibhavjha.com.np/blogs/facebookgroupmemberdisclosure/ | |
| https://spongebhav.medium.com/facebook-group-members-disclosure-e53eb83df39e | |
| https://rahulvarale.medium.com/idor-vulenebility-with-empty-response-still-exposing-sensitive-details-of-customers-bdce0a6a1b07 | |
| https://ahmadaabdulla.medium.com/how-i-found-sql-injection-on-8x8-cengage-comodo-automattic-20-company-c296d1a09f63 | |
| https://naveenprakaasam.medium.com/finding-keys-under-the-door-5cea8758ce86 | |
| https://ashutoshmishra00x0.medium.com/account-takeover-via-reset-password-worth-2000-de085851d81d | |
| https://apapedulimu.click/google-vrp-how-i-get-blind-xss-at-google-with-dork-first-bounty-and-hof/ | |
| https://blog.teddykatz.com/2021/03/10/fork-collab-abuse.html | |
| https://infosecwriteups.com/business-logic-error-on-registration-leads-to-sms-validation-bypass-80380b3ff629 | |
| https://infosecwriteups.com/chain-of-low-level-bugs-and-misconfigurations-leads-to-account-takeover-de248fc4e481 | |
| https://notifybugme.medium.com/finding-basic-authtoken-in-javascript-file-by-full-automation-6188ca1b1f56 | |
| https://publish.whoisbinit.me/amazon-ec2-dangling-dns-records-on-surf-test-xwf-internet-org | |
| https://kleiton0x00.github.io/posts/Exploiting-HTTP-Request-Smuggling-(TE.CL)-XSS-to-website-takeover/ | |
| https://infosecwriteups.com/exploiting-http-request-smuggling-te-cl-xss-to-website-takeover-c0fc634a661b | |
| https://omespino.com/write-up-google-vrp-n-a-ssrf-bypass-with-quadzero-in-google-cloud-monitoring/ | |
| https://blog.melbadry9.xyz/ddns-ec2-ips-current-state | |
| https://www.bencteux.fr/posts/chrome_bypass_url_restrictions/ | |
| https://medium.com/@mehdi.alouache/partially-disable-cybereason-edr-as-low-privileges-user-on-windows-1405fd53e90e | |
| https://ashketchum.medium.com/stored-xss-in-google-ads-android-application-3133-70-373f6c361ff3 | |
| https://ahmdhalabi.medium.com/finding-hidden-login-endpoint-exposing-secret-client-id-88c3c2a1af45 | |
| https://cirius.medium.com/exploiting-a-hidden-and-forgotten-bug-49ce7ad4de39 | |
| https://3bodymo.medium.com/the-easiest-2500-i-got-it-from-bug-bounty-program-8f47ea4aff22 | |
| https://lf.lc/vrp/181521559c/ | |
| https://lf.lc/vrp/181521559b/ | |
| https://infosecwriteups.com/leveraging-template-injection-to-takeover-an-account-1dba7c4ae315 | |
| https://randyarios.medium.com/low-hanging-fruits-on-facebook-group-room-b8d17c7ea886 | |
| https://maordayanofficial.medium.com/stored-xss-at-trello-com-ef2e3d1ed24b | |
| https://wwws.nightwatchcybersecurity.com/2021/03/03/content-injection-rce-in-yandex-browser-for-android-2018/ | |
| https://infosecwriteups.com/the-invincible-kid-7ac1ce2887c0 | |
| https://thezerohack.com/how-i-might-have-hacked-any-microsoft-account | |
| https://www.rafaybaloch.com/2021/02/Microsoft-Edge-Browser-For-IOS-Address-Bar-Spoofing-Vulnerability.html | |
| https://lf.lc/vrp/181521559a/ | |
| https://notmarshmllow.medium.com/exploiting-cors-to-perform-an-idor-attack-leading-to-pii-information-disclosure-95ef21ecf8ee | |
| https://ahmdhalabi.medium.com/secret-key-exposure-in-api-config-directory-79cf7e7b976 | |
| https://gevakun.medium.com/join-facebook-group-with-unpublish-page-cb649a20fb0e | |
| https://securifyinc.com/disclosures/rocketchat-unauthenticated-access-to-messages | |
| https://ophionsecurity.com/blog/rockethchat-unauthenticated-messages | |
| https://zonduu.medium.com/ssrf-to-fetch-aws-credentials-with-full-access-to-various-services-18cd08194e91 | |
| https://www.bugcrowd.com/blog/big-bugs-cve-2020-28914/ | |
| https://medium.com/@ratnadip1998/admin-panel-accessed-via-sql-injection-ezy-boooom-57dc60c2815f | |
| https://infosecwriteups.com/bragging-rights-killing-file-uploads-softly-fba35a4e485a | |
| https://jayateerthag.medium.com/jira-authenticated-dashboard-access-in-google-acquisition-apigee-ff20cfe11d99 | |
| https://n0ur5sec.medium.com/somebody-call-the-plumber-graphql-is-leaking-again-654bf1a38d26 | |
| https://shubhamchaskar.com/ato-through-pe/ | |
| https://github.com/champtar/blog/tree/main/K8S_MITM_LoadBalancer_ExternalIPs | |
| https://hackerone.com/reports/764986 | |
| https://github.com/champtar/blog/tree/main/IPv6_RA_MITM | |
| https://hackerone.com/reports/819717 | |
| https://pallabjyoti218.medium.com/story-about-stop-10000-users-to-get-their-job-notification-6a8aca542c85 | |
| https://infosecwriteups.com/somebody-call-the-plumber-graphql-is-leaking-again-654bf1a38d26 | |
| https://priyankn.github.io/2021-02-26-CVE-2020-13956/ | |
| https://web.archive.org/web/20210226210519/https://savirsuda.github.io/IDOR-to-view-personal-email-addresses-of-more-than-50k-users/ | |
| https://blog.deesee.xyz/fuzzing/security/2021/02/26/ssrf-bypassing-hostname-restrictions-fuzzing.html | |
| https://shahjerry33.medium.com/account-takeover-smoking-with-null-e43df2c3bb41 | |
| https://saajan.bhujel.cyou/blog/web/2021-02-26-password-reset-token-leak-via-x-forwarded-host | |
| https://infosecwriteups.com/password-reset-token-leak-via-x-forwarded-host-4ed3e33dca31 | |
| https://blog.scrt.ch/2021/02/25/stealing-user-passwords-through-a-vpns-sso/ | |
| https://web.archive.org/web/20230726020446/https://galnagli.com/Cache_Poisoning/ | |
| https://blog.evanricafort.com/2021/02/hijacking-reset-password-link-in.html | |
| https://web.archive.org/web/20210227092343/https://tommysuriel.medium.com/csrf-through-url-with-tag-parameter-c8ef585bded3 | |
| https://web-in-security.blogspot.com/2021/02/security-and-privacy-of-social-logins-part2.html | |
| https://johnjhacking.com/blog/cve-2021-23827/ | |
| https://hackerone.com/reports/1074930 | |
| https://jayateerthag.medium.com/grafana-admin-panel-bypass-in-google-acquisition-virustotal-c5ecc9d7b8ae | |
| https://jsecu.github.io/2021/02/21/poisoning/ | |
| https://secureitmania.medium.com/lets-know-how-i-have-explored-the-buried-secrets-in-xamarin-application-d6b8c5609c87 | |
| https://zdresearch.com/rce-on-a-laravel-private-program/ | |
| https://neroli.medium.com/is-math-random-safe-from-missing-rate-limit-to-bypass-2fa-and-possible-sqli-2a4ea66f82c5 | |
| https://ashutoshmishra00x0.medium.com/account-takeover-via-response-manipulation-worth-1800-ffb242cc55c9 | |
| https://certitude.consulting/blog/en/csrf-myfaces-2/ | |
| https://sprocketfox.io/xssfox/2021/02/18/pipeline/ | |
| https://thevillagehacker.medium.com/account-take-over-by-response-manipulation-e1293ee51e9a | |
| https://ysamm.com/?p=640 | |
| https://ysamm.com/?p=642 | |
| https://ysamm.com/?p=638 | |
| https://ysamm.com/?p=636 | |
| https://ysamm.com/?p=634 | |
| https://ysamm.com/?p=632 | |
| https://ysamm.com/?p=629 | |
| https://ysamm.com/?p=620 | |
| https://ysamm.com/?p=627 | |
| https://ysamm.com/?p=621 | |
| https://ysamm.com/?p=625 | |
| https://vedanttekale20.medium.com/idor-that-allowed-me-to-takeover-any-users-account-129e55871d8 | |
| https://infosecwriteups.com/from-aws-s3-misconfiguration-to-sensitive-data-exposure-784f37a30bf9 | |
| https://irsl.medium.com/dropping-a-shell-in-googles-cloud-sql-the-speckle-umbrella-story-f9375bd4960d | |
| https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/ | |
| https://publish.whoisbinit.me/subdomain-takeover-on-api-techprep-fb-com-through-aws-elastic-beanstalk | |
| https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html | |
| https://hencohen10.medium.com/i-own-your-cloud-shell-taking-over-azure-cloud-shell-kubernetes-cluster-through-unsecured-558621519cf9 | |
| https://ysamm.com/?p=606 | |
| https://mokhansec.medium.com/full-account-takeover-worth-1000-think-out-of-the-box-808f0bdd8ac7 | |
| https://ysamm.com/?p=609 | |
| https://ysamm.com/?p=603 | |
| https://ysamm.com/?p=613 | |
| https://ysamm.com/?p=597 | |
| https://vbharad.medium.com/stored-xss-in-icloud-com-5000-998b8c4b2075 | |
| https://karansh491.medium.com/my-first-bounty-stored-xss-96dea41fd9cf | |
| https://mokhansec.medium.com/idor-via-websockets-allow-me-to-takeover-any-users-account-23460dacdeab | |
| https://vbharad.medium.com/how-i-hacked-everyones-resume-cv-s-and-got-851aaa4d75d9 | |
| https://blog.evanricafort.com/2021/02/idor-in-redacted.html | |
| https://ltsirkov.medium.com/gitlab-server-side-request-forgery-in-project-import-page-6fdb9ef423e4 | |
| https://ltsirkov.medium.com/gitlab-just-another-ssrf-issue-483bc040392b | |
| https://neroli.medium.com/oauth-misconfiguration-leads-to-full-account-takeover-22b032cb6732 | |
| https://ltsirkov.medium.com/gitlab-denial-of-service-via-login-panel-functionality-684c8583706c | |
| https://web.archive.org/web/20220519231807/https://wisdomfreak.com/how-i-was-able-to-get-extra-coins/ | |
| https://philippeharewood.com/leaked-credentials-gives-access-to-internalfb-com/ | |
| https://samcurry.net/hacking-chesscom/ | |
| https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html | |
| https://santoshdbobade.blogspot.com/ | |
| https://web.archive.org/web/20210213062858/https://www.cysek.org/post/subdomain-dnsmiscon | |
| https://servicenger.com/blog/mobile/sending-ephemeral-message-to-any-facebook-user/ | |
| https://medium.com/bugbountywriteup/a-tale-of-2nd-xxx-bounty-ability-to-gain-persistence-on-facebook-events-as-an-unremovable-9408338ccf8f | |
| https://santoshdbobade.medium.com/how-i-got-an-appreciation-letter-from-harvard-university-a3d19de69701 | |
| https://enfinlay.github.io//xss/selfxss/upload/bugbounty/2021/02/09/selfxss-to-rxss-via-file-name.html | |
| https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 | |
| https://huntingreads.com/abusing-uri-parsers-for-fun-and-profit/ | |
| https://shahjerry33.medium.com/duplicate-registration-the-twinning-twins-883dfee59eaf | |
| https://infosecwriteups.com/bigbasket-bug-bounty-writeup-9fedc490b814 | |
| https://thevillagehacker.medium.com/reflected-xss-on-a-public-program-e8c0416daca1 | |
| https://marxchryz.medium.com/how-i-gain-access-to-the-server-administration-of-a-million-dollar-company-14da68c7a9dd | |
| https://sanderwind.medium.com/escalating-ssrf-to-rce-7c0147371c40 | |
| http://almadj.us/infosec/xxe-to-aws-metadata-disclosure/ | |
| https://medium.com/@renwa/facebook-messenger-desktop-app-arbitrary-file-read-db2374550f6d | |
| https://medium.com/bugbountywriteup/page-admin-disclosed-in-groups-due-to-bad-session-handling-in-facebook-web-184514fafff9 | |
| https://vict0ni.me/redwood-report2web-xss-and-frame-injection/ | |
| https://www.redtimmy.com/bug-bounty-failure-stories-to-learn-from-how-we-ended-up-to-hack-a-bank-with-no-reward/ | |
| https://muhammad-aamir.medium.com/open-redirect-vulnerability-found-using-link-parameter-5fc43e2ea8fd | |
| https://raxis.com/blog/rd-web-access-vulnerability | |
| https://pullerjsecu.medium.com/how-i-was-able-to-turn-a-xss-into-a-account-takeover-ae0c478640e7 | |
| https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html | |
| https://sunilyedla.medium.com/stealing-chat-session-id-with-cors-and-execute-csrf-attack-f9f7ea229db1 | |
| https://spaceraccoon.dev/applying-offensive-reverse-engineering-to-facebook-gameroom | |
| https://web.archive.org/web/20210204093332/https://nhiephon1337.medium.com/1st-facebook-bug-bounty-disclose-pages-admin-to-mod-admin-of-group-c3161c22c858 | |
| https://mrd0x.com/spoofing-and-attacking-with-skype/ | |
| https://amineaboud.medium.com/access-developer-tasks-list-of-any-of-facebook-application-graphql-idor-62307c5e5b34 | |
| https://amineaboud.medium.com/disclose-the-fb-profile-of-facebook-employees-who-create-official-announcement-messages-bug-76554068caf7 | |
| https://avanishpathak46.medium.com/an-account-takeover-vulnerability-due-to-response-manipulation-e23fe629bd1 | |
| https://cyberhacks200.medium.com/an-unexpected-bug-9cab5072e009 | |
| https://avanishpathak46.medium.com/an-interesting-account-takeover-vulnerability-a1fbec0e01a | |
| https://notifybugme.medium.com/android-apk-leaks-access-token-to-takeover-the-whole-infrastructure-c979187f8fc8 | |
| https://medium.com/bugbountywriteup/how-i-chained-p4-to-p2-open-redirection-to-full-account-takeover-a28b09a94bf7 | |
| https://web.archive.org/web/20210201180254/https://www.cysek.org/post/bac-sxss | |
| https://0xfabiof.github.io/stored-xss-tw/ | |
| https://ash-king.co.uk/blog/Launching-internal-non-exported-deeplinks-on-Facebook | |
| https://www.shawarkhan.com/2021/01/analysing-crash-messages-to-achieve.html | |
| https://yeuchimse.com/remote-code-execution-limesurvey-cve-2018-7556/ | |
| https://logicbomb.medium.com/otp-bypass-account-takeover-to-admin-panel-ft-header-injection-16f2982a0136 | |
| https://medium.com/bugbountywriteup/business-logic-error-methodology-easy-way-poc-s-8195d8dee95b | |
| https://www.intezer.com/blog/research/how-we-escaped-docker-in-azure-functions/ | |
| https://nullr3x.medium.com/weird-functionality-leads-to-account-takeover-millions-of-users-affected-3fdf06be45 | |
| https://medium.com/bugbountywriteup/bragging-rights-part-1-short-story-of-a-bug-wave-dbb88f48b604 | |
| https://santuysec.com/2021/01/27/hijacking-google-drive-files-documents-photo-video-through-google-docs-sharing/ | |
| https://bugbountyhunter.medium.com/500-for-no-rate-limit-on-forgot-password-page-d534d1d750db | |
| https://notifybugme.medium.com/finding-ssrf-by-full-automation-7d2680091d68 | |
| https://www.pethuraj.com/blog/bmw-bugbounty-writeup/ | |
| https://yeuchimse.com/leaking-issues-from-linked-jira-atlassian-confluence-server/ | |
| https://medium.com/bugbountywriteup/get-paid-by-smuggling-the-legal-way-c31805de3c59 | |
| https://github.com/tess-ss/writeups/blob/main/bug.md | |
| https://susanwagle123.medium.com/idor-revealing-images-cdn-links-6589e19bdbaf | |
| https://shaurya-sharma.medium.com/bypassing-waf-with-incorrect-proxy-settings-for-hunting-bugs-3449b7716f59 | |
| https://hajarerutik9.medium.com/sql-injection-via-hidden-parameter-6da7699248fc | |
| https://kingkaran977.medium.com/10-000-for-automatic-email-confirmation-bug-in-microsofts-edge-browser-22f15ceccb4a | |
| https://blog.shoebpatel.com/2021/01/23/The-Secret-Parameter-LFR-and-Potential-RCE-in-NodeJS-Apps/ | |
| https://yeuchimse.com/csrf-protection-bypass-in-atlassian-confluence-server/ | |
| https://www.pantaprakash.com.np/posts/categories/bugbounty-writeup/4.html | |
| https://ph-hitachi.medium.com/staff-information-disclosure-on-support-ticketing-system-p2-x-xxx-a08960aea7b1 | |
| https://medium.com/realmodelabs/kindledrip-from-your-kindles-email-address-to-using-your-credit-card-bb93dbfb2a08 | |
| https://systemweakness.com/story-behind-sweet-ssrf-40c705f13053 | |
| https://r4id3n.medium.com/ssrf-exploitation-in-spreedsheet-to-pdf-converter-2c7eacdac781 | |
| https://medium.com/bugbountywriteup/bug-bounty-600-info-disclosure-a-token-is-not-the-same-on-all-endpoints-febf5b7ea745 | |
| https://inakcf.medium.com/open-redirect-in-email-c658c248eec1 | |
| https://sunilyedla.medium.com/simple-sweet-bypassing-email-update-restriction-to-change-emails-of-team-members-6ce5770e7929 | |
| https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/ | |
| https://kunalkhubchandani.medium.com/how-i-was-rewarded-a-1000-bounty-after-abusing-file-upload-functionality-to-stored-xss-945a40ac6f94 | |
| https://secureitmania.medium.com/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7 | |
| https://www.ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792 | |
| https://geekboyranjeet.medium.com/strange-admin-panel-bypass-story-bug-bounty-5e618099baaf | |
| https://jwlss.pw/mathjs/ | |
| https://takester.medium.com/my-first-and-last-crit-of-2020-on-hackerone-702a694781b0 | |
| https://httpvoid.com/Apple-RCE.md | |
| https://warandcode.com/post/apify-mass-bug-bounty/ | |
| https://warandcode.com/post/akamai-arl-hack/ | |
| https://secret.club/2021/01/15/bitlocker-bypass.html | |
| https://blog.blazeinfosec.com/attack-of-the-clones-2-git-command-client-remote-code-execution-strikes-back/ | |
| https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/ | |
| https://slashcrypto.org/2021/01/15/CVE-2020-1456/ | |
| https://theshubh77.medium.com/irremovable-facebook-group-album-photos-and-entire-album-under-certain-circumstances-bounty-1000-b1b2a870b8e0 | |
| https://medium.com/bug-bounty-hunting/tale-of-2-tootb-bugs-google-and-whatsapp-3c0ad40d604c | |
| https://web.archive.org/web/20210730144815/https://www.cysek.org/post/sxss-by-cache-poison-attack | |
| https://vedanttekale20.medium.com/story-of-a-really-cool-ssrf-bug-cf88a3800efc | |
| https://pulsesecurity.co.nz/advisories/GOCD-Multiple-Vulnerabilities | |
| https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html | |
| https://levelup.gitconnected.com/stealing-user-information-via-xss-via-parameter-pollution-7d99b3379e7d | |
| https://shahjerry33.medium.com/csrf-with-idor-a-deadly-combo-203e93967702 | |
| https://binamrapandey.medium.com/unrestricted-file-upload-e95e1c6fb80 | |
| https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/ | |
| https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/ | |
| https://johnjhacking.com/blog/unep-breach/ | |
| https://blog.cybercastle.io/weblogic-remote-code-execution-exploiting-cve-2019-2725/ | |
| https://medium.com/bugbountywriteup/unauthorized-access-to-odata-entities-2k-bounty-from-microsoft-e070b2ef88c2 | |
| https://rajeshranjan457.medium.com/how-i-was-able-to-regain-access-to-account-deleted-by-admin-leading-to-a2c29025f8cd | |
| https://parsiya.net/blog/2021-01-08-a-novel-way-to-bypass-executable-signature-checks-with-electron/ | |
| https://www.darabi.me/2020/12/create-invisible-post-on-any-facebook.html | |
| https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/ | |
| https://ashketchum.medium.com/blind-xss-in-google-analytics-admin-panel-3133-70-2185d1cce82a | |
| https://orthonviper.medium.com/information-disclosure-through-signup-endpoint-86d2d66dfef1 | |
| https://servicenger.com/blog/mobile/facebook-linkshim-protection-bypass-using-fb-webview/ | |
| https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html | |
| https://krevetk0.medium.com/10-000-for-a-vulnerability-that-doesnt-exist-9dbc63684e94 | |
| https://abss.me/posts/github-org-takeover/ | |
| https://emanuel-beni.medium.com/stored-xss-on-product-description-high-400-2f078fd70fd2 | |
| https://web.archive.org/web/20210106234354/https://medium.com/bugbountywriteup/subdomain-take-over-worth-100-ce822ed85ba0 | |
| https://medium.com/bugbountywriteup/finding-bugs-on-chess-com-739a71fbdb31 | |
| https://njbooher.github.io/blog/cloudflare-workers-ip-spoofing | |
| https://www.shawarkhan.com/2021/01/achieve-remote-code-execution-by.html | |
| https://tmosh.medium.com/incident-response-during-christmas-33c7fabb1429 | |
| https://akshartank.medium.com/each-and-every-request-make-sense-4572b3205382 | |
| https://parasarora06.medium.com/privilege-escalation-from-being-a-normal-user-to-admin-3f86896f1c93 | |
| https://orthonviper.medium.com/exploiting-max-character-limitation-cde982545019 | |
| https://savebreach.com/facebook-page-admin-identity-disclosure-through-document-edit-history/ | |
| https://ysamm.com/?p=588 | |
| https://ysamm.com/?p=525 | |
| https://rafi-ahamed.medium.com/api-based-idor-to-leaking-private-ip-address-of-6000-businesses-6bc085ac6a6f | |
| https://ysamm.com/?p=510 | |
| https://medium.com/bugbountywriteup/facebook-bug-bounty-500-usd-a-blocked-fundraiser-organizer-would-be-unable-to-view-or-remove-5da9f86d2fa0 | |
| https://mohsinalibukc.medium.com/cross-domain-referrer-leakage-7873ada102ad | |
| https://www.pantaprakash.com.np/posts/categories/bugbounty-writeup/1.html | |
| https://www.pantaprakash.com.np/posts/categories/bugbounty-writeup/2.html | |
| https://www.pantaprakash.com.np/posts/categories/bugbounty-writeup/3.html | |
| https://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service/ | |
| https://ronak-9889.medium.com/sensitive-data-leak-using-idor-in-integration-service-d9301be9c91e | |
| https://theshubh77.medium.com/facebook-page-admin-disclosure-by-create-doc-button-bounty-5000-usd-2fd1ff615bf8 | |
| https://bhupendra1238.medium.com/how-i-got-my-first-bounty-hof-from-google-csrf-lead-to-account-delete-85f9906ba9ec | |
| https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/ | |
| https://blog.deesee.xyz/regex/security/2020/12/27/regular-expression-injection.html | |
| https://notifybugme.medium.com/chaining-cors-by-reflected-xss-to-account-takeover-my-first-blog-5b4f12b43c70 | |
| https://theshubh77.medium.com/facebook-page-admin-disclosure-by-message-seller-button-bounty-1500-usd-caaa2eac4121 | |
| https://0x48piraj.medium.com/full-address-bar-spoofing-on-opera-mini-android-597fafa60627 | |
| https://lutfumertceylan.com.tr/posts/acc-takeover-web-cache-xss/ | |
| https://baibhavjha.com.np/blogs/hidingfromcustomlistfblite/ | |
| https://spaceraccoon.dev/supply-chain-pollution-hunting-a-16-million-download-week-npm-package | |
| https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks | |
| https://secureitmania.medium.com/hack-crypto-secrets-from-heap-memory-to-exploit-android-application-728097fcda3 | |
| https://www.ehpus.com/post/ssti-in-google-maps | |
| https://saugatpokharel.medium.com/this-is-how-i-was-able-to-view-anyones-private-email-and-birthday-on-instagram-1469f44b842b | |
| https://vivekps143.medium.com/facebook-bug-bounty-finding-the-hidden-members-of-the-private-events-977dc1784ff9 | |
| https://web.archive.org/web/20210123173946/https://protector47.medium.com/worth-1-500-idor-access-unauthorize-data-52604aec99 | |
| https://omespino.com/write-up-google-vrp-n-a-sandboxed-rce-as-root-on-apigee-api-proxies/ | |
| https://web.archive.org/web/20221001135501/https://galnagli.com/Samsung_Exposure/ | |
| https://virdoexhunter.medium.com/misconfigured-s3-bucket-leads-to-sensitive-data-exposure-no-super-controls-f47e26b586c6 | |
| https://marxchryz.medium.com/my-bug-bounty-journey-and-my-first-critical-bug-time-based-blind-sql-injection-aa91d8276e41 | |
| https://lf.lc/vrp/175896812/ | |
| https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/ | |
| https://medium.com/@3bodymo/how-i-hacked-ibm-and-got-full-access-on-many-services-ecf1dab4a054 | |
| https://rikeshbaniyaaa.medium.com/javascript-analysis-leading-to-admin-portal-access-ea30f8328c8e | |
| https://security.lauritz-holtmann.de | |
| https://jayateerthag.medium.com/download-filename-manipulation-due-to-improper-rendering-of-rtlo-characters-69e2751a8f28 | |
| https://baibhavjha.com.np/blogs/fblitegroupmemberdisclosure/ | |
| https://medium.com/@yaala/confirm-an-email-address-belonging-to-a-specific-user-fe9c305e0af | |
| https://emptynebuli.github.io/tooling/2020/12/11/aircross.html | |
| https://dl.acm.org/doi/fullHtml/10.1145/3427228.3427290 | |
| https://infosecwriteups.com/how-i-hacked-facebook-part-one-282bbb125a5d | |
| https://ph-hitachi.medium.com/how-i-got-my-first-bug-bounty-in-intersting-target-lfi-to-sxss-58fa5c4f5882 | |
| https://rikeshbaniyaaa.medium.com/how-i-dumped-pii-information-of-customers-in-an-ecommerce-site-237761f813cf | |
| https://web.archive.org/web/20210508050717/http://dphoeniixx.com/2020/12/13-2/ | |
| https://dphoeniixx.medium.com/exploiting-request-forgery-on-mobile-applications-e1d196d187b3 | |
| https://baibhavjha.com.np/blogs/hidingcustomlist/ | |
| https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/ | |
| https://kurtikleiton.medium.com/content-security-policy-bypass-to-perform-xss-3c8dd0d40c2e | |
| https://medium.com/the-volatile-triad/hacking-tamper-with-the-url-parameters-especially-if-they-modify-the-page-7edf158c8db9 | |
| https://nmochea.medium.com/facebook-leak-referrer-data-in-every-sub-domain-48da5e505cf6 | |
| https://pyrrhon.medium.com/how-i-was-able-to-take-over-one-of-dells-subdomains-7e06b8516e41 | |
| https://infosecwriteups.com/facebook-push-notification-linkshim-bypassed-385fe471516 | |
| https://github.com/oskarsve/ms-teams-rce | |
| https://medium.com/@vedanttekale20/story-of-the-best-vulnerability-ive-found-so-far-5e3b0e02b47e | |
| https://blog.evanricafort.com/2020/12/cve-2019-17674-wordpress-stored-xss.html | |
| https://shahjerry33.medium.com/rce-via-lfi-log-poisoning-the-death-potion-c0831cebc16d | |
| https://abhisek3122.medium.com/how-redirects-work-on-facebook-technical-breakdown-6699de52996c | |
| https://nmochea.medium.com/this-post-is-about-an-reflected-xss-that-i-found-on-opera-browser-application-which-could-have-been-39823a22045d | |
| https://amineaboud.medium.com/10000-facebook-ssrf-bug-bounty-402bd21e58e5 | |
| https://komradz86.medium.com/leaking-credit-card-activity-in-logs-yes-sir-b988bb6c0c2 | |
| https://securitytrooper.com/en/cross-site-scripting-xss-reflected-in-one-of-the-subdomains-of-general-motorsbugbounty | |
| https://blog.witcoat.com/2020/12/03/site-wide-csrf-on-glassdoor/ | |
| https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers | |
| https://www.r29k.com/articles/bb/ssti | |
| https://medium.com/the-volatile-triad/hacking-always-check-out-the-images-99217e6cea | |
| https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html | |
| https://medium.com/bugbountywriteup/chaining-vulnerabilities-lead-to-account-takeover-b583f0c10591 | |
| https://www.shawarkhan.com/2020/11/exploiting-blind-postgresql-injection.html | |
| https://therealunicornsecurity.github.io/Aliexpress/ | |
| https://zetc0de.github.io/post/authenticated-rce-ssrf-wondercms/ | |
| https://ahmdhalabi.medium.com/chaining-multiple-requests-to-achieve-rate-limiting-vulnerabilities-96c1e8365c06 | |
| https://medium.com/bugbountywriteup/bcrypt-account-takeover-due-to-weak-encryption-hr51kdb-4418f6e65907 | |
| https://shellbr3ak.medium.com/the-story-of-my-first-critical-bug-93a5920d6c43 | |
| https://rafipiun.medium.com/how-i-got-easy-for-sql-injection-bug-7ff622236e4c | |
| https://vijetareigns.medium.com/pre-account-takeover-using-oauth-misconfiguration-ebd32b80f3d3 | |
| https://medium.com/realmodelabs/sd-pwn-part-4-vmware-velocloud-the-last-takeover-a7016f9a9175 | |
| https://fuomag9.medium.com/how-images-on-github-will-leak-your-private-information-88f3b563e7d9 | |
| https://medium.com/bugbountywriteup/reflected-cross-site-scripting-on-private-program-bounty-750-34cc67a931f1 | |
| https://medium.com/realmodelabs/sd-pwn-part-3-cisco-vmanage-another-day-another-network-takeover-15731a4d75b7 | |
| https://security.love/blog/gcp/2020/11/22/lateral-movement-and-privesc-in-GCP.html | |
| https://cirius.medium.com/escalating-xss-to-account-takeover-ffde08624937 | |
| https://komradz86.medium.com/weird-im-possible-xss-on-error-page-a0b943ead41 | |
| https://mostafa-mano.medium.com/2-reflected-xss-in-razer-74783ae5ee53 | |
| https://ozguralp.medium.com/turning-blind-error-based-sql-injection-into-an-exploitable-boolean-one-85d6be3ca23b | |
| https://r2c.dev/blog/2020/exploiting-dynamic-rendering-engines-to-take-control-of-web-apps/ | |
| https://elmahdi.tistory.com/m/4 | |
| https://daeken.svbtle.com/arbitrary-file-write-by-adb-pull | |
| https://0xgaurang.medium.com/out-of-band-xxe-in-an-e-commerce-ios-app-e22981f7b59b | |
| https://kailashbohara.com.np/blog/2020/11/18/GraphQL-IDOR-in-Facebook-streamer-dashboard/ | |
| https://shahjerry33.medium.com/server-side-misconfigurartion-a-funny-fix-63cc12b4c7fc | |
| https://medium.com/@logicbomb_1/tale-of-3-vulnerabilities-to-account-takeover-44ba631a0304 | |
| https://jsecu.github.io/2020/11/17/openemr/ | |
| https://medium.com/@shaheenfazim/hacking-into-rce-government-server-operated-for-the-us-department-of-energys-national-nuclear-8aadc2e7e491 | |
| https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d | |
| https://web.archive.org/web/20201116060315/https://medium.com/@kunal94/stealing-users-pii-info-by-visiting-api-endpoint-directly-5062e0147f67 | |
| https://evait.medium.com/pentest-story-empirum-password-decryption-3a9e2530aba7 | |
| https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae | |
| http://www.firstsight.me/2020/11/optimizing-hunting-results-in-vdp-for-use-in-bug-bounty-programs-from-sensitive-information-disclosure-to-accessing-hidden-apis-which-can-be-used-to-retrieve-customer-data/ | |
| https://www.pethuraj.com/blog/microsoft-bug-bounty-writeup-stored-xss-vulnerability/ | |
| https://medium.com/@vasuyadav0786/weak-cryptography-to-account-takeovers-87782224ed0d | |
| https://rafi-ahamed.medium.com/exploiting-api-with-authtoken-3bea7b1fb6a9 | |
| https://medium.com/realmodelabs/sd-pwn-part-2-citrix-sd-wan-center-another-network-takeover-a9c950a1a27c | |
| https://medium.com/@seaman00o/account-takeover-through-password-reset-82adc0c19248 | |
| https://ironfisto.medium.com/theoretically-possible-to-practical-account-takeover-c9383ab03f76 | |
| https://medium.com/@prakashpanta1999/replying-comments-on-someones-livestream-from-page-is-posted-as-personal-identity-5fe79ef78b28 | |
| https://www.rcesecurity.com/2020/11/Smuggling-an-un-exploitable-xss/ | |
| https://medium.com/@guhanraja/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3 | |
| https://medium.com/@mrnikhilsri/interesting-case-of-sqli-84cc3f4a5255 | |
| https://samiparyal.medium.com/commenting-on-a-post-by-opening-it-via-pages-news-feed-goes-from-a-wrong-actor-i-e-56fab4cf5a91 | |
| https://medium.com/@aryalsamipofficial59/users-private-watched-videos-list-saved-videos-etc-30faa8610b33 | |
| https://medium.com/bugbountywriteup/evading-filters-to-perform-the-arbitrary-url-redirection-attack-cce628b9b6a0 | |
| https://blog.oversecured.com/Evernote-Universal-XSS-theft-of-all-cookies-from-all-sites-and-more/ | |
| https://www.cyberonesecurity.com/blog/local-privilege-escalation-vulnerability-discovered-in-vmware-fusion | |
| https://pulsesecurity.co.nz/advisories/Atlassian-ID-Username-Enumeration | |
| https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html | |
| https://medium.com/techfenix/ssrf-server-side-request-forgery-worth-4913-my-highest-bounty-ever-7d733bb368cb | |
| https://medium.com/bugbountywriteup/chaining-password-reset-link-poisoning-idor-account-information-leakage-to-achieve-account-bb5e0e400745 | |
| https://blog.mozilla.org/attack-and-defense/2020/11/10/firefox-for-android-lan-based-intent-triggering/ | |
| https://servicenger.com/blog/mobile/facebook-ios-address-bar-spoofing/ | |
| https://medium.com/realmodelabs/silver-peak-unity-orchestrator-rce-2928d65ef749 | |
| https://web.archive.org/web/20221110072323/https://galnagli.com/DoD_IDOR/ | |
| https://ysamm.com/?p=493 | |
| https://blog.blazeinfosec.com/attack-of-the-clones-github-desktop-remote-code-execution/ | |
| https://dhakal0kushal.medium.com/story-of-a-pre-account-takeover-33e3d5b4c33f | |
| https://ruvlol.medium.com/1000-for-open-redirect-via-unknown-technique-675f5815e38a | |
| https://community.disclose.io/t/how-i-found-a-tor-vulnerability-in-brave-browser-reported-it-watched-it-get-patched-got-a-cve-cve-2020-8276-and-a-small-bounty-all-in-one-working-day/65 | |
| https://lokeshdlk77.medium.com/delete-any-photos-in-facebook-832dbe81cdc4 | |
| https://blog.shashank.co/2020/11/from-500-error-to-django-admin-takeover.html | |
| https://rafi-ahamed.medium.com/forcing-for-a-bounty-b637c468d7bd | |
| https://lokeshdlk77.medium.com/reveal-the-page-admin-that-uploaded-a-video-on-the-page-in-comment-section-9760e4a31453 | |
| https://security.lauritz-holtmann.de/advisories/cve-2020-13294/ | |
| https://godiego.co/posts/STO-Azure/ | |
| https://james-clee.com/2020/11/01/leaked-git-folder-leads-to-rce/ | |
| https://dragon-sec.medium.com/an-often-overlooked-oauth-misconfiguration-7d2d441eae1f | |
| https://twitter.com/VipItHunter1/status/1322995744475852801 | |
| https://medium.com/@noobieboy1337/how-i-got-7000-in-bug-bounty-for-my-critical-finding-99326d2cc1ce | |
| https://aseemshrey.in/abusing-report-abuse/ | |
| https://a-constant.medium.com/beyond-the-wall-command-injection-still-alive-577a898df0b5 | |
| https://ash-king.co.uk/blog/backdoor-android-facebook | |
| https://secret.club/2020/10/30/alien-swarm-rce.html | |
| https://0xt4144t.medium.com/rate-limit-bypassing-allowing-identity-spoofing-789b2fe2efa8 | |
| https://grumpinout.medium.com/manual-broken-link-monitoring-bcc064f5f5f2 | |
| https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf | |
| https://medium.com/@vedanttekale20/story-of-an-interesting-bug-de07fbef4017 | |
| https://ynoof.medium.com/error-based-sql-injection-on-a-wordpress-website-and-extract-more-than-150k-user-details-f65f987c2cc0 | |
| https://medium.com/bugbountywriteup/automating-xss-identification-with-dalfox-paramspider-e14283bb7916 | |
| https://medium.com/bugbountywriteup/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a | |
| https://hamzadzworm.medium.com/how-i-got-250-in-5-munites-using-my-phone-91c9b2258282 | |
| https://research.checkpoint.com/2021/tiktok-fixes-privacy-issue-discovered-by-check-point-research/ | |
| https://www.mysk.blog/2020/10/25/link-previews/ | |
| https://servicenger.com/blog/mobile/perform-substring-search-for-emails-even-if-workplace-admin-hides-email-profile-field/ | |
| https://medium.com/bugbountywriteup/my-first-bug-on-google-observation-wins-1a13d0ea54b0 | |
| https://medium.com/bugbountywriteup/accidental-observation-to-critical-idor-d4d910a855bf | |
| https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/ | |
| https://medium.com/@seaman00o/300-p3-easy-bug-in-30-seconds-de65ea3d8f50 | |
| https://tomcope.com/exploit/2020/10/21/ibm-datapower-exploit-cve-2020-5014.html | |
| https://servicenger.com/blog/mobile/perform-substring-search-for-emails-even-if-workplace-admin-hides-email-profile-field/ | |
| https://servicenger.com/blog/mobile/facebook-page-admin-disclosure/ | |
| https://devcraft.io/2020/10/20/github-pages-multiple-rces-via-kramdown-config.html | |
| https://medium.com/@saneklarek22/back-to-2019-disclosure-employers-pii-and-credentials-bb7f344dcb08 | |
| https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html | |
| https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html | |
| https://devcraft.io/2020/10/19/github-gist-account-takeover.html | |
| https://devcraft.io/2020/10/18/github-rce-git-inject.html | |
| https://mksben.l0.cm/2020/10/discord-desktop-rce.html | |
| https://saadahmedx.medium.com/weaponizing-xss-for-fun-profit-a1414f3fcee9 | |
| https://www.pentestpartners.com/security-blog/ms-enterprise-app-management-service-rce-cve-2022-35841/ | |
| https://blog.yappare.com/2020/10/i-had-fun-with-this-xss.html | |
| https://medium.com/@shahjerry33/blind-ssrf-the-hide-seek-game-da9d0ecef2fb | |
| https://medium.com/@merry6607/how-i-find-my-first-p1-level-bug-5a6dd9587203 | |
| https://medium.com/@mustafa0x2021/disclose-emails-phone-numbers-other-information-for-facebook-users-who-tried-to-add-funds-to-31aea5f973a5 | |
| https://blog.mozilla.org/attack-and-defense/2020/10/12/guest-blog-post-rollback-attack/ | |
| https://web.archive.org/web/20211020083928/https://medium.com/@rahulnaidu_92192/unauthorized-access-to-all-the-users-account-c087511fe42a | |
| https://blog.dixitaditya.com/leveraging-xss-to-read-internal-files/ | |
| https://medium.com/@sechunter/js-is-love-%EF%B8%8F-ca393a4849e9 | |
| https://medium.com/@aakashadhikari786/weak-password-setting-function-on-practo-com-79df78245b81 | |
| https://medium.com/@parasarora06/cve-2018-5230-jira-cross-site-scripting-59ec96b3d75f | |
| https://medium.com/@sechunter/exploiting-admin-panel-like-a-boss-fc2dd2499d31 | |
| https://medium.com/@sechunter/ato-via-host-header-poisoning-dc5c29d2fd0d | |
| https://www.intezer.com/blog/cloud-security/kud-i-enter-your-server-new-vulnerabilities-in-microsoft-azure/ | |
| https://samcurry.net/hacking-apple/ | |
| https://servicenger.com/blog/mobile/sve-2020-18025-unauthorised-access-to-samsung-secure-folder-files/ | |
| http://www.missoumsai.com/google-csrfs.html | |
| http://www.kamilonurozkaleli.com/posts/starbucks-singapore-account-takeover/ | |
| https://praseudo.com/sensitive-info-leak-in-curve-app-bug-bounty/ | |
| https://www.mcafee.com/blogs/other-blogs/mcafee-labs/our-experiences-participating-in-microsofts-azure-sphere-bounty-program/ | |
| https://blog.talosintelligence.com/2020/10/Azure-Sphere-Challenge.html | |
| https://ninetyn1ne.github.io/2020-10-05-open-redir-to-ato/ | |
| https://medium.com/@ironfisto/easy-wins-verbose-error-worth-facebook-hof-7d8a99dd920b | |
| https://medium.com/bugbountywriteup/leveraging-lfi-to-rce-in-a-website-with-20000-users-129050f9982b | |
| https://medium.com/@vedanttekale20/spend-more-time-doing-recon-youll-get-more-bugs-e7ffd5bf9202 | |
| https://medium.com/@vasuyadav0786/exploiting-payment-gateways-97ce7af5a9cf | |
| https://medium.com/@harshtya9i/journey-of-my-first-bug-bounty-nov-2018-af471c21efc0 | |
| https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f | |
| https://medium.com/@ricardoiramar/the-powerful-http-request-smuggling-af208fafa142 | |
| https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/ | |
| https://www.gremwell.com/firefox-xss-302 | |
| https://medium.com/@amineaboud/story-of-a-weird-vulnerability-i-found-on-facebook-fc0875eb5125 | |
| https://thinkloveshare.com/hacking/rce_on_spip_and_root_me/ | |
| https://medium.com/@pratyush1337/the-art-of-idor-7-idors-in-edm0d0-b86d683c8de9 | |
| https://websecblog.com/vulns/public-google-cloud-blog-bucket/ | |
| https://medium.com/bugbountywriteup/taking-down-the-sso-account-takeover-in-3-websites-of-kolesa-due-to-insecure-jsonp-call-facd79732e45 | |
| https://johnjhacking.com/blog/p1-critical-discovering-and-foiling-a-threat-actor/ | |
| https://medium.com/@vasuyadav0786/5-ways-to-do-ato-in-a-single-website-cfe7e5da987e | |
| https://medium.com/@masonhck357/chains-on-chains-chaining-multiple-low-level-vulns-into-a-critical-8b88db29738e | |
| https://medium.com/bugbountywriteup/hacking-the-medium-partner-program-84c0e9fa340 | |
| https://medium.com/@suneets1ngh/parameter-tampering-ddd9b3de0da8 | |
| https://www.elttam.com/blog/key-recovery-attacks-on-gcm/ | |
| https://vnhacker.blogspot.com/2020/09/advisory-security-issues-in-aws-kms-and.html | |
| https://medium.com/bugbountywriteup/pii-leakage-via-idor-weak-passwordreset-full-account-takeover-58d159f88d73 | |
| https://medium.com/@mohamed.elbadry/dangling-dns-aws-ec2-e2d801701e8 | |
| https://blog.khonggianmang.vn/vmware-workstation-attack-surface-through-virtual-printer/ | |
| https://medium.com/@haxor8595/bugbounty-how-i-was-able-to-see-other-users-payments-in-a-travel-application-idor-800-2060db62cbbe | |
| https://medium.com/bugbountywriteup/fun-with-header-and-forget-password-without-that-nasty-twist-cbf45e5cc8db | |
| https://medium.com/bugbountywriteup/business-logic-flaw-in-google-acquisition-hall-of-fame-1a9af5d3ac04 | |
| https://vulnerable.af/posts/suphp-ghost-in-your-shell/ | |
| https://blog.securelayer7.net/unauthenticated-file-upload-vulnerability-on-synology-sub-domain/ | |
| https://medium.com/bugbountywriteup/how-i-earned-500-from-google-flaw-in-authentication-a40018c05616 | |
| https://medium.com/@alonnsoandres/25k-instagram-almost-xss-filter-link-facebook-bug-bounty-798b10c13b83 | |
| https://medium.com/@merry6607/how-i-by-pass-the-login-page-and-2fa-authentication-3f33b06838c | |
| https://lf.lc/vrp/168991979/ | |
| https://www.pentestpartners.com/security-blog/you-cant-stop-me-ms-teams-session-hijacking-and-bypass/ | |
| https://lf.lc/vrp/168987557/ | |
| https://medium.com/@Sheshasai/emoji-error-handling-ba11f1bdb8a6 | |
| https://muirey03.blogspot.com/2020/09/cve-2020-9964-ios-infoleak.html | |
| https://medium.com/bugbountywriteup/privilege-escalation-via-account-takeover-on-nodebb-forum-software-512-a593a7b1b4a4 | |
| https://supras.io/reflected-xss-via-a-hidden-parameter-on-dutch-gov-website/ | |
| https://medium.com/@novan.rmd/my-first-bug-bounty-from-bug-bounty-platform-redstorm-io-50958f6adc90 | |
| https://dreamlab.net/en/blog/post/dropbox-escalation-of-privileges-to-system-on-windows-1/ | |
| https://medium.com/@0x48piraj/res-block-extension-resources-block-attack-on-chromes-incognito-mode-3a5ae8131142 | |
| https://blog.long.lat/2020/09/16/exploiting-a-useless-cookie-based-xss-and-making-it-useful/ | |
| https://medium.com/bugbountywriteup/how-i-accidentally-got-my-first-bounty-from-facebook-facebook-bug-bounty-2020-c12bd2ad8575 | |
| https://initblog.com/2020/firefox-android/ | |
| https://medium.com/@bhavarth33/how-i-was-able-to-takeover-any-account-by-otp-bypass-bba698a725f | |
| https://medium.com/@d.harish008/business-logic-vulnerabilities-low-level-logic-flaw-f308a21a945d | |
| https://medium.com/@shahjerry33/sql-injection-remote-code-execution-double-p1-6038ca88a2ec | |
| https://medium.com/bugbountywriteup/how-i-hacked-redbus-an-online-bus-ticketing-application-24ef5bb083cd | |
| https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html | |
| https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/ | |
| https://medium.com/@gaupaler/unintended-behaviour-of-domain-got-me-p4-d6af19b5dcdd | |
| https://medium.com/infosec/how-often-do-we-overlook-vulnerabilities-960a7c45f59 | |
| https://github.com/geffner/CVE-2020-8150 | |
| https://www.ehpus.com/post/xss-fix-bypass-10000-bounty-in-google-maps | |
| https://blog.dixitaditya.com/from-android-app-to-rce/ | |
| https://medium.com/@odayalhalbe1/my-first-bug-in-google-and-how-i-got-csrf-token-for-victim-account-rather-than-bypass-it-1337-bf01261feb47 | |
| https://infosecwriteups.com/how-response-manipulation-got-me-a-little-but-sweet-bounty-38b515ca0910 | |
| https://medium.com/@soyelmago/never-give-up-the-story-behind-a-dupe-to-a-triaged-43b72debb6c9 | |
| https://medium.com/@smilehackerofficial/xss-that-can-pay-your-bills-9377eff1fd0d | |
| https://web.archive.org/web/20201125190336/https://tox7cv3nom.github.io/2020-08-05-how_i_was_able_to_pawned_website_via_escilating_webcache-deception-to-rce/ | |
| https://blog.deteact.com/account-takeover-via-idor/ | |
| https://medium.com/@soufianehabti/my-story-with-xss-ed017bdc44c4 | |
| https://weizman.github.io/2020/09/02/csp-vuln/ | |
| https://www.pentestpartners.com/security-blog/cloud-firewall-management-api-snafu-put-500k-sonicwall-customers-at-risk/ | |
| https://medium.com/stolabs/denial-of-service-in-the-protection-service-provided-by-avast-security-premium-284dfd5ab40 | |
| https://medium.com/@reiss.r/stop-scratching-the-surface-and-hack-the-dependencies-fe4c26cd8ea | |
| https://medium.com/@rohitcoder/page-shops-with-a-hidden-product-in-featured-product-section-which-could-be-controlled-by-d0fd58c4cc8b | |
| https://medium.com/bugbountywriteup/unhiding-the-hidden-2ef44192c10b | |
| https://medium.com/bugbountywriteup/the-importance-of-keeping-up-to-date-or-how-i-found-an-interesting-bug-thanks-to-a-tweet-2ec6ba9a5e1e | |
| https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/ | |
| https://payatu.com/blog/nikhil-mittal/my-hacking-adventures-with-safari-reader-mode | |
| https://medium.com/bugbountywriteup/accessing-the-website-directly-through-its-ip-address-a-case-of-a-poorly-hidden-sql-injection-82833defbbc3 | |
| https://techkranti.com/delete-idor-on-a-fashion-ecommerce-website/ | |
| https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html | |
| https://medium.com/@leviwof/bug-bounty-failsx101-4-b601616fbe9f | |
| https://www.malgregator.com/post/waze-how-i-tracked-your-mother/ | |
| https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html | |
| https://medium.com/@ricardoiramar/account-takeover-for-the-win-e320ce83cdd9 | |
| https://infosecwriteups.com/bounties-for-unauthenticated-file-read-in-cisco-asa-cve-2020-3452-9a0b9143370e | |
| https://medium.com/@kirtanpatel9111998/how-i-was-able-to-find-easy-p1-just-by-doing-recon-fdef0c689362 | |
| https://medium.com/bugbountywriteup/upload-to-the-future-1fd38fd502bd | |
| https://medium.com/@0xnazmul/how-i-found-my-first-bug-stored-xss-and-earned-my-first-bounty-1000-33556678d1ed | |
| https://apapedulimu.click/shopify-com-blind-stored-xss-via-staff-name/ | |
| https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/ | |
| https://medium.com/@mateusz.olejarka/a-perfect-duplicate-or-how-to-send-an-email-with-a-spoofed-invoices-content-66cf369bbaa3 | |
| https://medium.com/@syedabuthahir/django-debug-mode-to-rce-in-microsoft-acquisition-189d27d08971 | |
| https://blog.shashank.co/2020/08/escalating-github-leak-to-takeover.html | |
| https://medium.com/bugbountywriteup/fun-with-header-and-forget-password-with-a-twist-af095b426fb2 | |
| https://offensi.com/2020/08/18/how-to-contact-google-sre-dropping-a-shell-in-cloud-sql/ | |
| https://medium.com/bugbountywriteup/how-could-i-tag-photo-to-any-users-scrapbook-on-facebook-23ab15e6e4b4 | |
| https://medium.com/bugbountywriteup/from-sql-injection-to-hall-of-fame-96a08c869acd | |
| https://www.activecyber.us/activelabs/windows-appx-deployment-service-local-privilege-escalation-cve-2020-1488 | |
| https://abss.me/posts/fcm-takeover/ | |
| https://web.archive.org/web/20200819113116/https://medium.com/@godofdarkness.msf/account-takeover-using-re-register-bug-bounty-bda8bb2106e6 | |
| https://medium.com/bugbountywriteup/stealing-your-data-using-xss-bf7e4a31e6ee | |
| https://medium.com/witnet/witnet-network-acknowledged-dos-bug-f7d55b709051 | |
| https://web.archive.org/web/20200816192659/https://medium.com/@godofdarkness.msf/influxdb-access-at-redact-8x8-com-1b54976b137 | |
| https://medium.com/@z.x/how-i-got-450-just-in-one-google-search-sqli-rxss-8c7c28ceba79 | |
| https://vishwarajbhattrai.wordpress.com/2020/08/16/disclosing-wifi-password-via-content-provider-injection-in-xiaomi/ | |
| https://medium.com/bugbountywriteup/how-i-was-able-to-send-authentic-emails-as-others-google-vrp-resolved-2af94295f326 | |
| https://medium.com/@vedanttekale20/how-recon-helped-me-to-find-an-interesting-bug-17a2d8cf1778 | |
| https://spaceraccoon.dev/open-sesame-escalating-open-redirect-to-rce-with-electron-code-review | |
| https://blog.detectify.com/2020/08/14/crowdsource-success-story-from-an-out-of-scope-open-redirect-to-cve-2020-1323/ | |
| https://medium.com/nassec-cybersecurity-writeups/deleted-data-stored-permanently-on-instagram-facebook-bug-bounty-2020-26074c229955 | |
| https://medium.com/@vishalranjan00012/hi-folks-2f28dd8fdfe9 | |
| https://medium.com/bugbountywriteup/false2true-match-and-replace-bug-hunting-a-cautionary-tale-fbe7020f02ad | |
| https://medium.com/bugbountywriteup/leaking-aws-metadata-f5bc8de03284 | |
| https://medium.com/@balapraneeth98/journey-to-my-first-bug-hunt-6dc5e4552128 | |
| https://medium.com/@ashikbhaskar94/blind-os-command-injection-87910f0d2276 | |
| https://medium.com/bugbountywriteup/cache-poisoning-of-wget-94a4d70104b1 | |
| https://medium.com/@rushikesh12gaikwad/cracking-the-2fa-215d24ccb29b | |
| https://medium.com/@singh.simran7838/how-i-made-2000-with-url-redirection-b1b5f4e7a678 | |
| https://voidsec.com/cve-2020-1337-printdemon-is-dead-long-live-printdemon/ | |
| https://medium.com/nassec-cybersecurity-writeups/how-i-was-able-to-find-page-personal-account-disclosure-on-instagram-d9607de4883f | |
| https://medium.com/@prakashpanta1999/group-admin-cant-able-to-moderate-comments-when-posted-through-page-facebook-bug-bounty-2020-16c2d04a27cb | |
| https://honoki.net/2020/08/10/cve-2020-11518-how-i-bruteforced-my-way-into-your-active-directory/ | |
| https://www.perimeterx.com/tech-blog/2020/csp-bypass-vuln-disclosure/ | |
| https://medium.com/@sudipshah_66336/my-2nd-4digit-bug-bounty-from-facebook-99baa727ed02 | |
| https://observationsinsecurity.com/2020/08/09/bypassing-403-to-get-access-to-an-admin-console-endpoints/ | |
| https://mazinahmed.net/blog/hacking-zoom/ | |
| https://blog.dixitaditya.com/bypassing-google-maps-api-key-restrictions/ | |
| https://medium.com/bugbountywriteup/cache-poisoning-with-xss-a-peculiar-case-eb5973850814 | |
| https://medium.com/bugbountywriteup/reflected-xss-in-facebooks-mirror-websites-4384b4eb3e11 | |
| https://medium.com/@zseano/the-feature-works-as-intended-but-whats-in-the-source-d29f9401bcf6 | |
| https://blog.dixitaditya.com/exploiting-jwt-lack-of-signature-verification | |
| https://jameshfisher.com/2020/08/06/smear-phishing-how-to-scam-an-android-user/ | |
| https://medium.com/@jonathanbouman/reflected-xss-at-fotoservice-hema-nl-af344ef63433 | |
| https://medium.com/@jonathanbouman/blind-sql-injection-at-fasteditor-hema-com-6ac140c0d1a3 | |
| https://medium.com/@tommysuriel/stored-xss-on-slack-bug-bounty-88fe167d75df | |
| https://medium.com/@DK999/apache-example-servlet-leads-to-61a2720cac20 | |
| https://enumerated.wordpress.com/2020/08/05/the-case-of-the-missing-cache-keys/ | |
| https://medium.com/bugbountywriteup/csrf-poc-mistake-that-broke-crucial-functions-for-the-end-user-victim-ef4fa4584ca8 | |
| https://medium.com/@mohamedayad_72488/i-want-all-these-features-bb41e8252020 | |
| https://medium.com/@rikeshbaniyaaa/how-i-was-able-to-do-mass-account-takeover-bug-bounty-b279af1ce62b | |
| https://pulsesecurity.co.nz/advisories/AWS-Bastion-Logger-Bypass | |
| https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/ | |
| https://medium.com/kminthein/account-takeover-in-cups-mail-ru-bdab1483f92c | |
| https://maordayanofficial.medium.com/look-at-what-i-found-in-comodo-57d62af2f263 | |
| https://web.archive.org/web/20200920134643/http://wisdomfreak.com/2020/08/banning-users-race-condition/ | |
| https://vj0shii.github.io/multi-factor-auth-bypass-with-password-reset-function/ | |
| https://objective-see.org/blog/blog_0x4D.html | |
| https://medium.com/bugbountywriteup/refocusing-in-bug-hunting-bonus-an-interestingly-simple-to-test-csrf-bypass-8595b3312147 | |
| https://rhynorater.github.io/CVE-2020-13379-Write-Up | |
| https://objective-see.com/blog/blog_0x4D.html | |
| https://a2nkf.github.io/unauthd_Logic_bugs_FTW/ | |
| https://medium.com/bugbountywriteup/bypassing-otp-via-reset-password-f004a29020c | |
| https://medium.com/@zseano/using-xampp-and-burp-intruder-when-scanning-for-subdomains-to-look-for-interesting-behaviour-code-f24c511d15ed | |
| https://medium.com/@zseano/new-features-means-new-bugs-ece4d10cdf9d | |
| https://medium.com/@ashokcpg/weird-behavior-of-facebook-page-faq-leading-to-bounty-from-facebook-b4984e623b38 | |
| https://medium.com/bugbountywriteup/exploiting-business-logic-wallet-money-6a7654f4e147 | |
| http://blog.redxorblue.com/2020/07/one-click-to-compromise-fun-with.html | |
| https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/ | |
| https://medium.com/@mudassirsharief58/the-noob-way-of-taking-over-accounts-81aee783c064 | |
| https://sa1tama0.medium.com/xss-rce-html-file-upload-in-same-endpoint-4a03348445f4 | |
| https://medium.com/bugbountywriteup/my-first-bug-bounty-21d3203ffdb0 | |
| https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system | |
| https://hunter-55.medium.com/introduction-fae7c8b3d16c | |
| https://tox7cv3nom.github.io/2020/07/28/authentication-token-bypass-leads-too-idor.html | |
| https://medium.com/@akshanshjaiswal/pre-access-to-victims-account-via-facebook-signup-60219e9e381d | |
| https://medium.com/@jjowi/bug-html-injection-on-tokopedia-9a9b0534ceaa | |
| https://www.r29k.com/articles/bb/csrf | |
| https://medium.com/@mattshockl/cve-2020-9934-bypassing-the-os-x-transparency-consent-and-control-tcc-framework-for-4e14806f1de8 | |
| https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa | |
| https://tolo7010note.blogspot.com/2020/07/an-unreproducable-bug-due-to-load.html | |
| https://shivangx01b.github.io/2fa_bypass/ | |
| https://medium.com/@airlanggamurthi/obtained-a-bunch-of-sensitive-data-in-just-few-steps-hacking-1a474200a8c2 | |
| https://medium.com/@vneelam609/a-simple-idor-which-should-not-be-missed-on-dating-site-c500cba8e6c3 | |
| https://medium.com/bugbountywriteup/dns-rebinding-the-treacherous-attack-it-can-be-b367c61b4372 | |
| https://medium.com/@vneelam609/5000-account-takeover-bf7749746981 | |
| https://co0nan.gitbook.io/wirteups/ | |
| https://medium.com/@shahjerry33/http-parameter-pollution-its-contaminated-85edc0805654 | |
| https://ysamm.com/?p=487 | |
| https://medium.com/@totmukesh/hack-till-your-last-breath-3e58f4fb1738 | |
| https://web.archive.org/web/20220519224811/http://wisdomfreak.com/increasing-reward-points-n-number-of-time/ | |
| https://medium.com/@ashikbhaskar94/denial-of-service-dos-by-regex-205536c8dcd0 | |
| https://medium.com/bugbountywriteup/the-1-000-worth-cookie-6cf48af08e08 | |
| https://medium.com/@mohamedayad_72488/dos-over-wep-application-c5176dc29035 | |
| https://web.archive.org/web/20201123204526/https://medium.com/@olisandip99/chaining-rate-limiting-for-account-lockout-6a2a7828dd24 | |
| https://medium.com/@mohamedayad_72488/bypass-user-restriction-registration-cbfc4eb855 | |
| https://medium.com/@fardeenahmed410/how-i-landed-on-my-first-bounty-no-spf-dmarc-record-found-2fdfea64cf52 | |
| https://medium.com/bugbountywriteup/unique-case-for-price-manipulation-bugbounty-vapt-df57637769cd | |
| https://medium.com/@balook/creative-android-pin-bypass-with-race-conditon-63a8bc3f0e31 | |
| https://medium.com/@balook/android-pin-bypass-with-rate-limiting-a3f5dd811715 | |
| https://medium.com/@balook/idor-in-google-datastudio-google-com-f2fa51b763de | |
| https://medium.com/bugbountywriteup/how-i-lost-my-followers-on-medium-9fe10e9862aa | |
| https://medium.com/@sudipshah_66336/the-story-of-my-first-4-digit-bounty-from-facebook-3a29830e03cd | |
| https://medium.com/@saurabhsanmane06/i-am-able-to-see-users-sensitive-data-from-json-file-905e330278df | |
| https://medium.com/@__mr_beast__/the-3-day-account-takeover-269b0075d526 | |
| https://medium.com/@yaala/admin-editor-can-disclose-personnel-email-of-other-editor-admin-on-page-who-created-shop-57c35ed9f9b7 | |
| https://web.archive.org/web/20211016075506/https://insight.claranet.co.uk/technical-blogs/hunting-postmessage-vulnerabilities | |
| https://medium.com/bugbountywriteup/exploiting-imported-libraries-to-bypass-cloudflare-waf-7aed99186c5a | |
| https://medium.com/@rafaelrodripaz/ssrf-in-import-file-function-d0f1c6397262 | |
| https://www.secjuice.com/api-misconfiguration-data-breach/ | |
| https://medium.com/@nandwanajatin25/self-stored-xss-to-full-account-takeover-fe8e71471795 | |
| https://medium.com/@letssimplysecure/bug-bounty-experience-unvalidated-redirection-vulnerability-eed40d91da27 | |
| https://medium.com/bugbountywriteup/how-i-was-able-to-change-victims-password-using-idn-homograph-attack-587111843aff | |
| https://infosecwriteups.com/how-i-hacked-into-a-telecom-network-part-1-getting-the-rce-167c2bb320e6 | |
| https://medium.com/@sp2417487/a-tale-of-critical-account-take-over-e1b7c180917c | |
| https://medium.com/@ben.aymen.182/phone-number-validation-bypass-through-url-path-manipulation-c03721cf3676 | |
| https://medium.com/bugbountywriteup/dont-stop-at-one-bug-d3c56806b5 | |
| https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 | |
| https://philippeharewood.com/see-whether-a-hackercup-facebook-participant-allows-recruitment-contact/ | |
| https://medium.com/@danlyt74/remote-denial-of-service-with-chrome-82638507a87f | |
| https://vj0shii.github.io/exploiting-application-logic-to-referral-code-disclosure/ | |
| https://www.vulnano.com/2020/07/global-grant-uri-in-android-80-90-2018.html | |
| https://medium.com/@pig.wig45/from-n-a-to-resolved-for-backblaze-android-app-hackerone-platform-bucket-takeover-f817692a590 | |
| https://medium.com/@dheerajkmadhukar/journey-from-low-to-critical-bug-2ab98db2eec1 | |
| https://medium.com/@b3twise/how-i-found-10-remote-code-execution-in-10-minutes-cve-2020-5902-3def1aa29e9b | |
| https://github.com/google/security-research/security/advisories/GHSA-fpgp-vrmv-v8f2 | |
| https://mudit.blog/free-blockchain-storage-bug-substrate/ | |
| https://xvnpw.github.io/posts/from-dot-in-regex-to-ssrf-part-3/ | |
| https://web.archive.org/web/20200821010435/https://medium.com/@Alone_Wwolf/how-i-was-able-to-bypass-email-confirm-p4-e17af66a4eb0 | |
| https://bugs.chromium.org/p/chromium/issues/detail?id=1040755 | |
| https://medium.com/@yaala/make-featured-product-in-any-video-ec2bd4816ae4 | |
| https://medium.com/@swaysthinking/my-first-bug-blind-ssrf-through-profile-picture-upload-72f00fd27bc6 | |
| https://medium.com/@escapesequence89/rce-via-image-upload-functionality-925c902943b8 | |
| https://blog.easysiem.com/application-security/case-study-i-browser-anomaly-with-facebook-apps-1500usd | |
| https://medium.com/@alyanwar/taking-over-files-in-a-chat-idor-in-microsoft-teams-e5289c2efd0 | |
| https://medium.com/@daoud_youssef/from-host-header-injection-to-sql-injection-e7c61a61b575 | |
| https://medium.com/@hgreal/why-i-paid-3-5k-to-become-a-tld-registrar-reseller-when-doing-bug-bounty-d9d407911dce | |
| https://pethuraj.com/blog/bbc-bug-bounty-write-up-xss-vulnerability/ | |
| https://tbutler0x90.medium.com/hinge-hackerone-writeup-dd81fd410e0d | |
| https://web.archive.org/web/20210827070751/https://tbutler.org/assets/pdf/Butler,Tyler-MAID-Hinge-BBR.pdf | |
| https://medium.com/@renwa/copy-drag-paste-drop-2fd4613ad1d1 | |
| https://medium.com/@noneofyou/how-i-got-hall-of-fame-in-microsoft-9b507dec3860 | |
| https://lutfumertceylan.com.tr/posts/ato-and-data-leakage-via-cors-misc/ | |
| https://balapraneeth.medium.com/csrf-attack-e7bb9f3f36e1 | |
| https://thehackerish.com/bug-bounty-write-up-from-ssrf-to-4000/ | |
| https://www.youtube.com/watch?v=apzJiaQ6a3k | |
| https://fadhilthomas.github.io/post/bug-bounty-tokopedia-03/ | |
| https://medium.com/@ifediri/breaking-business-logic-via-coupons-the-story-of-my-1st-valid-bug-bounty-89c30ff214dc | |
| https://medium.com/@tarek.tix/how-i-got-200-with-an-out-of-the-box-open-redirect-vulnerability-809e91270 | |
| https://vj0shii.github.io/improper-bakend-checks-food-order-site/ | |
| https://ysamm.com/?p=479 | |
| https://infosecwriteups.com/story-of-a-2-5k-bounty-ssrf-on-zimbra-led-to-dump-all-credentials-in-clear-text-6fe826005ccc | |
| https://medium.com/@sprtndilip99/how-i-made-1500-dollars-using-base64-decoder-8da1a7672b | |
| https://medium.com/bugbountywriteup/s3-bucket-misconfigured-access-controls-to-critical-vulnerability-6b535e3df9a5 | |
| https://embracethered.com/blog/posts/2020/aws-xss-cross-site-scripting-vulnerability/ | |
| https://research.securitum.com/art-of-bug-bounty-a-way-from-js-file-analysis-to-xss/ | |
| https://0xsha.io/posts/zombievpn-breaking-that-internet-security | |
| https://lutfumertceylan.com.tr/posts/stored-xss-with-password-recovery-page/ | |
| https://certik.io/blog/technology/vulnerability-electron-based-application-malicious-code-execution | |
| https://medium.com/kminthein/story-of-stealing-mail-conversation-contacts-in-mail-ru-and-mymail-ios-applications-via-xss-1e49c4ed560 | |
| https://blog.securitybreached.org/2020/06/30/using-inspect-element-to-bypass-security-restrictions-bug-bounty-poc/ | |
| https://medium.com/@keegan.ryan/patched-zoom-exploit-altering-camera-settings-via-remote-sql-injection-4fdf3de8a0d | |
| https://web.archive.org/web/20200629033551/https://blogs.ad3sh.com/2020/06/api-endpoint-leads-to-account-takeover.html | |
| https://blog.assetnote.io/2020/06/29/subdomain-takeover-to-account-takeover/ | |
| https://medium.com/@hgreal/how-i-hacked-a-bank-their-application-using-it-for-hacking-another-bank-company-10-k-xss-b9cc801a675 | |
| https://medium.com/@fatnassifiras45/how-i-was-able-to-take-over-any-account-via-the-password-reset-functionality-ef1659f8b481 | |
| https://officialaimm.medium.com/an-attempt-to-escalate-a-low-impact-hidden-input-xss-9f4b9c88f19c | |
| https://blog.stazot.com/boltcms-file-upload-bypass/ | |
| https://medium.com/@minometidji/how-i-bypassed-open-redirect-and-i-have-get-reward-from-yandex-5df5de836718 | |
| https://web.archive.org/web/20200627125016/https://medium.com/@s3c/hacked-worldwide-zoom-users-fceb31868c2d | |
| https://web.archive.org/web/20200626065913/https://medium.com/@saugatpokharel/able-to-create-hidden-comment-by-blocking-an-admin-facebook-bug-bounty-2020-c62bd10712f | |
| https://medium.com/@abhishake100/bug-bounty-in-lockdown-sqli-and-business-logic-98ab8cb5f661 | |
| https://medium.com/bugbountywriteup/all-about-getting-first-bounty-with-idor-849db2828c8 | |
| https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/ | |
| https://medium.com/@mase289/a-tale-of-my-first-ever-full-ssrf-bug-4fe71a76e9c4 | |
| https://jub0bs.com/posts/2020-06-23-ssrf/ | |
| https://medium.com/bugbountywriteup/api-token-hijacking-through-clickjacking-2e36c02e6c48 | |
| https://medium.com/@eldeebxboy/how-i-was-able-to-chain-bugs-and-gain-access-to-internal-okta-instance-f2da9ab71367 | |
| https://medium.com/@divyanshsharma2401/it-took-me-only-5-minutes-to-find-an-rce-on-bentley-38265da15788 | |
| https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d | |
| https://medium.com/bugbountywriteup/bypass-2fa-like-a-boss-378787707ba | |
| https://alaa.blog/2020/06/how-did-i-found-information-disclosure-on-facebook-writeup/ | |
| https://samcurry.net/hacking-starbucks/ | |
| http://www.firstsight.me/2020/06/from-recon-to-bypassing-mfa-implementation-in-owa-by-using-ews-misconfiguration/ | |
| https://medium.com/@aseem.shrey/one-token-to-leak-them-all-the-story-of-a-8000-npm-token-79b13af182a3 | |
| https://web.archive.org/web/20200814031536/https://medium.com/@saugatpokharel/replying-on-livestream-leading-to-page-admin-disclosure-facebook-bug-bounty-b24792a19638 | |
| https://tylerbutler.io/hackerone-hinge/ | |
| https://pentest.co.uk/labs/research/subtle-stored-xss-wordpress-core/ | |
| https://www.rtcsec.com/post/2020/06/03-bug-bounty-bout-0x01-webrtc-edition/ | |
| https://wss.sh/en/blog/how-i-made-more-than-30k-with-jolokia-cves/ | |
| https://medium.com/@abireena2002/how-i-managed-to-escalate-privilege-as-admin-94b8dc910d14 | |
| https://medium.com/@muztahidultanim/how-i-was-able-to-buy-t-shirt-for-1-payment-price-manipulation-36b4d6a30034 | |
| https://web.archive.org/web/20201123204430/https://www.mohamedharon.com/2020/06/all-intercomhelp-subdomains-vulnerable.html | |
| https://www.ehpus.com/post/smtp-injection-in-gsuite | |
| https://medium.com/bugbountywriteup/reflected-user-input-xss-c3e681710e74 | |
| https://medium.com/bugbountywriteup/business-logic-flaw-in-invitation-system-allows-to-takeover-any-account-at-private-company-daaf898966b0 | |
| https://www.sociosploit.com/2020/06/another-fappening-on-horizon.html | |
| https://medium.com/@ddigvijay29/how-to-secure-aws-serverless-lambda-from-redos-regular-expression-denial-of-service-resultant-12f0401118cd | |
| https://ysamm.com/?p=460 | |
| https://ysamm.com/?p=450 | |
| https://ysamm.com/?p=455 | |
| https://ysamm.com/?p=458 | |
| https://medium.com/@pravinponnusamy/race-condition-vulnerability-found-in-bug-bounty-program-573260454c43 | |
| https://medium.com/@vishnu0002/account-takeover-via-otp-bruteforce-apigee-api-9b5481c642df | |
| https://medium.com/@NinadMishra/dos-and-bugbounties-a-series-of-dos-attacks-on-hackerone-9c8316e192c9 | |
| https://medium.com/bugbountywriteup/lets-bypass-csrf-protection-password-confirmation-to-takeover-victim-accounts-d-4a21297847ff | |
| https://pandaonair.com/2020/06/11/race-conditions-exploring-the-possibilities.html | |
| https://medium.com/@mudassirsharief58/hunt-for-sql-injection-the-smart-way-db85243a4e90 | |
| https://medium.com/@__mr_beast__/the-frustrating-xss-33607894a071 | |
| https://www.synack.com/blog/guest-blog-from-file-upload-to-rce/ | |
| https://medium.com/@bachrudinashari/privilege-escalation-by-changing-http-response-admin-access-5e67c44713f6 | |
| https://medium.com/@shakti.gtp/utilizing-lockdown-blind-sqli-leads-to-account-takeover-data-extraction-3705ce8bdb62 | |
| https://medium.com/@silentbronco/the-p5-link-injection-story-2632e61f62b7 | |
| https://medium.com/swlh/abusing-microsoft-teams-rate-limiting-for-ddos-a8238958376a | |
| https://hackingiscool.pl/cmdhijack-command-argument-confusion-with-path-traversal-in-cmd-exe/ | |
| https://medium.com/@__mr_beast__/the-accidental-rce-7ceef9cee179 | |
| https://www.cyberonesecurity.com/blog/local-privilege-escalation-discovered-in-vmware-fusion | |
| https://medium.com/@ricardoiramar/this-is-fine-6e032f497b8f | |
| https://medium.com/@imunissar786/awesome-host-header-injection-worth-2k-a7e5be1dbb1d | |
| https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5 | |
| https://medium.com/bugbountywriteup/xss-to-database-credential-leakage-database-access-story-of-total-luck-77c990be8ab2 | |
| http://www.firstsight.me/2020/06/from-399-to-1650-usd-part-i-simple-vertical-privilege-escalation-by-changing-http-response/ | |
| https://medium.com/@th3g3nt3l/multiple-information-exposed-due-to-misconfigured-service-now-itsm-instances-de7a303ebd56 | |
| https://yxw21.github.io/2020/06/05/Account-Takeover-Via-PostMessage/ | |
| https://echopwn.com/local-file-read-via-xss-using-pdf-generate-functionality/ | |
| https://medium.com/@amyrahm786/story-of-blind-sql-with-a-typo-error-43a21913c8d | |
| https://medium.com/@rohitcoder/idor-delete-saved-credit-cards-from-any-business-manager-account-f28c773982eb | |
| https://initblog.com/2020/oslogin-privesc/ | |
| https://blog.darabi.me/2020/06/image-removal-vulnerability-on-facebook.html | |
| https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020 | |
| https://medium.com/heck-the-packet/how-i-got-my-first-big-bounty-payout-with-tesla-8d28b520162d | |
| https://medium.com/@valeriyshevchenko/from-crlf-to-account-takeover-a94d7aa0d74e | |
| https://kb.cert.org/vuls/id/636397 | |
| https://hackerone.com/reports/893922 | |
| https://research.securitum.com/the-curious-case-of-copy-paste/ | |
| https://web.archive.org/web/20200807155244/https://vict0ni.me/double-url-encoding-xss/ | |
| https://medium.com/@BreizhZeroDayHunters/when-its-not-only-about-a-kubernetes-cve-8f6b448eafa8 | |
| https://medium.com/bugbountywriteup/information-disclosure-and-reflected-xss-on-tokopedia-1b3a00ec64c6 | |
| https://medium.com/bugbountywriteup/how-i-leveraged-an-interesting-csrf-vulnerability-to-turn-self-xss-into-a-persistent-attack-b780824042d2 | |
| https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204 | |
| https://f4d3.io/xxe_wild/ | |
| https://elmahdi.tistory.com/3 | |
| https://medium.com/@secureITmania/weird-subdomain-take-over-pattern-of-amazon-s3-75165ab2e883 | |
| https://medium.com/@sudipshah_66336/the-story-of-my-first-xxx-bug-bounty-from-facebook-565a212c94ad | |
| https://medium.com/@kassihmouhssine/cross-site-scripting-the-power-of-the-hidden-parameters-259a4d2c4c09 | |
| https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/ | |
| https://ezqelusia.blogspot.com/2020/05/microsofts-first-bug.html | |
| https://medium.com/bugbountywriteup/weak-cryptography-leads-to-open-redirect-3fe052c12995 | |
| https://blog.raphael.karger.is/articles/2020-05/CVE-2020-13693 | |
| https://www.nahamsec.com/posts/my-expense-report-resulted-in-a-server-side-request-forgery-ssrf-on-lyft | |
| https://zonduu.medium.com/idor-in-session-cookie-leading-to-mass-account-takeover-d815ff3732d5 | |
| https://research.nccgroup.com/2020/05/05/exploring-macos-calendar-alerts-part-1-attempting-to-execute-code/ | |
| https://research.nccgroup.com/2020/05/28/exploring-macos-calendar-alerts-part-2-exfiltrating-data-cve-2020-3882/ | |
| https://elmahdi.tistory.com/m/2 | |
| https://medium.com/bugbountywriteup/bypassing-waf-to-perform-xss-2d2f5a4367f3 | |
| https://medium.com/@kishoretk/how-i-was-able-to-see-identity-of-a-private-video-up-loader-via-rights-manager-responsible-39d996517b6e | |
| https://shibinbshaji.space/bug-bounty/oppo-bugbounty-writeup/ | |
| https://medium.com/@abhishake100/clickjacking-to-account-takeover-97e286f26b95 | |
| https://medium.com/@kminthein/ios-outlook-stored-xss-write-up-ce34d7da192b | |
| https://medium.com/@kminthein/stored-xss-in-microsoft-outlook-ebce9ff9e45b | |
| https://medium.com/@kminthein/stored-xss-in-yahoo-mail-ios-app-3500-6b40e86358b9 | |
| https://servicenger.com/blog/mobile/android-sop-bypass-to-steal-system-files/ | |
| https://www.cyberark.com/resources/threat-research-blog/bug-hunting-stories-schneider-electric-the-andover-continuum-web-client | |
| https://jub0bs.com/posts/2020-05-26-idor/ | |
| https://andrei-abakumov.medium.com/how-dangerous-is-request-splitting-a-vulnerability-in-golang-or-how-we-found-the-rce-in-portainer-7339ba24c871 | |
| https://medium.com/@pallabjyoti218/story-about-otp-bypass-to-stored-xss-81bfd735c709 | |
| http://hack4bounty.com/how-source-code-reading-helped-me-find-an-idor/ | |
| https://medium.com/@talatmehmood1995/my-first-bug-bounty-2-factor-authentication-bypass-b034812c8243 | |
| https://medium.com/@ciph3r7r0ll/parsing-the-dom-elements-of-other-pages-via-xss-bug-bounty-story-46d517e6711d | |
| https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html | |
| https://medium.com/@yaala/bypassing-message-request-inbox-cf54f859dd25 | |
| https://philippeharewood.com/change-any-link-at-https-fbwat-ch/ | |
| https://medium.com/@yaala/become-member-of-close-public-group-9564c359c050 | |
| https://torbencapiau.be/?p=106 | |
| http://hack4bounty.com/how-i-got-200-in-5-minutes-%f0%9f%98%9c-sensitive-data-leak-%f0%9f%98%9c/ | |
| https://healdb.tech/blog/teradici.html | |
| https://servicenger.com/blog/mobile/facebook-for-ios-address-bar-spoofing/ | |
| https://medium.com/csis-techblog/cve-2020-1088-yet-another-arbitrary-delete-eop-a00b97d8c3e2 | |
| https://medium.com/hackcura/multiple-flaws-leads-to-account-takeover-within-an-application-9f64abfb1073 | |
| https://medium.com/@0xh7ml.py/my-first-10k-bdt-bounty-from-an-e-commerce-site-cec9d58e1f55 | |
| https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html | |
| https://web.archive.org/web/20200616051351/https://hazana.xyz/posts/cors-blimey/ | |
| https://hazanasec.github.io/2021-01-28-CORS-Blimey/ | |
| https://medium.com/@bathinivijaysimhareddy/tale-of-account-takeovers-part-2-9abf62de4ca3 | |
| https://www.bad5ect0r.sh/posts/stored-xss-leads-to-plaintext-password-disclosure/ | |
| https://medium.com/@bilalmerokhel/one-param-10k-9d80a33f5eb5 | |
| https://bugwriteups.tech/logical-bug-which-let-me-stop-users-from-creating-ads-at-a-website | |
| https://santuysec.com/2020/05/16/how-i-was-able-to-make-users-loss-of-money-on-google-pay/ | |
| https://medium.com/@bilalmerokhel/chained-bugs-account-takeover-ceff67d1d55a | |
| https://medium.com/@swapmaurya20/password-reset-poisoning-leading-to-account-takeover-f178f5f1de87 | |
| http://hack4bounty.com/how-i-got-my-first-swag-on-edmodo-with-a-simple-xss/ | |
| https://medium.com/bugbountywriteup/weak-cryptography-in-password-reset-to-full-account-takeover-fc61c75b36b9 | |
| https://medium.com/@talatmehmood1995/bug-bounty-advanced-manual-penetration-testing-leading-to-price-manipulation-vulnerability-d935a3a5ddf6 | |
| https://embracethered.com/blog/posts/2020/mozilla-bug-bounty-credential-hunt-phabricator-token/ | |
| https://bugwriteups.tech/bug-bounty-write-up-lucky-vulnerability | |
| https://philippeharewood.com/change-the-profanity-filter-for-any-facebook-page/ | |
| https://medium.com/@aniltom/magic-of-the-back-slash-d868e66b532a | |
| https://medium.com/@frycos/another-zoho-manageengine-story-7b472f1515f5 | |
| https://tillsongalloway.com/finding-sensitive-information-on-github/index.html | |
| https://medium.com/@adonkidz7/bypass-xss-filter-using-html-escape-f2e06bebc8c3 | |
| https://www.synacktiv.com/en/publications/pentesting-cisco-sd-wan-part-2-breaking-routers.html | |
| https://vinothkumar.me/20000-facebook-dom-xss/ | |
| https://chefsecure.com/blog/i-found-xss-security-flaws-in-rails-heres-what-happened | |
| https://twitter.com/missoum1307/status/1258472717453582336 | |
| https://medium.com/@aishwaryakendle/how-we-hijacked-26-subdomains-9c05c94c7049 | |
| https://medium.com/@youssefla/dom-xss-walkthrough-4d60c45ffb21 | |
| https://medium.com/@TnMch/google-acquisition-xss-apigee-5479d7b5dc4 | |
| https://geleta.eu/2020/a-tale-of-verbose-error-message-and-jwt-token/ | |
| https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss | |
| https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses | |
| https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management | |
| https://gyanihackers.com/blog/cool-paste-jacking-attack/ | |
| https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome | |
| https://medium.com/@sandeepkumarsingh1902/bugbounty-adding-money-using-response-modification-334448d34251 | |
| https://medium.com/@rohitcoder/private-dashboards-were-accessible-by-other-admins-in-analytics-dashboard-558010a379ab | |
| https://medium.com/@impratikdabhi/reflected-xss-on-microsoft-com-via-angular-template-injection-2e26d80a7fd8 | |
| https://web.archive.org/web/20210117211634/https://kurtikleiton.medium.com/blind-ssrf-on-coda-io-c7063f304455 | |
| https://ysamm.com/?p=444 | |
| https://ysamm.com/?p=437 | |
| https://pankajupadhyay.in/2020/05/01/ok-google-bypass-flag-secure/ | |
| https://medium.com/@rooterkaustubh/the-story-of-blind-ssrf-leads-to-internal-host-discovery-ee65b9b91e23 | |
| https://blog.sambal0x.com/2020/04/30/Hacking-razer-pay-ewallet-app.html | |
| https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html | |
| https://medium.com/sud0root/bug-bounty-writeups-exploiting-sql-injection-vulnerability-20b019553716 | |
| https://medium.com/@kishorehariram/account-taken-over-in-style-8a547342a5ad | |
| https://hethical.io/stealing-the-trello-token-by-abusing-a-cross-iframe-xss-on-the-butler-plugin/ | |
| https://medium.com/@kunal94/indirect-uxss-issues-on-a-private-integrated-browser-219f6b809b6c | |
| https://medium.com/@hbothra22/recon-to-sensitive-information-disclosure-in-minutes-503fc7ccdf0b | |
| https://servicenger.com/blog/mobile/private-bounty-sendmsg/ | |
| https://medium.com/@d0nut/piercing-the-veal-short-stories-to-read-with-friends-4aa86d606fc5 | |
| https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/ | |
| https://blog.deteact.com/bitrix-waf-bypass/ | |
| https://www.shielder.it/blog/1-click-rce-on-keybase/ | |
| https://medium.com/@amangupta566/fun-with-cors-misconfiguration-ii-927caccfe932 | |
| https://blog.evanricafort.com/2020/04/xss-in-peerio-2-windows-application.html | |
| https://web.archive.org/web/20200426140225/https://medium.com/@aungpyaehackeronetester/web-cache-poisoning-in-postmates-1500-a67eee4fc118 | |
| https://medium.com/@hbothra22/from-recon-to-p1-critical-an-easy-win-6ca93d5b6e6d | |
| https://medium.com/@aungpyaehackeronetester/two-factor-authentication-bypass-50-5b397e68cfed | |
| https://wongmjane.com/blog/messenger-rooms-writeup | |
| https://baibhavjha.com.np/blogs/hidinginclosefriendlist/ | |
| https://smaranchand.com.np/2020/04/misconfigured-wordpress-takeover-to-remote-code-execution/ | |
| https://medium.com/@mohameddaher/from-p5-to-p5-to-p2-from-nothing-to-1000-bxss-4dd26bc30a82 | |
| https://web.archive.org/web/20200513210337/https://medium.com/bugbountywriteup/the-secret-sauce-of-bug-bounty-bdcc2e2d45af | |
| https://medium.com/@vincenz/exploiting-a-race-condition-vulnerability-3f2cb387a72 | |
| https://medium.com/@jayateerthag/cors-bug-on-googles-404-page-rewarded-2163d58d3c8b | |
| https://medium.com/@adam.adreleve/dom-based-open-redirect-to-the-leak-of-a-jwt-token-1b1dd2ced9a1 | |
| https://medium.com/bugbountywriteup/google-maps-api-not-the-key-bugs-that-i-found-over-the-years-781840fc82aa | |
| https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/ | |
| https://blog.stazot.com/prestashop-csrf-to-rce-article/ | |
| https://medium.com/@np20121996/how-was-i-able-to-find-privilege-escalation-b13366b97706 | |
| https://medium.com/@ashokcpg/non-technical-write-up-on-my-second-bounty-of-1-000-from-facebook-74daecd6879b | |
| https://medium.com/@abhishake100/strange-redirect-fixed-but-no-bounty-54425aea7f19 | |
| https://medium.com/@rat010/otp-verification-bypass-ee17d68f8425 | |
| https://fadhilthomas.github.io/post/facebook-white-hat-01/ | |
| https://blog.yappare.com/2020/04/tricky-oracle-sql-injection-situation.html | |
| https://blog.zimperium.com/multiple-kernel-vulnerabilities-affecting-all-qualcomm-devices/ | |
| https://medium.com/@kristian.balog/netflix-party-simple-xss-ec92ed1d7e18 | |
| https://medium.com/@shahjerry33/business-logic-errors-a-new-look-3b18d9c2a12f | |
| https://medium.com/bugbountywriteup/bounty-tip-easiest-way-to-bypass-apis-rate-limit-f984fad40093 | |
| https://medium.com/@afolicdaralee/hacking-a-telecommunication-company-mtn-c46696451fed | |
| https://medium.com/bugbountywriteup/how-i-unlocked-the-blocked-accounts-545e9b7d7be1 | |
| https://blog.doyensec.com/2020/04/08/libressl-fuzzer.html | |
| https://websecblog.com/vulns/listing-email-addresses-on-google-crisis-map/ | |
| https://web.archive.org/web/20200601005729/https://vict0ni.me/unrestricted-file-upload-on-pdf/ | |
| https://medium.com/bugbountywriteup/stored-xss-in-google-nest-a82373bbda68 | |
| https://medium.com/@D0rkerDevil/3k-bounty-for-elastic-search-takeover-70c0847d2e40 | |
| https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/ | |
| https://ladysecspeare.wordpress.com/2020/04/05/how-a-simple-csrf-attack-turned-into-a-p1-level-bug/ | |
| https://web.archive.org/web/20200407121700/https://medium.com/nassec-cybersecurity-writeups/page-admin-disclosure-facebook-bug-bounty-2020-8a45cf911e24 | |
| https://web.archive.org/web/20200405123820/https://medium.com/@saugatpokharel/cannot-delete-post-on-facebook-group-facebook-bug-bounty-4f2661655c3a | |
| https://blog.securitybreached.org/2020/04/04/playing-with-json-web-tokens-for-fun-and-profit/ | |
| https://medium.com/@pig.wig45/touch-id-authentication-bypass-on-evernote-and-dropbox-ios-apps-7985219767b2 | |
| https://www.ryanpickren.com/webcam-hacking-overview | |
| https://medium.com/@intideceukelaire/hundreds-of-internal-servicedesks-exposed-due-to-covid-19-ecd0baec87bd | |
| https://medium.com/@nnez/always-escalate-from-self-xss-to-persistent-xss-on-login-portal-54265b0adfd0 | |
| https://medium.com/@ravillabharath123/account-take-over-without-user-interaction-f4ed2bf977de | |
| https://medium.com/@shahjerry33/privilege-escalation-hello-admin-a53ac14fd388 | |
| https://medium.com/@ashokcpg/the-story-of-my-first-ever-1500-bounty-from-facebook-49eb64d26160 | |
| https://pethuraj.com/blog/google-bug-bounty-writeup/ | |
| https://blog.securitybreached.org/2020/03/31/microsoft-rce-bugbounty/ | |
| https://hackemall.live/index.php/2020/03/31/akamai-web-application-firewall-bypass-journey-exploiting-google-bigquery-sql-injection-vulnerability/ | |
| https://medium.com/@abidafahd/hacking-makes-me-forget-my-pain-b04bf51d0407 | |
| https://blog.mert.ninja/freemarker-ssti-on-lithium-cms/ | |
| https://medium.com/@hariharan21/restriction-is-not-a-promise-privilege-escalation-on-google-2a35104ded5a | |
| https://0x65.dev/blog/2020-03-30/cve-2019-17004-semi-universal-xss-affecting-firefox-for-ios.html | |
| https://medium.com/@ranjitsinghnit/otp-bruteforce-account-takeover-faaac3d712a8 | |
| https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/ | |
| https://payatu.com/blog/nikhil-mittal/executing-scripts-in-safari-reader-mode--to-csp-bypass | |
| https://medium.com/@adnanmalikinfo110/i-want-that-cookie-8d2daab242ac | |
| https://0xsha.io/posts/exploiting-magic-links-critical-bugs-are-one-line-away | |
| https://medium.com/@nnez/1st-bug-bounty-write-up-open-redirect-vulnerability-on-login-page-5e0dd9a6eb69 | |
| https://web.archive.org/web/20200511145923/https://medium.com/@godofdarkness.msf/account-takeover-flow-in-mail-ru-s-ext-a-domain-150-8952e8078211 | |
| https://supras.io/exploitation-of-the-cve-2018-15961-unrestricted-file-upload-in-adobe-coldfusion/ | |
| https://www.inputzero.io/2020/03/idor-in-vlc-ios.html | |
| https://www.synacktiv.com/publications/pentesting-cisco-sd-wan-part-1-attacking-vmanage.html | |
| https://medium.com/bugbountywriteup/xss-waf-character-limitation-bypass-like-a-boss-2c788647c229 | |
| https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/ | |
| https://medium.com/@ch3ckm4te/self-xss-to-account-takeover-72c89775cf8f | |
| https://adnanmalik.info/blog/the-ticklish-xss%EF%BF%BC/ | |
| https://asdqw3.medium.com/remote-image-upload-leads-to-rce-inject-malicious-code-to-php-gd-image-90e1e8b2aada | |
| https://telegra.ph/API-DOCS-takeover-on-Readmeio-03-19 | |
| https://web.archive.org/web/20201004092711/https://sametsahin.net/posts/administrator-level-privilege-escalation-story/ | |
| https://medium.com/bugbountywriteup/reflected-xss-on-microsoft-com-subdomains-4bdfc2c716df | |
| https://medium.com/the-volatile-triad/hacking-always-check-the-cross-domain-policy-369940372de3 | |
| https://honoki.net/2020/03/18/xxe-scape-through-the-front-door-circumventing-the-firewall-with-http-request-smuggling/ | |
| https://medium.com/@aniltom/where-is-my-train-tracking-to-hacking-d388e4b97225 | |
| https://medium.com/@parasarora06/how-i-was-able-to-verify-any-contact-number-for-my-account-57c939dab202 | |
| https://web.archive.org/web/20200317103909/https://medium.com/sourav-sahana/razer-mobile-pin-verification-bypass-1k-bug-2eb1485796b3 | |
| https://medium.com/@ashketchum/how-i-earned-1750-at-shopify-bug-bounty-program-ca7821990d08 | |
| https://medium.com/@manasjha7965/weak-session-validation-bug-let-you-login-even-after-changing-the-session-ids-and-logging-out-from-4bb3ee29a598 | |
| https://medium.com/@ozguralp/using-vulnerability-analytics-feature-like-a-boss-655fc1f1543b | |
| https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/ | |
| https://medium.com/@omaidfaizyar/my-weirdest-bug-bounty-getting-pii-from-o365-b4477f4739e | |
| https://medium.com/bugbountywriteup/blocked-user-can-send-notification-due-to-logical-bug-in-instagram-first-instagram-bug-2bd09aa52f14 | |
| http://carnal0wnage.attackresearch.com/2020/03/what-is-your-gcp-infra-worthabout-700.html | |
| https://web.archive.org/web/20200511115634/https://medium.com/@godofdarkness.msf/users-email-disclosure-via-invalid-password-reset-link-250-c431ed46680e | |
| https://medium.com/@spade.com/api-secret-key-leakage-leads-to-disclosure-of-employees-information-5ca4ce17e1ce | |
| https://philippeharewood.com/generate-valid-signatures-for-fbcdn-urls/ | |
| https://medium.com/@kaustubhk80/how-i-got-access-to-critical-data-of-a-company-in-no-time-6c396aee21c0 | |
| https://medium.com/@navne3t/bug-bounty-email-content-injection-544196d59e91 | |
| https://techkranti.com/how-i-reported-a-dos-vulnerability-to-aws/ | |
| https://ysamm.com/?p=404 | |
| https://ysamm.com/?p=396 | |
| https://ninadmathpati.com/how-i-was-able-to-bypass-the-current-password/ | |
| https://medium.com/@shahjerry33/otp-bypass-developers-check-5786885d55c6 | |
| https://medium.com/@sw33tlie/finding-a-p1-in-one-minute-with-shodan-io-rce-735e08123f52 | |
| https://medium.com/cyberverse/got-easiest-bounty-with-html-injection-via-email-confirmation-b1b10575a105 | |
| https://medium.com/bugbountywriteup/vulnerable-design-leads-to-personal-data-leakage-yet-another-case-of-an-inter-application-8a9d7e2d0f1a | |
| https://medium.com/bugbountywriteup/broke-limited-scope-with-a-chain-of-bugs-ef734ac430f5 | |
| https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/ | |
| https://medium.com/ctf-writeups/breaking-the-competition-bug-bounty-write-up-ca7cb7bc53f5 | |
| https://web.archive.org/web/20200820030054/https://medium.com/@protector47/5-005-worth-vulnerability-duplicated-how-i-loose-5-005-in-a-day-831f5a064713 | |
| https://medium.com/@adonkidz7/google-ads-self-xss-html-injection-5000-52280da76c80 | |
| https://medium.com/@secureITmania/how-i-exploit-the-json-csrf-with-method-override-technique-71c0a9a7f3b0 | |
| https://santuysec.com/2020/03/06/google-bug-bounty-clickjacking-on-google-payment-1337/ | |
| https://medium.com/cyberverse/got-bounty-with-account-takeover-ato-unicode-case-mapping-collision-d23a7785e1be | |
| https://posts.specterops.io/abusing-slack-for-offensive-operations-2343237b9282 | |
| https://eslam.io/posts/uppy-js-ssrf-vulnerability/ | |
| https://web.archive.org/web/20200304074843/https://medium.com/@kenanistaken/sop-bypass-ecae7f4a5c00 | |
| https://medium.com/a-bugz-life/exploiting-an-ssrf-trials-and-tribulations-14c5d8dbd69a | |
| https://medium.com/@ducanhbui/manageengine-servicedesk-plus-arbitrary-file-upload-4bab0bd00425 | |
| https://medium.com/@rajeshranjan457/how-i-csrfd-my-first-bounty-a62b593d3f4d | |
| https://medium.com/@St00rm/sql-injection-via-stopping-the-redirection-to-a-login-page-52b0792d5592 | |
| https://medium.com/@michan001/ssrf-on-pdf-generator-36b81e16d67b | |
| https://medium.com/@DarkMatterMatt/discord-embed-spoofing-c6d07ab1decc | |
| https://www.amolbaikar.com/facebook-oauth-framework-vulnerability/ | |
| https://alexbakker.me/post/mysterious-google-titan-m-bug-cve-2019-9465.html | |
| https://medium.com/@bhaveshthakur2015/account-hijack-using-authorization-bypass-which-made-me-richer-by-ba9dace72682 | |
| https://medium.com/@timpaxerror/page-admin-disclosure-via-an-upgraded-page-post-57863fb02c50 | |
| https://smaranchand.com.np/2020/02/the-tricky-xss/ | |
| https://ysamm.com/?p=379 | |
| https://medium.com/@abhishake100/rce-via-apache-struts2-still-out-there-b15ce205aa21 | |
| https://medium.com/@ozguralp/write-up-aws-document-signing-security-control-bypass-2b13a9c22a4d | |
| https://medium.com/@shahjerry33/long-string-dos-6ba8ceab3aa0 | |
| https://medium.com/@harrmahar/how-i-get-my-first-p1-sensitive-information-disclosure-using-wpscan-c2fba00ac361 | |
| https://medium.com/@Mr.Daman.Singh/how-i-found-3-ssrf-in-one-day-on-different-bug-bounty-targets-62e91b4268f8 | |
| https://web.archive.org/web/20200511064630/https://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9 | |
| https://web.archive.org/web/20200513211717/https://mrss4nd0x.000webhostapp.com/Stored-XSS-on-groups-google-com.php | |
| https://medium.com/@DarkMatterMatt/breaking-a-discord-channel-with-a-single-message-5095eb7604f1 | |
| https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss | |
| https://web.archive.org/web/20200505142429/https://medium.com/@godofdarkness.msf/reflected-xss-in-at-t-7f1bdd10d8f7 | |
| https://medium.com/@bathinivijaysimhareddy/tale-of-account-takeovers-part-1-b24e1f3c3187 | |
| https://medium.com/@evan.connelly/hunting-tesla-model-y-secrets-in-the-parts-catalog-2f453f853dd8 | |
| https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023 | |
| https://blog.securitybreached.org/2020/02/19/hacking-sms-api-service-provider-of-a-company-android-app-static-security-analysis-bug-bounty-poc/ | |
| https://spaceraccoon.dev/a-tale-of-two-formats-exploiting-insecure-xml-and-zip-file-parsers-to-create-a | |
| http://www.firstsight.me/2020/02/from-recon-to-optimizing-rce-results-simple-story-with-one-of-the-biggest-ict-company-in-the-world/ | |
| https://medium.com/@adonkidz7/my-first-bounty-from-google-d9f1f3f5787a | |
| https://www.acunetix.com/blog/web-security-zone/xss-google-acunetix/ | |
| https://s1gnalcha0s.github.io/logic/2020/02/17/Google-Fiber.html | |
| https://medium.com/@osamaavvan/exploiting-websocket-application-wide-xss-csrf-66e9e2ac8dfa | |
| https://medium.com/@shayboy123/how-i-gain-unrestricted-file-upload-remote-code-execution-bug-bounty-381d0aab0dad | |
| https://medium.com/@mohdaltaf163/uploading-backdoor-for-fun-and-profit-rce-db-cred-p1-2cdaa00e2125 | |
| https://www.redtimmy.com/web-application-hacking/how-to-hack-a-company-by-circumventing-its-waf-through-the-abuse-of-a-different-security-appliance-and-win-bug-bounties/ | |
| https://medium.com/@dwi.siswanto98/open-redirect-on-facebook-bypass-linkshim-4050f680d45c | |
| https://hailstorm1422.com/linkedin-blind-idor/ | |
| https://weizman.github.io/2020/02/14/whatsapp-vuln/ | |
| https://medium.com/@swapmaurya20/a-simple-idor-to-account-takeover-88b8a1d2ec24 | |
| https://medium.com/@ozguralp/weird-vulnerabilities-happening-on-load-balancers-shallow-copies-and-caches-9194d4f72322 | |
| https://techkranti.com/ssrf-aws-metadata-leakage | |
| https://medium.com/@mdisrail2468/a-step-by-step-walk-through-of-an-invalid-endpoint-acfbdc84b209 | |
| https://web.archive.org/web/20200305081812/https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/ | |
| https://www.amolbaikar.com/determine-users-with-detailed-role-model-on-behalf-of-any-facebook-application/ | |
| https://web.archive.org/web/20200223073527/https://victoni.github.io/changing-userID-leads-to-data-leak/ | |
| https://0x00sec.org/t/idor-leads-to-data-leakage-and-profile-update/19025 | |
| https://medium.com/@hetroublemakr/how-inspect-element-got-me-a-bounty-58d3a9946225 | |
| https://blog.evanricafort.com/2020/02/popping-alerts-in-mixmax-chrome.html | |
| https://ozguralp.medium.com/simple-remote-code-execution-vulnerability-examples-for-beginners-985867878311 | |
| https://web.archive.org/web/20200225040957/https://medium.com/@godofdarkness.msf/google-apis-clickjacking-1337-7a3a9f3eb8df | |
| https://fellchase.blogspot.com/2020/02/site-wide-csrf-on-popular-program.html | |
| https://www.contrastsecurity.com/security-influencers/i-made-600-with-contrast-ce-cve-2019-8442 | |
| https://flex0geek.blogspot.com/2020/02/using-csrf-i-got-weird-account-takeover.html | |
| https://medium.com/@keshavaarav22/an-unexpected-bounty-email-bounce-issues-b9f24a35eb68 | |
| https://medium.com/@sushiwushi2/hijacking-shared-report-links-in-google-data-studio-75eab320c391 | |
| https://medium.com/@ddigvijay29/how-i-dumped-millions-of-crypto-currencies-accounts-28d388053713 | |
| https://web.archive.org/web/20200515015005/https://m0chan.github.io/2020/02/04/Arbitary-File-Upload-Too-Stored-XSS.html | |
| https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/ | |
| https://jatindhankhar.in/blog/responsible-disclosure-breaking-out-of-a-sandboxed-editor-to-perform-rce/ | |
| https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/ | |
| https://medium.com/@zseano/easily-leaking-passenger-information-on-an-airline-18f99b22cf95 | |
| https://blog.bugbountyhunter.com/leaking-airline-passenger-info/ | |
| https://medium.com/@navne3t/csrf-csrf-csrf-f203e6452a9c | |
| https://web.archive.org/web/20200328011551/https://medium.com/@godofdarkness.msf/tumblr-bug-bounty-200-2051ba54e981 | |
| https://www.amolbaikar.com/disclose-full-admin-list-of-any-facebook-applications/ | |
| https://techblog.mediaservice.net/2020/01/ok-google-bypass-the-authentication/ | |
| https://web.archive.org/web/20200506144651/https://medium.com/@jeppe.b.weikop/2fa-bypass-via-logical-rate-limiting-bypass-25ae2a4e1835 | |
| https://medium.com/@bathinivijaysimhareddy/how-i-takeover-the-companys-linkedin-page-790c9ed2b04d | |
| https://medium.com/@mehedi1194/how-i-get-my-first-swag-from-sidn-sensitive-data-expose-fc8e202fef85 | |
| https://medium.com/@abhishake100/hyperlink-injection-easy-money-sometimes-cc1104655300 | |
| https://publish.whoisbinit.me/adding-anyone-including-non-friend-and-blocked-people-as-co-host-in-personal-event | |
| https://medium.com/@naveenroy008/tale-of-a-misconfiguration-in-password-reset-e8fb484a4661 | |
| https://web.archive.org/web/20200825001615/https://hazana.xyz/posts/escalating-reflected-xss-with-http-smuggling/ | |
| https://hazanasec.github.io/2021-02-11-Escalating-reflected-XSS-with-HTTP-Smuggling/ | |
| https://www.amolbaikar.com/xss-on-facebook-instagram-cdn-server-bypassing-signature-protection/ | |
| https://www.amolbaikar.com/disclose-facebook-business-account-id/ | |
| https://www.amolbaikar.com/xss-on-facebooks-acquisition-oculus-cdn-server/ | |
| https://blog.securitybreached.org/2020/01/26/improper-input-validation-add-custom-text-and-urls-in-sms-send-by-snapchat-bug-bounty-poc/ | |
| https://medium.com/bugbountywriteup/accidental-idor-that-deleted-admin-account-d51264292b66 | |
| https://medium.com/bugbountywriteup/the-unexpected-bounty-a-story-of-zendesk-takeover-on-redacted-com-f2aa96ce2026 | |
| https://ysamm.com/?p=363 | |
| https://medium.com/nassec-cybersecurity-writeups/how-i-was-able-to-take-over-any-users-account-with-host-header-injection-546fff6d0f2 | |
| https://medium.com/@sasaxxx777/cors-misconfiguration-leading-to-private-information-disclosure-3034cfcb4b93 | |
| https://medium.com/@ozguralp/a-less-known-attack-vector-second-order-idor-attacks-14468009781a | |
| https://medium.com/@shahjerry33/password-reset-token-leak-via-referrer-2e622500c2c1 | |
| https://medium.com/@ritishkumarsingh/facebook-vulnerability-hidden-community-manager-in-pages-due-to-invitation-accept-logic-61ddbe229c97 | |
| https://blog.securitybreached.org/2020/01/22/user-account-takeover-via-signup-feature-bug-bounty-poc/ | |
| https://santuysec.com/2020/01/21/google-bug-bounty-csrf-in-learndigital-withgoogle-com/ | |
| https://web.archive.org/web/20200819163234/https://medium.com/@adeshkolte/cross-site-request-forgery-vulnerability-leads-to-user-profile-change-in-microsoft-express-logic-dc3481ab47ba | |
| https://medium.com/bugbountywriteup/how-i-bought-my-way-to-subdomain-takeover-on-tokopedia-8c6697c85b4d | |
| https://medium.com/@milanmagyar/ggvulnz-how-i-hacked-hundreds-of-companies-through-google-groups-b69c658c8924 | |
| https://noobe.io/articles/2020-01/how-i-found-bug-google-search-console | |
| https://medium.com/@raushanraj_65039/adding-a-malicious-notebook-to-be-treated-like-a-trusted-notebook-in-google-colab-1337-b84353a9f77 | |
| https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd | |
| https://xvnpw.github.io/posts/from-dot-in-regex-to-ssrf-part-2/ | |
| https://medium.com/bugbountywriteup/how-i-discovered-an-interesting-account-takeover-flaw-18a7fb1e5359 | |
| https://palant.info/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit | |
| https://faun.pub/in-cloud-we-trust-wrong-kubernetes-implementation-by-google-cloud-platform-microsoft-azure-a60f50ba943f | |
| https://medium.com/@shahjerry33/no-rate-limit-2k-bounty-642720ffba99 | |
| https://medium.com/sourav-sahana/how-i-earn-500-from-razer-open-s3-bucket-fe314e4bbab8 | |
| https://medium.com/@abhishake100/my-first-rce-stressed-employee-gets-me-2x-bounty-c4879c277e37 | |
| https://medium.com/@know.0nix/hunting-good-bugs-with-only-html-d8fd40d17b38 | |
| https://medium.com/@renwa/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b | |
| https://blog.redteam.pl/2020/04/google-chrome-display-locking-fuzzing.html | |
| https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9 | |
| https://medium.com/@jonathan.leitschuh/update-want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-d069d253fe23 | |
| https://medium.com/@pratiky054/html-injection-unique-exploitation-a5c3d4e6fed8 | |
| https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/ | |
| https://medium.com/nassec-cybersecurity-writeups/an-interesting-story-of-privilege-escalation-1da021e7fd0 | |
| https://medium.com/@gguzelkokar.mdbf15/xss-on-sony-subdomain-feddaea8f5ac | |
| https://xvnpw.github.io/posts/from-dot-in-regex-to-ssrf-part-1/ | |
| https://hipotermia.pw/bb/http-desync-account-takeover | |
| https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/ | |
| https://markus-krell.de/admin-capabilities-around-your-ears/ | |
| https://medium.com/sourav-sahana/bypass-2fa-in-a-website-d616eaead1e3 | |
| https://medium.com/sourav-sahana/bypass-mobile-pin-verification-d2c571afa3aa | |
| https://footstep.ninja/posts/idor-via-http/ | |
| https://footstep.ninja/posts/html-injection-in-email/ | |
| https://medium.com/sourav-sahana/from-post-to-get-open-redirect-e91f4f4206a | |
| https://medium.com/@sudhanshur705/bug-hunting-journey-of-2019-95e5190aca7c | |
| https://footstep.ninja/posts/exploiting-self-xss/ | |
| https://medium.com/monetary/how-did-i-earn-3133-70-from-google-translator-9becf942dbdc | |
| https://medium.com/bug-bounty-hunting/facebook-bug-bounty-story-x000-for-an-information-disclosure-bug-f0c0d19d7815 | |
| https://medium.com/@jbgrunewald/how-i-made-7500-from-my-first-bug-bounty-found-on-google-cloud-platform-1a5415d7569b | |
| https://sasi2103.blogspot.com/2019/12/drop-mic-no-drop-connection.html | |
| https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a | |
| https://medium.com/nassec-cybersecurity-writeups/bypassing-brand-collabs-manager-eligibility-7d26523da816 | |
| https://smaranchand.com.np/2019/12/subdomain-takeover-via-pantheon/ | |
| https://nirmaldahal.com.np/posts/2019/12/xss-is-love/ | |
| https://jinone.github.io/bugbounty-a-dom-xss/ | |
| https://leucosite.com/Edge-Chromium-EoP-RCE/ | |
| https://enumerated.wordpress.com/2019/12/24/sop-bypass-via-browser-cache | |
| https://web.archive.org/web/20210116171139/https://strynx.org/imagemagick-rce/ | |
| https://web.archive.org/web/20210116173906/https://strynx.org/insecure-crypto-code-execution/ | |
| https://www.indoappsec.in/2019/12/airbnb-steal-earning-of-airbnb-hosts-by.html | |
| https://jinone.github.io/bugbounty-a-dom-xss/ | |
| https://medium.com/bugbountywriteup/graphql-idor-leads-to-information-disclosure-175eb560170d | |
| https://web.archive.org/web/20200320111950/https://medium.com/@sainttobs/csrf-token-bypasss-a-tale-of-my-2k-bug-ff7f51166ea1 | |
| https://www.hackerfactor.com/blog/index.php?/archives/862-reCAPTCHA-Exploits.html | |
| https://medium.com/bugbountywriteup/from-broken-link-to-sub-folder-takeover-on-bukalapak-3aa985e622c4 | |
| https://medium.com/@vbharad/2-fa-bypass-via-csrf-attack-8f2f6a6e3871 | |
| https://medium.com/@vbharad/full-account-takeover-android-application-78fa922f78c5 | |
| https://medium.com/@abhishake100/bypassing-captcha-17c59d37f459 | |
| https://eaton-works.com/2019/12/19/an-experience-with-daimlers-vulnerability-reporting-program/ | |
| https://medium.com/@vbharad/account-takeover-through-password-reset-poisoning-72989a8bb8ea | |
| https://medium.com/@nanda_kumar/bugbounty-how-snapdeal-indias-popular-e-commerce-website-kept-their-user-data-at-risk-3d02b4092d9c | |
| https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/ | |
| https://weizman.github.io/2019/12/18/js-anti-debug-1/ | |
| https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74 | |
| https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/ | |
| https://medium.com/@pratyush1337/inf0rm-tion-disclosure-via-idor-cff5541a9232 | |
| https://medium.com/@irounakdhadiwal999/stored-iframe-injection-csrf-account-takeover-42c93ad13f5d | |
| https://m0chan.github.io/2019/12/16/Subdomain-Takeover-Azure-CDN.html | |
| https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/ | |
| https://fellchase.blogspot.com/2019/12/authorization-bug-that-every-bug-hunter-missed-on-a-popular-program.html | |
| https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437 | |
| https://medium.com/nassec-cybersecurity-writeups/this-is-how-i-got-xxxx-from-facebook-for-instagram-bug-aaff50342246 | |
| https://medium.com/@santoshbrl5/facebook-new-account-verification-bypass-c589017f2faf | |
| https://web.archive.org/web/20200530191901/https://vict0ni.me/multiple-header-injections-bug-hunting/ | |
| https://www.ezequiel.tech/p/500-getclass.html | |
| https://medium.com/@navne3t/a-25-easy-bug-bdfcde4d1370 | |
| https://medium.com/@pflash0x0punk/ssrf-via-ffmpeg-hls-processing-a04e0288a8c5 | |
| https://medium.com/@dirtycoder0124/blind-xss-a-mind-game-to-win-the-battle-4fc67c524678? | |
| https://kishanbagaria.com/airdos/ | |
| https://payatu.com/blog/nikhil-mittal/firefox-ios-qr-code-reader-xss-(cve-2019-17003) | |
| https://medium.com/@ultranoob/weird-and-simple-2fa-bypass-without-any-test-b869e09ac261 | |
| https://blog.darabi.me/2019/12/instagram-delete-media-csrf.html | |
| https://github.com/Metnew/telegram-links-nsworkspace-open | |
| https://blog.noob.ninja/spilling-local-files-via-xxe-when/ | |
| https://medium.com/swlh/reusing-cookies-23ed4691122b | |
| https://blog.evanricafort.com/2019/12/html-injection-to-xss-bypass-in.html | |
| https://medium.com/@navne3t/150-xss-at-error-page-of-respository-code-4fc628892742 | |
| https://blog.redteam.pl/2019/12/chrome-portal-element-fuzzing.html | |
| https://hipotermia.pw/bb/http-desync-idor | |
| https://www.hackerinside.me/2019/12/xss-like-pro.html | |
| https://medium.com/bugbountywriteup/dank-writeup-on-broken-access-control-on-an-indian-startup-d29132a1ecd | |
| https://rez0.blog/hacking/2019/11/29/rce-via-imagetragick.html | |
| https://medium.com/@abhishake100/how-i-turned-self-xss-to-stored-via-csrf-d12eaaf59f2e | |
| https://web.archive.org/web/20211106053748/https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/ | |
| https://medium.com/@elmrhassel/xss-stored-on-outlook-web-outlook-android-app-ad4bd46b8823 | |
| https://ysamm.com/?p=343 | |
| https://lf.lc/vrp/145304705/ | |
| https://medium.com/@johnssimon_6607/getting-access-to-disabled-hidden-features-with-the-help-of-burp-match-and-replace-e1d7b70d131e | |
| https://pastebin.com/E6LMFm2w | |
| https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295 | |
| https://medium.com/@mashoud1122/cors-misconfiguration-account-takeover-out-of-scope-to-grab-items-in-scope-66d9d18c7a46 | |
| https://web.archive.org/web/20200511012319/https://medium.com/@xhzeem/the-accounttakeover-killing-chain-6ba23f4c9d4 | |
| https://blog.teddykatz.com/2019/11/23/json-padding-oracles.html | |
| https://footstep.ninja/posts/idor-via-websockets/ | |
| https://medium.com/bugbountywriteup/stories-of-idor-part-2-29d313a39e55 | |
| https://medium.com/@lokeshdlk77/disable-any-unconfirmed-account-in-facebook-123aeba19426 | |
| https://www.pankajinfosec.com/post/700-denial-of-service-dos-vulnerability-in-script-loader-php-cve-2018-6389 | |
| https://baibhavjha.com.np/blogs/instagramstory2/ | |
| https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style | |
| https://medium.com/@mohameddaher/how-i-paid-2-for-1054-xss-bug-20-chars-blind-xss-payloads-12d32760897b | |
| https://web.archive.org/web/20200929013918/https://www.mohamedharon.com/2019/11/subdomain-takeover-via.html | |
| https://medium.com/@rajasudhakar/how-i-could-delete-facebook-ask-for-recommendations-posts-place-objects-in-comments-b7c9bcdf1c92 | |
| https://medium.com/@0xBarakat/broken-session-permanent-access-to-facebook-users-cfed68684113 | |
| https://philippeharewood.com/disclose-the-owner-of-a-recruiting-manager-in-jobs-beta/ | |
| https://medium.com/bugbountywriteup/million-users-pii-leak-attack-288c5e37b283 | |
| https://research.securitum.com/xss-in-amp4email-dom-clobbering/ | |
| https://medium.com/@abidafahd/how-i-was-able-to-hunt-a-rare-bug-in-a-private-program-caec0ebaef7f | |
| https://medium.com/@abhishake100/my-first-bug-500-9222998e6249 | |
| https://medium.com/bugbountywriteup/bypassing-the-fix-of-my-previous-instagram-bug-49ece4ea7e1d | |
| https://medium.com/@Rising_Hunter/privilege-escalation-with-simple-recon-da4e50fea9e5 | |
| https://medium.com/@himanshu_pdy/ldap-admin-account-bypassed-2cc8b264d66e | |
| https://philippeharewood.com/view-the-ranked-messenger-users-for-any-page/ | |
| https://fadhilthomas.github.io/post/bug-bounty-tokopedia-01-en/ | |
| https://web.archive.org/web/20220826045457/https://blog.bi.tk/chrome-cors/ | |
| https://medium.com/@masonhck357/chains-on-chains-chaining-several-idors-into-account-takeover-part-one-373627f2910f | |
| https://blog.sagarvd.me/2019/11/taking-over-facebook-page-tabs.html | |
| https://web.archive.org/web/20200908050502/https://kntx.xyz/Blind-SSRF-due-to-Sentry-Misconfiguration/ | |
| https://medium.com/@trapp3rhat/command-injection-through-blh-3c32614bb395 | |
| https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.html | |
| https://blog.teddykatz.com/2019/11/12/github-actions-dos.html | |
| https://medium.com/@th3hidd3nmist/bug-bounty-broken-api-authorization-d30c940ccb42 | |
| https://medium.com/@androgaming1912/got-vps-hosting-domain-only-0-01-bug-bounty-edeea1a7d5e6 | |
| https://fletchto99.dev/2019/november/slack-vulnerability/ | |
| https://geleta.eu/2019/my-first-ssrf-using-dns-rebinfing/ | |
| https://hacknpentest.com/dom-based-xss-bug-bounty-writeup/ | |
| https://medium.com/clouddevops/bugbounty-how-i-cracked-2fa-two-factor-authentication-with-simple-factor-brute-force-a1c0f3a2f1b4 | |
| https://medium.com/@heinthantzin/a-simple-post-auth-bypass-leads-to-unauthorized-web-server-access-483c053c110e | |
| https://web.archive.org/web/20200604001225/https://hackking.net/threads/how-i-hacked-dutch-government-in-5-minutes-twitter-account-takeover.20/ | |
| https://jinone.github.io/bugbounty-a-simple-ssrf/ | |
| https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html | |
| https://jinone.github.io/bugbounty-a-simple-ssrf/ | |
| https://medium.com/@04sabsas/xss-will-never-die-eb3584081a5f | |
| https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/ | |
| https://medium.com/@z0id/finding-open-redirects-like-a-pro-3b87fa474cfd | |
| https://medium.com/@naufalseptiadi/live-video-facebook-application-android-its-not-expired-when-log-out-the-device-on-4d4e0b67b362 | |
| https://medium.com/@R0X4R/graphql-introspection-leads-to-sensitive-data-disclosure-714f1d9d9d4a | |
| https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 | |
| https://medium.com/@Hossam.Mesbah/cross-site-request-forgery-critical-exploitable-in-infected-site-a271aedeed2f | |
| https://noobe.io/articles/2019-10/xss-to-account-takeover | |
| https://flex0geek.blogspot.com/2019/10/leak-can-i-take-user-information-please.html | |
| https://medium.com/vault-infosec/how-i-hacked-50-companies-in-6-hrs-7ec0368a9196 | |
| http://www.hydrogen18.com/blog/reddit-android-app-leaks-images.html | |
| http://firstsight.me/2019/10/illegal-rendered-at-download-feature-in-several-apps-including-opera-mini-that-lead-to-extension-manipulation-with-rtlo/ | |
| https://medium.com/@D0rkerDevil/how-i-tookover-a-ldap-server-703209161001 | |
| https://medium.com/@evilboyajay/session-expiration-bypass-in-facebook-creator-app-b4f65cc64ce4 | |
| https://portswigger.net/research/responsible-denial-of-service-with-web-cache-poisoning | |
| https://medium.com/@saurabh5392/how-i-earned-by-finding-confidential-customer-data-including-plain-text-passwords-f93c4ce2631 | |
| https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/ | |
| https://cpdos.org | |
| https://medium.com/@edmundaa222/poc-disclose-members-in-any-closed-facebook-group-259783fa4bf | |
| https://medium.com/@danangtriatmaja/bug-bounty-flaw-in-authentication-get-hall-of-fame-google-6196726ee5b9 | |
| https://medium.com/@pflash0x0punk/how-paypal-helped-me-to-generate-xss-9408c0931add | |
| https://gauravnarwani.com/escalating-privileges-like-a-pro/ | |
| https://0xsha.io/posts/hunting-for-bounties-antihackme-case-study | |
| https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/ | |
| https://philippeharewood.com/1-800-flowers-credentials-and-message-log-leak-via-facebook-com-facebook/ | |
| https://medium.com/bugbountywriteup/how-i-was-able-to-bypass-otp-token-requirement-in-razer-the-story-of-a-critical-bug-fc63a94ad572 | |
| https://medium.com/@smilehackerofficial/how-i-found-rce-but-got-duplicated-ea7b8b010990 | |
| https://medium.com/@manralhemant10/how-i-bypassed-2-factor-authentication-899750421331 | |
| https://smaranchand.com.np/2019/10/an-inconsistent-csrf/ | |
| https://medium.com/@frycos/finding-sql-injections-fast-with-white-box-analysis-a-recent-bug-example-ca449bce6c76 | |
| https://medium.com/@rohitcoder/whitehat-test-accounts-can-act-as-hidden-admin-with-business-manager-ad-accounts-ce75ead5ffff | |
| https://medium.com/@Master_SEC/bypass-uppercase-filters-like-a-pro-xss-advanced-methods-daf7a82673ce | |
| https://medium.com/@r99tiq/how-i-hacked-basf-company-3b75ef39c74f | |
| https://medium.com/@souravnewatia/exif-geolocation-data-not-stripped-from-uploaded-images-794d20d2fa7d | |
| https://spidersec.ninja/Youtube-X-frame-options-Bypass-Vulnerability | |
| https://blog.usejournal.com/how-recon-helped-samsung-protect-their-production-repositories-of-samsungtv-ecommerce-estores-4c51d6ec4fdd | |
| https://rahulr.in/idor-to-rce/ | |
| https://web.archive.org/web/20201128230506/https://medium.com/@adeshkolte/how-i-made-1000-at-t-bug-bounty-h1-14e68b284e2f | |
| https://medium.com/@hackerb0y/rest-framework-admin-panel-bypass-and-how-i-recon-for-this-vulnerability-a0ee41b01102 | |
| https://medium.com/@pranaybafna/graphql-introspection-leads-to-sensitive-data-disclosure-65b385452d7f | |
| https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ | |
| https://medium.com/@byq/how-to-get-rce-on-aem-instance-without-java-knowledge-a995ceab0a83 | |
| https://medium.com/@mehulcodes/stealing-login-credentials-with-reflected-xss-7cb450bf5710 | |
| https://web.archive.org/web/20200807155301/https://gh0st.cn/archives/2019-10-01/1 | |
| https://web.archive.org/web/20191211081434/https://victoni.github.io/bug-hunting-xss-on-cookie-popup-warning/ | |
| https://0x00sec.org/t/xss-on-cookie-pop-up/19580 | |
| https://b3nac.com/posts/2019-09-02-Spear-Texting-Via-Parameter-Injection.html | |
| https://medium.com/@hackrider/stories-of-idor-4966369e6d82 | |
| https://web.archive.org/web/20191217020747/https://medium.com/@tech96bot/oneplus-open-unvalidated-redirects-forwards-234185215f33 | |
| https://samcurry.net/analysis-of-cve-2019-14994/ | |
| https://medium.com/bugbountywriteup/information-disclosure-at-paypal-and-xoom-paypal-acquisition-via-simple-google-dork-1-000-usd-b726fe628a05 | |
| https://web.archive.org/web/20191218184636/https://medium.com/@tech96bot/oneplus-xss-vulnerability-in-customer-support-portal-d5887a7367f4 | |
| http://verneet.com/fuzzing-77-till-p1/ | |
| https://tutorgeeks.blogspot.com/2019/09/broken-link-hijacking-s3-buckets.html | |
| https://noobe.io/articles/2019-09/exploiting-cookie-based-xss-by-finding-rce | |
| https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b | |
| https://medium.com/bugbountywriteup/facebook-workplace-privilege-escalation-vulnerability-to-change-the-post-privacy-as-public-634f1c995780 | |
| https://web.archive.org/web/20191214144210/https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062 | |
| https://medium.com/oad-earth/bug-or-feature-github-adventure-001-eae9bea48ae8 | |
| https://medium.com/@hariharan21/stored-xss-on-zendesk-via-macros-part-2-676cefee4616 | |
| https://web.archive.org/web/20201102112116/https://www.mohamedharon.com/2019/09/how-i-able-to-takeover-10-subdomains-in.html | |
| https://philippeharewood.com/business-id-leak-via-creative-hub-redirect/ | |
| https://gauravnarwani.com/admin-hijacked-by-sea-surf-pirates/ | |
| https://www.openbugbounty.org/blog/leonmugen/ssrf-reading-local-files-from-downnotifier-server/ | |
| https://medium.com/@akshukatkar/rce-with-flask-jinja-template-injection-ea5d0201b870 | |
| https://medium.com/@tungpun/client-not-client-aa448cfdedd2 | |
| https://medium.com/@jayateerthag/google-referer-leak-bug-434f6293ce66 | |
| https://web.archive.org/web/20200820030055/https://pwnsec.ninja/2019/09/14/how-i-found-a-simple-and-weird-account-takeover-bug/ | |
| https://kishanchoudhary.com/OTP/otp_manipulation.html | |
| https://medium.com/bugbountywriteup/race-condition-that-could-result-to-rce-a-story-with-an-app-that-temporary-stored-an-uploaded-9a4065368ba3 | |
| https://hackernoon.com/how-i-could-have-hacked-all-uber-accounts-rtzl3z72 | |
| https://www.valbrux.it/blog/2019/09/13/how-two-dead-users-allowed-remote-crash-of-any-instagram-android-user/ | |
| https://medium.com/@cc1h2e1/unauthorized-access-to-all-user-information-leaks-5db95746aecf | |
| https://memn0ps.github.io/http-request-smuggling-cl-te/ | |
| https://anotherhackerblog.com/exploiting-file-uploads-pt-2/ | |
| https://philippeharewood.com/facebook-employee-internal-tool-and-conversations-and-leaked-in-facebook-video/ | |
| https://medium.com/@heinthantzin/how-does-my-recon-win-250-in-15-minutes-a1992508b911 | |
| https://philippeharewood.com/add-users-to-roles-on-facebook-pages-without-an-invitation-consent/ | |
| https://medium.com/@bilalmerokhel/pwn-them-all-bugbounty-4ee60e13c83 | |
| https://philippeharewood.com/subscribe-to-the-list-of-requesters-to-join-a-facebook-live-video-using-mqtt/ | |
| https://www.rcesecurity.com/2019/09/H1-4420-From-Quiz-to-Admin-Chaining-Two-0-Days-to-Compromise-an-Uber-Wordpress/ | |
| https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html | |
| https://web.archive.org/web/20191109194557/https://daleys.space/writeup/0day/2019/09/09/verizon-leak.html | |
| https://medium.com/@karthiksoft007/oculus-identity-verification-bypass-through-brute-force-dbd0c0d3c37e | |
| https://www.hackerinside.me/2019/09/xss-in-zoho-mail.html | |
| https://medium.com/@osamaavvan/exploiting-jsonp-and-bypassing-referer-check-2d6e40dfa24 | |
| https://medium.com/@cc1h2e1/write-up-of-two-http-requests-smuggling-ff211656fe7d | |
| https://medium.com/@hisokamorou12/finding-gem-in-someones-report-instant-500usd-at-hackerone-platform-9a1afa0df813 | |
| https://hateshape.github.io/general/2019/09/06/SuperGlamorousReconwithIntendedFunctionalities.html | |
| https://web.archive.org/web/20201222140349/https://www.mohamedharon.com/2019/09/dom-based-xss-in-private-program.html | |
| https://medium.com/@0xankush/readme-com-account-takeover-bugbounty-fulldisclosure-a36ddbe915be | |
| https://corben.io/blog/19-9-04-jenkins-to-full-pwnage | |
| https://medium.com/@tarekmohamed_20773/add-new-user-with-admin-permission-and-takeover-the-organization-6318ee10154a | |
| https://web.archive.org/web/20201120053519/https://incogbyte.github.io/pathtraversal/ | |
| https://ysamm.com/?p=280 | |
| https://www.loosebyte.com/google-cloud-vulnerability/ | |
| https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417 | |
| https://cyberzombie.in/my-first-lfi/ | |
| https://medium.com/@bathinivijaysimhareddy/shodan-is-your-friend-if-you-lose-him-you-will-lose-many-657d07472f75 | |
| https://blog.0x48piraj.com/address-bar-spoofing-in-firefox-lite-for-android-and-the-idiocy-that-followed/ | |
| https://medium.com/@Skylinearafat/how-to-look-for-js-files-vulnerability-for-fun-and-profit-78bfdfbd6731 | |
| https://omespino.com/write-up-private-bug-bounty-usd-rce-as-root-on-marathon-instance/ | |
| https://medium.com/@ratnadip1998/how-i-was-able-to-exploit-the-same-endpoint-2-times-multiple-xss-open-redirection-on-10-5d12886f823d | |
| https://thezerohack.com/hack-instagram-again | |
| https://robinverton.de/blog/2019/08/25/bug-bounty-bypassing-a-crappy-waf-to-exploit-a-blind-sql-injection/ | |
| https://philippeharewood.com/create-living-room-polls-as-a-facebook-page-analyst/ | |
| https://addictivehackers.blogspot.com/2019/08/from-github-recon-to-account-takeover.html | |
| https://gauravnarwani.com/cookie-worth-a-fortune/ | |
| https://blog.doyensec.com/2019/08/22/modern-password-managers-flag-secure.html | |
| https://www.updatelap.com/2019/08/Rights-Manager-Graph-API-Disclosure-of-business-employee-to-non-business-employee.html | |
| https://bugbountypoc.com/instagram-account-is-reactivated-without-entering-2fa/ | |
| https://medium.com/@baibhavanandjha/sending-message-as-page-being-an-analyst-advertiser-eb0317376f43 | |
| https://medium.com/@aayushpokhrel/how-i-made-my-first-from-finding-a-bug-in-facebook-da3b11e550f0 | |
| https://medium.com/@iframe_h1/how-i-upgraded-my-privileges-to-the-administrator-of-odnoklassnikis-url-shortener-2c58f996d02c | |
| https://palant.info/2019/08/19/kaspersky-in-the-middle--what-could-possibly-go-wrong/ | |
| https://medium.com/@ar_arvind/facebook-bug-bounty-reading-whatsapp-contacts-list-without-unlocking-the-device-a40e9c660a42 | |
| https://aaronesau.com/blog/posts/5 | |
| https://philippeharewood.com/removing-profile-pictures-for-any-facebook-user/ | |
| https://philippeharewood.com/add-users-to-roles-on-facebook-pages-without-an-invitation-consent-revisited/ | |
| https://ninadmathpati.com/how-i-was-able-to-earn-1000-with-just-10-minutes-of-bug-bounty/ | |
| https://medium.com/@rohitcoder/bypassing-fix-of-domain-blocking-feature-in-business-manager-41949a18460c | |
| https://medium.com/@renwa/facebook-messenger-disclosing-deleted-messages-that-has-been-deleted-by-remove-for-everyone-1fb5a52cc7df | |
| https://medium.com/@madguyyy/bookmyshow-account-takeover-using-social-login-84178f116e42 | |
| https://web.archive.org/web/20200722032242/https://kntx.xyz/Bypassing-Nickname-Feature/ | |
| https://medium.com/@04sabsas/bugbounty-writeup-take-attention-and-get-stored-xss-495dd6eab07e | |
| https://gauravnarwani.com/how-i-xssed-admin-account/ | |
| https://blog.evanricafort.com/2019/08/ssrf-vulnerability-in.html | |
| https://github.com/sneakerhax/Posts/blob/2454456529ddeedb17237b4e9678f7d58d0ffdca/posts/Amazon_1_click_device_XSS.md | |
| https://websecblog.com/vulns/clickjacking-xss-on-google-org/ | |
| https://blog.evanricafort.com/2019/08/application-level-denial-of-service-dos.html | |
| https://medium.com/@valeriyshevchenko/two-easy-rce-in-atlassian-products-e8480eacdc7f | |
| https://blog.evanricafort.com/2019/08/read-other-user-support-tickets-in.html | |
| https://medium.com/@ronak_9889/privilege-escalation-using-api-endpoint-fce841caaff3 | |
| https://medium.com/@reiss.r/writing-my-medium-blog-to-complete-account-takeover-e65d455c16b | |
| https://initblog.com/2019/switcheroo/ | |
| https://medium.com/@protostar0/break-and-bypass-verification-email-ac3359041272 | |
| https://medium.com/@protostar0/crlf-injection-allow-cookie-injection-in-root-domain-xss-812cd807ba5b | |
| https://medium.com/@protostar0/self-xss-to-stored-xss-think-out-the-box-44b094f113f9 | |
| http://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html | |
| https://medium.com/@04sabsas/bugbounty-writeup-creative-thinking-is-our-everything-race-condition-business-logic-error-2f3e82b9aa17 | |
| https://learn.hackersid.com/2019/08/stored-xss-on-laporbugid.html | |
| https://www.shawarkhan.com/2019/08/leveraging-angularjs-based-xss-to-privilege-escalation.html | |
| https://blog.usejournal.com/how-i-found-xss-by-searching-in-shodan-6943b799e648 | |
| https://smaranchand.com.np/2019/08/no-rate-limiting-eligible-for-bounty | |
| https://medium.com/@aniltom/https-medium-com-aniltom-from-sub-domain-takeover-to-open-redirect-b5be4906e1a4 | |
| https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7 | |
| https://ysamm.com/?p=291 | |
| https://ysamm.com/?p=321 | |
| https://ysamm.com/?p=314 | |
| https://ysamm.com/?p=281 | |
| https://medium.com/@saadahmedx/bypassing-cors-13e46987a45b | |
| https://web.archive.org/web/20191219015349/https://rhys.io/post/rce-in-ruby-using-mustache-templates | |
| https://medium.com/@dekeeu/reposted-2017-linkedin-hackers-experience-8465c1848c88 | |
| https://medium.com/@dekeeu/reposted-2019-hacking-youtube-for-fun-and-profit-8685dd475e30 | |
| https://web.archive.org/web/20210124152317/https://whitehathaji.blogspot.com/2019/07/paypal-bug-10k-all-secondary-users.html | |
| https://web.archive.org/web/20200928234656/https://www.mohamedharon.com/2019/07/sql-injection-in-private-sitecomloginphp.html | |
| https://medium.com/@mdhridoy_4607/1st-bounty-story-rewarded-300-idor-bc4e1708e8e0 | |
| https://footstep.ninja/posts/idor-via-email/ | |
| https://web.archive.org/web/20200928235705/https://www.mohamedharon.com/2019/07/github-takeover.html | |
| https://medium.com/@nahoragg/chaining-cache-poisoning-to-stored-xss-b910076bda4f | |
| https://medium.com/@ronak_9889/solr-injection-by-abusing-local-parameters-on-zomato-com-a5cb7bef10d5 | |
| https://medium.com/@androgaming1912/story-about-facebook-oauth-account-takeover-6537ff32281b | |
| https://web.archive.org/web/20200826192345/https://pwnsec.ninja/2019/07/26/facebook-bugbounty-tale-of-an-instagram-bug-disclosing-users-phone-number-via-checkpoint/ | |
| https://web.archive.org/web/20201008153910/https://medium.com/@adeshkolte/full-account-takeover-changing-email-and-password-of-any-user-through-api-parameters-3d527ab27240 | |
| https://apapedulimu.click/price-parameter-tampering-on-bukalapak/ | |
| https://medium.com/@innocenthacker/how-i-found-the-most-critical-bug-in-live-bug-bounty-event-7a88b3aa97b3 | |
| https://blog.evanricafort.com/2019/07/business-logic-plex-tv.html | |
| https://medium.com/@baibhavanandjha/xx-to-xxx-in-one-day-9578858b6286 | |
| https://blog.parthmalhotra.com/pwning-child-company-to-get-access-to-parentcompanys-slack-team/ | |
| https://medium.com/@bywalks/xss-on-twitter-worth-1120-914dcd28ee18 | |
| https://medium.com/@madguyyy/reflected-xss-in-ebay-com-60a9d61e26cd | |
| https://blog.evanricafort.com/2019/07/html-injection-in-clause-email.html | |
| https://philippeharewood.com/subscribe-to-typing-notifications-for-any-instagram-user/ | |
| https://blog.usejournal.com/shopping-products-for-free-parameter-tampering-vulnerability-8e09e1471596 | |
| https://www.noob.ninja/2019/07/exploiting-tricky-blind-sql-injection.html | |
| https://philippeharewood.com/get-page-inbox-notifications-for-any-facebook-page/ | |
| https://burninatorsec.blogspot.com/2019/07/microsoft-id-open-redirect.html | |
| https://leucosite.com/Microsoft-Office-365-Outlook-XSS/ | |
| https://medium.com/@kgaber99/sql-injection-in-forget-password-function-3c945512e3cb | |
| https://blog.teserakt.io/2019/07/18/how-to-lock-a-github-user-out-of-their-repos-bug-or-feature/ | |
| https://medium.com/@iSecMax/сookie-based-xss-exploitation-2300-bug-bounty-story-9bc532ffa564 | |
| https://medium.com/@sumitcfe/account-takeover-vulnerability-7e6e039a4dd3 | |
| https://medium.com/@sudhanshur705/how-recon-helped-me-to-to-find-a-facebook-domain-takeover-58163de0e7d5 | |
| https://medium.com/@circleninja/facebook-informative-bug-from-triaged-76738e4d5938 | |
| https://medium.com/@lokeshdlk77/csrf-email-confirmation-vulnerability-for-gmail-g-suite-in-facebook-5ab551a0a526 | |
| https://medium.com/@saadahmedx/bypass-csrf-with-clickjacking-worth-1250-6c70cc263f40 | |
| https://medium.com/bugbountywriteup/what-do-netcat-smtp-and-self-xss-have-in-common-stored-xss-a05648b72002 | |
| https://medium.com/bugbountywriteup/wrong-swipe-tinder-29fe1eb0203c | |
| https://medium.com/a-bugz-life/the-bugs-are-out-there-hiding-in-plain-sight-12d056613ea3 | |
| https://sysrant.com/500-bounty-man-in-the-middle-on-slack/ | |
| https://medium.com/@0x01devansh/facebook-bug-sending-messages-as-a-page-with-jobmanager-permission-763dc0d8e32c | |
| https://yeraisci.com/tokopedia-site-wide-csrf-through-graphql-request | |
| https://thezerohack.com/hack-any-instagram | |
| https://samcurry.net/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program/ | |
| https://medium.com/@sansyrox/hacking-tinders-premium-model-43f9f699d44 | |
| https://medium.com/@princechaddha/account-takeover-on-airbnb-acquisition-an-unusual-bug-part-2-45fab11dc407 | |
| https://medium.com/@yusuffurkan/facebook-bug-bounty-page-admin-disclose-bug-facebook-android-app-c0fa50459177 | |
| https://thesecurityexperts.wordpress.com/2019/07/11/xss-on-google-custom-search-engine/ | |
| https://medium.com/@janijay007/story-of-my-biggest-bounty-evecommand-execution-on-jenkin-a73f5242b1e2 | |
| https://medium.com/@ariffadhlullah2310/sql-injection-bug-bounty-110e92e71ec3 | |
| https://medium.com/@sakyb7/tale-of-account-takeover-sensitive-info-disclosure-broken-access-control-cea0a5e3a1fd | |
| https://xp.ht/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-redirect/ | |
| https://medium.com/@hazzaazi31/a-malicious-editor-of-a-page-can-support-to-a-community-action-which-cant-be-unsupported-by-the-f568c3762042 | |
| https://medium.com/@pratyush1337/information-disclosure-via-misconfigured-aws-to-aws-bucket-takeover-6a6a66470d0e | |
| https://medium.com/@ruvlol/cleartext-password-in-localstorage-writeup-245294762829 | |
| https://jspin.re/fileupload-blind-sqli/ | |
| https://medium.com/@saugatpokharel/this-is-how-i-managed-to-win-2000-through-facebook-bug-bounty-a7d531d5097e | |
| https://medium.com/@ritishkumarsingh/facebook-vulnerability-unremovable-co-host-in-facebook-page-events-695729d6a09d | |
| https://medium.com/@shub66452/account-takeover-using-csrf-json-based-a0e6efd1bffc | |
| https://medium.com/@nandwanajatin25/story-of-a-stored-xss-to-full-account-takeover-vulnerability-n-a-to-accepted-8478aa5e0d8e | |
| https://medium.com/@mateusz.olejarka/finding-hidden-gems-vol-4-rakefile-a-k-a-how-to-get-aws-keys-again-ed0d840e0ec | |
| https://medium.com/@schopath/yeah-i-got-p2-in-1-minute-stored-xss-via-markdown-editor-7872dba3f158 | |
| https://gauravnarwani.com/injecting-6200-to-1200/ | |
| https://wwws.nightwatchcybersecurity.com/2019/07/02/another-download-protection-bypass-in-google-chrome-bin-files-in-mac-os/ | |
| http://hassankhanyusufzai.com/RFI_LFI_writeup/ | |
| https://medium.com/@saadahmedx/accidental-idor-8987a2728d4 | |
| https://cyberzombie.in/stored-xss-on-indeed/ | |
| https://medium.com/@kanchansinghyadav/one-more-parameter-manipulation-bug-7fa0551a6021 | |
| https://web.archive.org/web/20200928092650/https://pwnsec.ninja/2019/06/28/facebook-bugbounty-short-story-on-page-admin-disclosure/ | |
| https://medium.com/@reegun/nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-80c9df51cf12 | |
| https://medium.com/@androgaming1912/gain-adfly-smtp-access-with-ssrf-via-gopher-protocol-26a26d0ec2cb | |
| https://philippeharewood.com/view-facebook-payouts-for-any-facebook-trivia-game/ | |
| https://medium.com/@y.shahinzadeh/1-click-account-takeover-in-virgool-io-a-nice-case-study-6bfc3cb98ef2 | |
| https://medium.com/@osamaavvan/cors-to-csrf-attack-c33a595d441 | |
| https://philippeharewood.com/toggle-group-rules-agreement-as-a-non-member/ | |
| https://medium.com/@dr.spitfire/sensitive-information-disclosure-web-cache-deception-attack-bcac6cb9cd86?sk=a2557f0c557ff38876141c2d94b296dd | |
| https://www.pentestpartners.com/security-blog/f5-networks-endpoint-inspector-browser-to-rce/ | |
| https://philippeharewood.com/download-arexport-files-for-any-public-ar-studio-effect/ | |
| https://medium.com/@navne3t/csv-injection-at-comment-section-d5009ddd176 | |
| https://web.archive.org/web/20201001064738/https://medium.com/@protector47/password-reset-vulnerability-full-account-takeover-insecure-direct-object-reference-c4a9a3ea8268 | |
| https://medium.com/@evilboyajay/page-admin-disclosure-facebook-bug-bounty-2019-ee9920e768eb | |
| https://devco.re/blog/2019/06/21/operation-crack-hacking-IDA-Pro-installer-PRNG-from-an-unusual-way-en/ | |
| https://www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105 | |
| https://blog.lent.ink/post/klanteservice/ | |
| https://medium.com/@osamaavvan/1800-worth-clickjacking-1f92e79d0414 | |
| https://www.rcesecurity.com/2019/06/about-a-sucuri-rce-and-how-not-to-handle-bug-bounty-reports/ | |
| https://medium.com/@Vibhurushi_Chotaliya/idor-payment-fraud-99d330879c0d | |
| https://medium.com/@saadahmedx/self-xss-to-evil-xss-bcf2494a82a4 | |
| https://medium.com/@dr.spitfire/a-fight-for-duplicate-marked-bug-story-of-bbc-hall-of-fame-16f9c8215315?sk=9269454dd3557dc8ea9c1ec26be033dd | |
| https://hackademic.co.in/how-a-classical-xss-can-lead-to-persistent-ato-vulnerability/ | |
| https://medium.com/@ritishkumarsingh/facebook-vulnerability-unremovable-co-host-in-facebook-group-events-13a9ea28b302 | |
| https://medium.com/@osamaavvan/account-taker-with-clickjacking-ace744842ec3 | |
| https://m0z.co/XSS-Filter-Evasion/ | |
| https://medium.com/@rohitcoder/business-user-employees-can-add-edit-change-or-apply-block-list-to-a-business-account-7b3e8aae667e | |
| https://visat.me/security/reflected-xss-in-tokopedia-train-ticket/ | |
| https://www.jonbottarini.com/2019/06/17/using-burp-suite-match-and-replace-settings-to-escalate-your-user-privileges-and-find-hidden-features/ | |
| https://smaranchand.com.np/2019/06/parameter-pollution-issue-in-api-resulting-xxx/ | |
| https://medium.com/@saadahmedx/sql-injection-c87a390afdd3 | |
| https://medium.com/@osamaavvan/bypassing-xss-filter-and-stealing-user-credit-card-data-100f247ed5eb | |
| https://medium.com/@Vibhurushi_Chotaliya/password-bypass-and-something-else-cded0847c9df | |
| https://web.archive.org/web/20201107231430/https://medium.com/@protector47/how-i-earned-1-500-in-just-15-mins-due-to-amazon-s3-bucket-misconfiguration-953b28242f95 | |
| https://medium.com/@saadahmedx/account-takeover-worth-900-cacbe10de58e | |
| https://medium.com/@osamaavvan/stealing-cookies-to-login-in-any-account-52ca33df0318 | |
| https://spenkk.github.io/bugbounty/Local-File-Inclusion/ | |
| https://medium.com/@saadahmedx/complete-web-server-access-46d19279a2b | |
| https://medium.com/bug-bounty-hunting/fullscreen-api-attacks-revisited-and-the-fb-na-story-cbea3ca383c5 | |
| https://websecblog.com/vulns/googleplex-com-blind-xss/ | |
| https://medium.com/@nishantrustlingup/admin-account-total-information-disclosure-72ec60da4a78 | |
| https://lf.lc/vrp/135276622/ | |
| https://medium.com/@saadahmedx/idor-account-takeover-1ff5a2d03b8b | |
| https://web.archive.org/web/20201028215444/http://incidentsecurity.com/how-spending-our-saturday-hacking-earned-us-20k/ | |
| https://medium.com/@ciph3r7r0ll/chaining-improper-authorization-to-race-condition-to-harvest-credit-card-details-a-bug-bounty-effe6e0f5076 | |
| https://medium.com/@androgaming1912/redstrom-denial-of-service-write-up-d8fd97f18335 | |
| https://noobe.io/articles/2019-06/reflected-xss-on-error-page | |
| https://medium.com/@ritishkumarsingh/facebook-vulnerability-non-unfriendable-user-in-hacked-workflow-5a3b392a2a98 | |
| https://medium.com/bugbountywriteup/account-takeover-using-idor-and-the-misleading-case-of-error-403-cb42c96ea310 | |
| https://medium.com/@hariharan21/idor-leads-to-project-takeover-548a1bfd4d66 | |
| https://medium.com/@noob.assassin/dont-underestimates-the-errors-they-can-provide-good-bounty-d437ecca6596 | |
| https://web.archive.org/web/20200928091625/https://pwnsec.ninja/2019/06/06/how-i-was-able-to-get-private-ticket-response-panel-and-fortigate-web-panel-via-blind-xss/ | |
| https://payatu.com/microsoft-edge-extensions-host-permission-bypass-cve-2019-0678/ | |
| https://medium.com/bugbountywriteup/unicode-vs-waf-xss-waf-bypass-128cd9972a30 | |
| https://portswigger.net/blog/bypassing-csp-with-policy-injection | |
| https://medium.com/@vishnu0002/remote-code-execution-recon-wins-e9c1db79f3da | |
| https://blog.nyangawa.me/security/GitLab-Local-File-Read/ | |
| https://medium.com/@frostnull/hi-guys-again-here-bringing-an-experience-to-share-with-you-as-usual-i-will-overshadow-some-f85a1d5a8d8c | |
| https://vishwarajbhattrai.wordpress.com/2019/06/03/missing-access-control-at-play-store/ | |
| https://medium.com/@logicbomb_1/the-unusual-case-of-open-redirection-to-aws-security-credentials-compromise-59acc312f02b | |
| https://medium.com/@nandwanajatin25/story-of-a-uri-based-xss-with-some-simple-google-dorking-e1999254aa55 | |
| https://medium.com/@trapp3rhat/edmodo-account-deactivation-vulnerability-1116613bed2b | |
| https://medium.com/@nishantrustlingup/my-first-csrf-to-account-takeover-worth-750-1332641d4304 | |
| https://anotherhackerblog.com/exploiting-file-uploads-pt1/ | |
| https://medium.com/@matarpan33r/stored-xss-on-edmodo-67b244824fa5 | |
| https://smaranchand.com.np/2019/05/an-unexploited-cors-misconfiguration-reflecting-further-issues/ | |
| https://medium.com/@dortz/how-did-i-bypass-a-custom-brute-force-protection-and-why-that-solution-is-not-a-good-idea-4bec705004f9 | |
| https://ysamm.com/?p=272 | |
| https://medium.com/@mustafakhan_89646/multiple-api-issues-due-to-fixed-authorization-token-17365056f17a | |
| https://medium.com/@frostnull/from-file-upload-to-email-pass-dc7141aa1ff6 | |
| https://tutorgeeks.blogspot.com/2019/05/security-assessment-on-staging-domains.html | |
| https://philippeharewood.com/instagram-github-token-with-public_scope-found-in-travis-ci-build-logs/ | |
| https://smaranchand.com.np/2019/05/how-i-acquired-xxx-bounty-by-investing-99-cents/ | |
| https://blog.takemyhand.xyz/2019/05/escalating-subdomain-takeovers-to-steal.html | |
| https://philippeharewood.com/determine-a-user-from-an-email-address/ | |
| https://whitehatfamilyguy.blogspot.com/2019/06/google-adwordsprivilege-escalation-read.html | |
| https://www.updatelap.com/2019/05/local-file-inclusion-in-peeringgooglecom.html | |
| https://medium.com/@zseano/leaking-openid-tokens-with-the-bug-right-infront-of-you-95c1fb4a86e9 | |
| https://blog.bugbountyhunter.com/leaking-openid-tokens/ | |
| https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/ | |
| https://medium.com/@__rishabh__/open-redirect-to-account-takeover-e939006a9f24 | |
| https://medium.com/@navne3t/a-base64-encoded-parameter-c6fb6b177d68 | |
| https://gauravnarwani.com/xssed-my-way-to-1000/ | |
| https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63 | |
| https://medium.com/@baibhavanandjha/bypassing-instagrams-stories-restriction-5936f8a4f079 | |
| https://medium.com/@fbotes2/try-harder-for-xss-7aa3657255a1 | |
| https://medium.com/@momenbasel/from-parameter-pollution-to-xss-d095e13be060 | |
| https://gist.github.com/stefanocoding/8cdc8acf5253725992432dedb1c9c781 | |
| https://www.komodosec.com/post/mime-sniffing-xss | |
| https://medium.com/@sandh0t/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397 | |
| https://medium.com/@kang_ali/stored-xss-on-techprofile-microsoft-d21757588cc1 | |
| https://web.archive.org/web/20190515123715/https://medium.com/@0ktavandi/blind-ssrf-in-stripe-com-due-to-sentry-misconfiguration-60ebb6a40b5 | |
| https://medium.com/a-bugz-life/4x-csrfs-chained-for-company-account-takeover-f9fada416986 | |
| https://medium.com/@frostnull1337/sql-injection-through-user-agent-44a1150f6888 | |
| https://medium.com/@friendly_/subdomain-takeover-awarded-200-8296f4abe1b0 | |
| https://medium.com/@w_hat_boy/server-side-request-forgery-ssrf-port-issue-hidden-approch-f4e67bd8cc86 | |
| https://www.gosecure.net/blog/2019/05/02/esi-injection-part-2-abusing-specific-implementations/ | |
| https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/ | |
| https://utkusen.com/blog/why-you-shouldnt-use-password-manager-for-linode.html | |
| http://www.tomanthony.co.uk/blog/xss-attacks-googlebot-index-manipulation/ | |
| https://medium.com/@mattharr0ey/remote-code-execution-on-microsoft-edge-url-protocol-a67d0f96b32d | |
| https://medium.com/@kankrale.rahul/from-na-to-3000-facebooks-url-spoofing-vulnerability-b4be1a3c63b1 | |
| https://baibhavjha.com.np/blogs/instagramstory/ | |
| https://medium.com/a-bugz-life/from-reflected-xss-to-account-takeover-showing-xss-impact-9bc6dd35d4e6 | |
| https://labs.bluefrostsecurity.de/blog/2019/04/29/dont-follow-the-masses-bug-hunting-in-javascript-engines/ | |
| https://gauravnarwani.com/two-factor-authentication-bypass/ | |
| https://medium.com/@elberandre/broken-access-posting-to-google-private-groups-through-any-user-in-the-group-3becfa818894 | |
| https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/ | |
| https://medium.com/@ronak_9889/denial-of-service-using-cookie-bombing-55c2d0ef808c | |
| https://medium.com/@YumiSec/how-to-bypass-a-2fa-with-a-http-header-ce82f7927893 | |
| https://medium.com/@tod4ro/for-paypal-security-team-get-user-balances-and-transaction-details-is-not-a-vulnerability-2e5b7f8780de | |
| https://medium.com/@protostar0/sidefx-poc-user-enumeration-no-rate-limeted-in-send-message-function-953f1662d41 | |
| https://whitehatfamilyguy.blogspot.com/2019/04/missing-authorization-check-while.html | |
| http://blog.h4rsh4d.com/2019/04/stealing-local-storage-data-through-xss.html | |
| https://medium.com/@logicbomb_1/the-journey-of-web-cache-firewall-bypass-to-ssrf-to-aws-credentials-compromise-b250fb40af82 | |
| https://medium.com/bugbountywriteup/csrf-attack-can-lead-to-stored-xss-f40ba91f1e4f | |
| https://medium.com/@iframe_h1/a-picture-that-steals-data-ff604ba1012 | |
| https://blog.assetnote.io/bug-bounty/2019/04/23/getting-access-zendesk-gcp/ | |
| https://www.7elements.co.uk/resources/blog/facebooks-burglary-shopping-list/ | |
| https://medium.com/@heshamwatany/the-neglected-bug-that-can-infect-all-facebook-users-who-pay-for-leads-ads-8c374cd64d76 | |
| https://soroush.secproject.com/blog/2019/04/yet-other-examples-of-abusing-csrf-in-logout/ | |
| https://medium.com/bugbountywriteup/xss-reflected-xss-bypass-filter-de41d35239a3 | |
| https://ysamm.com/?p=256 | |
| https://medium.com/@pratiky054/ssrf-to-read-local-files-and-abusing-the-aws-metadata-8621a4bf382 | |
| https://medium.com/@navne3t/confirmation-bypass-ab57c29ae413 | |
| https://terjanq.github.io/Bug-Bounty/Twitter/protected-tweets-exposure-efvju8i785y1/ | |
| https://rpadovani.com/gitlab-responsible-disclosure | |
| https://sites.google.com/securifyinc.com/secblogs/scary-tickets | |
| https://medium.com/@armaanpathan/pdfreacter-ssrf-to-root-level-local-file-read-which-led-to-rce-eb460ffb3129 | |
| https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html | |
| https://medium.com/bugbountywriteup/banner-grabbing-to-dos-and-memory-corruption-2442b1c25bbb | |
| https://medium.com/@mr_hacker/a-5000-idor-f4268fffcd2e | |
| https://medium.com/@D0rkerDevil/how-i-found-credential-enriched-redis-dump-2b9e808024c4 | |
| https://medium.com/@ZishanAdThandar/just-5-minute-to-get-my-2nd-stored-xss-on-edmodo-com-fe2ee559e00d | |
| https://medium.com/@valeriyshevchenko/how-i-hacked-vending-machine-5b5a80bd5ffe | |
| https://medium.com/@daniel.marad/post-komodosec-google-groups-authorization-bypass-500-bounty-adb371d16ab6 | |
| https://blog.ettic.ca/the-outlook-winner-is-dash-ac15dbc4098d | |
| https://blog.usejournal.com/how-i-gained-access-to-revenue-and-traffic-data-of-thousands-of-shopify-stores-b6fe360cc369 | |
| https://medium.com/@kunal94/web-cache-deception-to-api-endpoint-attack-using-cached-token-header-b01a604a5ccd | |
| https://web.archive.org/web/20200929013706/https://www.mohamedharon.com/2019/04/apache-strust-rce.html | |
| https://medium.com/@mrnikhilsri/unauthenticated-account-takeover-through-http-leak-33386bb0ba0b | |
| https://web.archive.org/web/20191218195406/https://medium.com/@sherazkhalid_60362/account-takeover-by-chaining-two-vulnerabilities-bb447753b089 | |
| https://medium.com/@jayateerthag/multiple-xss-in-skype-com-81d65919ed24 | |
| https://medium.com/@jayateerthag/multiple-xss-in-skype-com-2-18cfed39edbd | |
| https://medium.com/@nuraalamdipu/spokeo-bug-bounty-experience-3f5caba52416 | |
| https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/ | |
| https://medium.com/@elberandre/ssrf-trick-ssrf-xspa-in-microsofts-bing-webmaster-central-8015b5d487fb | |
| https://medium.com/@daniel.thatcher/obtaining-xss-using-moodle-features-and-minor-bugs-2035665989cc | |
| https://blog.long.lat/2019/04/09/obtaining-xss-using-moodle-features-and-minor-bugs/ | |
| https://ninadmathpati.com/how-i-got-a-trip-to-amsterdam-through-bug-bounty/ | |
| https://ngailong.wordpress.com/2019/04/07/old-but-gold-dot-dot-slash-to-get-the-flag-uber-microservice/amp/ | |
| https://medium.com/@jonathanbouman/email-content-spoofing-at-ikea-com-ea76c17605ee | |
| https://medium.com/@rohan_x3/edmodo-idor-to-view-private-files-of-any-class-2280676c84b8 | |
| https://medium.com/@armaanpathan/scary-bug-in-burp-suite-upstream-proxy-allows-hackers-to-hack-hackers-e6fc9a8d60a | |
| https://research.aurainfosec.io/same-origin-policy/ | |
| https://www.valbrux.it/blog/2019/04/04/google-ads-information-disclosure-via-null-pointer-exception/ | |
| https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html | |
| https://medium.com/@jonathanbouman/leaked-salesforce-api-access-token-at-ikea-com-132eea3844e0 | |
| http://archive.ingredous.com/notes/downnotifer-ssrf/ | |
| https://medium.com/bugbountywriteup/how-i-am-able-to-hijack-you-1cab793a01d1 | |
| https://medium.com/@ritishkumarsingh/https-medium-com-ritishkumarsingh-facebook-vulnerability-hiding-from-facebook-page-admin-in-hacked-workflow-86f366f183c6 | |
| https://medium.com/tenable-techblog/filezilla-untrusted-search-path-bc3a7b3ae51e | |
| https://www.tenable.com/security/research/tra-2019-14 | |
| https://medium.com/@rajsek/how-i-was-able-to-get-your-facebook-private-friend-list-responsible-disclosure-91984606e682 | |
| https://medium.com/@pratyush1337/edm0d0-idor-vulnerabilities-95ca8600ee1c | |
| https://blog.redforce.io/sql-injection-in-insert-update-query-without-comma/ | |
| https://cryptograph3r.blogspot.com/2021/02/recon-in-2-minutes-and-got-250-easy.html | |
| https://medium.com/@heinthantzin/how-i-was-able-to-turn-self-xss-into-reflected-xss-850e3d5a2beb | |
| https://gauravnarwani.com/a-tale-of-3-xss/ | |
| https://medium.com/h4x00r/my-very-first-bug-a-dreaded-dupe-and-then-an-idor-jackpot-d01b69f6fbae | |
| https://hackademic.co.in/youtube-bug/ | |
| https://blog.usejournal.com/an-unusal-bug-on-braintree-paypal-b8d3ec662414 | |
| https://www.seekurity.com/blog/general/twitter-denial-of-service-bug-or-how-i-could-prevent-all-followers-from-reading-or-accessing-literally-any-tweets/ | |
| https://philippeharewood.com/facebook-marketing-confidential-call-transcript/ | |
| https://medium.com/@terjanq/google-books-x-hacking-29c249862f19 | |
| https://b3nac.com/posts/2019-02-16-How-to-hunt-for-Malvertising-ads-on-Android.html | |
| https://medium.com/@paulorcchoupina/a-real-xss-in-olx-7727ae89c640 | |
| https://www.rodneybeede.com/security/slack-announcement-only-channel-post-restriction-bypass.html | |
| https://securitylab.github.com/research/facebook-fizz-CVE-2019-3560/ | |
| https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/ | |
| https://medium.com/@maxpasqua/dos-across-facebook-endpoints-1d7d0bc27c7f | |
| https://medium.com/@80vul/from-http-domain-to-res-domain-xss-by-using-ie-adobes-pdf-activex-plugin-9f2a72a87aff | |
| https://palant.info/2019/03/18/should-you-be-concerned-about-lastpass-uploading-your-passwords-to-its-server/ | |
| https://medium.com/@avinash_/disclosure-of-pending-roles-for-any-facebook-page-ab6e4e219f8e | |
| https://tech.target.com/2019/03/15/SharePoint-Cross-Site-Scripting.html | |
| https://medium.com/@vis_hacker/how-i-was-able-to-pwned-30000-users-webhook-d26dc3420703 | |
| https://medium.com/@imranparray/privilege-escalation-on-private-program-a2a5548cde09 | |
| https://medium.com/@rohitcoder/user-account-takeover-password-change-nice-catch-2293f4d272b2 | |
| https://omespino.com/write-up-1000-usd-in-5-minutes-xss-stored-in-outlook-com-ios-browsers/ | |
| https://www.sonarsource.com/blog/wordpress-csrf-to-rce/ | |
| https://medium.com/@abaykandotcom/olx-bug-bounty-reflected-xss-adb3095cd525 | |
| https://medium.com/@ZishanAdThandar/my-first-stored-xss-on-edmodo-com-540a33349662 | |
| https://medium.com/@GeneralEG/hack-your-form-new-vector-for-blind-xss-b7a50b808016 | |
| https://medium.com/@newp_th/how-i-find-blind-xss-vulnerability-in-redacted-com-33af18b56869 | |
| https://medium.com/@armaanpathan/brute-forcing-user-ids-via-csrf-to-delete-all-users-with-csrf-attack-216ccd4d832c | |
| https://medium.com/cesppa/escalating-ssrf-to-rce-f28c482eb8b9 | |
| https://philippeharewood.com/cve-2018-16794-on-fs-thefacebook-com/ | |
| https://websecblog.com/vulns/google-earth-studio-vulnerability/ | |
| https://medium.com/@orthonviper/sql-injection-for-50-bounty-but-still-worth-reading-468442c1cc1a | |
| https://medium.com/@sharan.panegav/account-takeover-using-cross-site-websocket-hijacking-cswh-99cf9cea6c50 | |
| https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e | |
| https://www.imperva.com/blog/mapping-communication-between-facebook-accounts-using-a-browser-based-side-channel-attack/ | |
| https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html | |
| https://medium.com/@vladimirmetnew/3-xss-in-protonmail-for-ios-95f8e4b17054 | |
| https://medium.com/@addictrao20/fixed-register-any-email-address-on-facebook-account-c6d1c3eb810d | |
| https://medium.com/@addictrao20/fixed-brute-force-instagram-accounts-passwords-938471b6e9d4 | |
| http://www.tomanthony.co.uk/blog/facebook-bug-confirm-user-identities/ | |
| https://www.smeegesec.com/2019/03/auditing-github-repo-wikis-for-fun-and.html | |
| https://medium.com/@valakeyur/xss-in-edmodo-within-5-minute-my-first-bug-bounty-889e3da6167d | |
| http://obsidianterminal.blogspot.com/2019/03/a-simple-account-takeover-misusing-jwt.html | |
| https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/ | |
| https://licenciaparahackear.github.io/en/posts/bypassing-a-restrictive-js-sandbox/ | |
| https://medium.com/@pumudu88/yet-another-unexpected-hack-for-bounty-295cee0ecc24 | |
| https://spyclub.tech/2019/02/26/horizontal-privilege-escalation-on-quora/ | |
| https://web.archive.org/web/20200929000850/https://www.mohamedharon.com/2019/02/still-work-redirect-yahoo-subdomain-xss.html | |
| https://5alt.me/2019/02/xss-in-azure-devops/ | |
| https://medium.com/@kunal94/web-cache-deception-attack-leads-to-user-info-disclosure-805318f7bb29 | |
| https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/ | |
| https://medium.com/@logicbomb_1/chain-of-hacks-leading-to-database-compromise-b2bc2b883915 | |
| https://medium.com/@spazzyy/bug-bounty-101-always-check-the-source-code-1adaf3f59567 | |
| https://medium.com/@ChandSingh/download-any-organisation-data-s3-amazonaws-64059847e06 | |
| https://web.archive.org/web/20200929003949/https://www.mohamedharon.com/2019/02/subdomain-aws-s3-buckets-reader.html | |
| https://sites.google.com/securifyinc.com/secblogs/exploitingcalendars | |
| https://github.com/setuid0-sec/Swiss_E-Voting_Publications | |
| https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2 | |
| https://medium.com/@modam3r5/reflected-xss-at-https-photos-shopify-com-ea696db3915c | |
| https://medium.com/@spade.com/how-i-registered-multiple-accounts-in-privateinternetaccess-vpn-service-for-free-a2068642f418 | |
| https://georgeosterweil.com/2019-02-20-fbctf-idor/ | |
| https://medium.com/@appsecure/leakage-of-client-secret-server-tokens-of-all-uber-developer-applications-657d9d7fd30e | |
| https://apapedulimu.click/multiple-stored-xss-on-tokopedia/ | |
| https://0x00sec.org/t/using-uri-to-pop-shells-via-the-discord-client/11673 | |
| https://www.hackerinside.me/2019/02/dos-on-waf-protected-sites-by-abusing.html | |
| https://web.archive.org/web/20201117123227/https://www.mohamedharon.com/2019/02/2-subdomains-takeover-via-unbounce-in.html | |
| https://medium.com/@futaacmcyber/stored-xss-on-edmodo-11a3fbc6b6d0 | |
| https://medium.com/@elberandre/1-000-ssrf-in-slack-7737935d3884 | |
| https://ysamm.com/?p=240 | |
| https://medium.com/@rohitcoder/facebook-workplace-bug-exposed-offsite-employee-events-sensitive-emails-putting-employees-at-risk-813d77a0c0ab | |
| https://web.archive.org/web/20200929010534/https://www.mohamedharon.com/2019/02/subdomain-takeover-via-wufoo-service-in.html | |
| https://medium.com/@abaykandotcom/open-redirect-in-slack-385eb34b7c5f | |
| https://medium.com/bugbountywriteup/bypassing-rate-limit-abusing-misconfiguration-rules-dcd38e4e1028 | |
| https://web.archive.org/web/20200928234202/https://www.mohamedharon.com/2019/02/subdomain-takeover-via-hubspot.html | |
| https://web.archive.org/web/20200929012457/https://www.mohamedharon.com/2019/02/souqcom-subdomain-takeover-via.html | |
| https://gauravnarwani.com/never-stop-at-banner-grabbing/ | |
| https://wwws.nightwatchcybersecurity.com/2019/02/14/third-party-android-app-storing-facebook-data-insecurely/ | |
| https://web.archive.org/web/20200929022152/https://www.mohamedharon.com/2019/02/ssrf-server-side-request-forgery-in.html | |
| https://medium.com/bugbountywriteup/disclose-private-attachments-in-facebook-messenger-infrastructure-15-000-ae13602aa486 | |
| https://ysamm.com/?p=185 | |
| https://www.linkedin.com/pulse/hacking-youtube-fun-profit-alexandru-coltuneac/ | |
| https://ysamm.com/?p=214 | |
| https://medium.com/@abaykandotcom/clickjacking-on-google-cse-6636bba72d20 | |
| https://medium.com/@mr_hacker/csrf-bypass-using-cross-frame-scripting-c349d6f33eb6 | |
| https://mustafakemalcan.com/asus-rce-vulnerability-on-rma-asus-europe-eu/ | |
| https://medium.com/@pig.wig45/setting-up-gitrob-and-using-it-to-find-leaking-repository-of-an-employee-in-a-hackerone-private-e4c40da1bc85 | |
| https://ysamm.com/?p=158 | |
| https://ysamm.com/?p=171 | |
| https://clever-idi0t.com/2019/02/07/how-i-was-able-to-dump-sqldb-simple-bug/ | |
| https://outpost24.com/blog/X-forwarded-for-SQL-injection | |
| https://medium.freecodecamp.org/cache-deception-how-i-discovered-a-vulnerability-in-medium-and-helped-them-fix-it-31cec2a3938b | |
| https://posts.specterops.io/remote-code-execution-via-path-traversal-in-the-device-metadata-authoring-wizard-a0d5839fc54f | |
| https://medium.com/@albeckshahar/jumping-over-the-fence-ce0fe5f9a3a2 | |
| https://medium.com/@goyalvartul/how-i-hacked-40-000-user-accounts-of-microsoft-using-2fa-bypass-outlook-live-com-13258785ec2f | |
| https://dannewitz.ninja/posts/detecting-and-exploiting-mass-assignments | |
| https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/ | |
| https://medium.com/@rohanchavan/a-unique-xss-scenario-1000-bounty-347f8f92fcc6 | |
| https://medium.com/@rupika.luhach/how-i-was-able-to-extract-information-of-other-users-exploiting-idor-9f03aa72dd06 | |
| https://offensi.com/2019/01/31/lfi-in-apigee-portals | |
| https://medium.com/bugbountywriteup/how-i-found-a-simple-bug-in-facebook-without-any-test-3bc8cf5e2ca2 | |
| https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html | |
| https://medium.com/@0x48piraj/how-i-hacked-a-website-integrated-w-facebook-having-1-1-mil-users-under-45-seconds-e4adcfe8ccd6 | |
| https://medium.com/@kedrisec/publish-tweets-by-any-other-user-6c9d892708e3 | |
| https://blog.detectify.com/2019/01/29/hacking-isnt-an-exact-science/ | |
| https://medium.com/@ChandSingh/protonmail-xss-stored-b733031ac3b5 | |
| https://websecblog.com/vulns/leoexpress-personal-data/ | |
| https://www.shawarkhan.com/2019/01/hijacking-accounts-by-retrieving-jwt.html | |
| https://medium.com/@satboy.fb/a-short-tale-of-account-verification-bypass-22045b38a8b1 | |
| https://medium.com/@nahoragg/chaining-tricky-oauth-exploitation-to-stored-xss-b67eaea4aabd | |
| https://blog.paradoxis.nl/defeating-flasks-session-management-65706ba9d3ce | |
| https://medium.com/@pratheesh.p.narayanan/misconfiguration-whatsapp-messenger-1f0f1cf3ef00 | |
| https://medium.com/@sahruldotid/antihack-idor-on-create-submission-ddb3cf40c26b | |
| https://www.symbo1.com/articles/2019/01/25/fb-change-product-availability-as-pageanalyst.html | |
| https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1 | |
| https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privilege-admin-rights/ | |
| https://blog.saycure.io/2019/01/24/antihack-xss-2-php-upload/ | |
| https://gauravnarwani.com/priv-esc-highest-admin/ | |
| https://medium.com/bugbountywriteup/frapp%C3%A9-technologies-erpnext-server-side-template-injection-74e1c95ec872 | |
| https://ysamm.com/?p=68 | |
| https://ysamm.com/?p=60 | |
| https://ysamm.com/?p=64 | |
| https://ysamm.com/?p=56 | |
| https://ysamm.com/?p=50 | |
| https://ysamm.com/?p=45 | |
| https://ysamm.com/?p=42 | |
| https://ysamm.com/?p=38 | |
| https://ysamm.com/?p=35 | |
| https://ysamm.com/?p=30 | |
| https://ysamm.com/?p=12 | |
| https://medium.com/@sudhanshur705/reflected-xss-in-zomato-f892d6887147 | |
| https://medium.com/@nahoragg/a-simple-cors-misconfig-leaked-private-post-of-twitter-facebook-instagram-5f1a634feb9d | |
| https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a | |
| https://medium.com/@friendly_/xss-through-swf-file-4f04af7b0f59 | |
| https://blog.ibrahimdraidia.com/bypass-csp-framing-restriction-rule-olx/ | |
| https://medium.com/bugbountywriteup/command-injection-poc-72cc3743f10d | |
| https://medium.com/@ritishkumarsingh/facebook-vulnerability-unremovable-facebook-group-admin-2cbf4faf55c1 | |
| https://medium.com/@sadiqwest01/bugbounty-how-i-hack-billion-company-5529a3ebe999 | |
| https://www.vesiluoma.com/abusing-mysql-clients/ | |
| https://blog.assetnote.io/bug-bounty/2019/01/14/gaining-access-to-ubers-user-data-through-ampscript-evaluation/ | |
| https://hacklad.github.io/blog/2019/01/13/Xss-it.html | |
| https://medium.com/@evilboyajay/workplace-logo-id-to-workplace-owner-name-disclosurefacebook-bug-bounty-e745db59d0bd | |
| https://www.symbo1.com/articles/2019/01/11/fb-pageanalyst-could-add-oneself-as-moderator-on-group.html | |
| https://philippeharewood.com/view-the-contact-list-for-a-messenger-kid-as-a-parent-approved-contact/ | |
| https://renaudmarti.net/posts/first-bug-bounty-submission/ | |
| https://medium.com/bugbountywriteup/when-cookie-hijacking-html-injection-become-dangerous-3c649f7f6c88 | |
| https://medium.com/@thejuskrishnan911/reflected-xss-on-asus-568ce0541171 | |
| https://medium.com/@hariharan21/stored-xss-via-alternate-text-at-zendesk-support-8bfee68413e4 | |
| https://medium.com/@jacopotediosi/how-i-hacked-altervista-org-f23d011cdb96 | |
| https://www.ash-king.co.uk/downloading-any-file-via-facebook-android.html | |
| http://infosecflash.com/2019/01/05/how-i-could-have-taken-over-any-pinterest-account/ | |
| https://medium.com/@parthshah14031998/how-i-stumbled-upon-a-stored-xss-my-first-bug-bounty-story-2793300d82bb | |
| https://medium.com/@maxpasqua/stealing-side-channel-attack-tokens-in-facebook-account-switcher-90c5944e3b58 | |
| https://web.archive.org/web/20191217045127/https://medium.com/vulnerables/yes-i-can-see-your-otp-9334cd27f021 | |
| https://www.hackerinside.me/2019/01/a-tricky-open-redirect.html | |
| https://bugbountypoc.com/how-i-was-able-to-harvest-other-vine-users-ip-address | |
| https://rudr4sarkar.blogspot.com/2019/01/how-i-found-web-shell-on-antihackme-and.html | |
| https://medium.com/@N0_M3ga_Hacks/a-curious-case-from-little-to-complete-email-verification-bypass-2c7570040e7e | |
| https://footstep.ninja/posts/password-reset/ | |
| https://medium.com/@pig.wig45/bypassing-access-control-in-a-program-on-hackerone-ef213ab34703 | |
| https://medium.com/@yogeshtantak7788/how-i-was-able-to-delete-google-gallery-data-idor-53d2f303efff | |
| https://medium.com/@armaanpathan/abusing-acl-permissions-to-overwrite-other-users-uploaded-files-videos-on-s3-bucket-162c8877728 | |
| https://medium.com/@sahruldotid/how-i-takeover-wordpress-admin-fiiipay-my-1bdede83635d | |
| https://addictivehackers.blogspot.com/2018/12/how-i-was-able-to-takeover-all-user.html | |
| https://medium.com/@newp_th/reflected-xss-on-ws-na-amazon-adsystem-com-amazon-f1e55f1d24cf | |
| https://medium.com/@aniltom/from-hunting-for-a-laptop-to-hunting-down-remote-code-execution-72cce2761846 | |
| https://medium.com/@sampanna/rce-in-nokia-com-59b308e4e882 | |
| https://medium.com/@modam3r5/unauthenticated-user-can-upload-an-attachment-at-hackerone-aff2a0c573b8 | |
| https://medium.com/@ironfisto/tokopedia-account-takeover-bug-worth-8-million-idr-5474cb5b5cc9 | |
| https://medium.com/@putracraft.theworld/server-side-request-forgery-in-openid-support-defcc64d5e41 | |
| http://blog.randorisec.fr/client-side-validation/ | |
| https://malfind.com/index.php/2018/12/21/how-i-accidentaly-found-clickjacking-in-facebook/ | |
| https://blog.compass-security.com/2018/12/xss-worm-a-creative-use-of-web-application-vulnerability/ | |
| https://medium.com/@tnirmalz/facebook-bugbounty-disclosing-page-members-1178595cc520 | |
| https://www.tnirmal.com.np/2018/12/facebook-bugbounty-disclosing.html | |
| https://soroush.secproject.com/blog/2018/12/story-of-two-published-rces-in-sharepoint-workflows/ | |
| https://medium.com/@hritik.3hs/exploiting-two-endpoints-to-get-account-takeover-651813d0a33b | |
| https://medium.com/@mustafakhan_89646/asuss-admin-panel-auth-bypass-af5062584ddf | |
| https://www.sonarsource.com/blog/wordpress-post-type-privilege-escalation/ | |
| https://medium.com/bugbountywriteup/subdomain-takeover-new-level-43f88b55e0b2 | |
| https://samcurry.net/reading-asp-secrets-for-17000/ | |
| https://medium.com/@ahmedasherif/accessing-voip-internal-service-via-port-8009-routing-traffic-through-local-apache-proxy-54a4ff539c5f | |
| https://nahoragg.github.io/bugbounty/2018/12/15/Self-XSS-to-Interesting-Stored-XSS.html | |
| https://voidzone.me/cve-2018-20139-daikin-emura-series-arbitrary-remote-control-via-dns-rebinding/ | |
| https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/ | |
| https://websecblog.com/vulns/google-code-in-xss/ | |
| https://shkspr.mobi/blog/2018/12/twitter-bug-bounty/ | |
| https://medium.com/@maxpasqua/unremovable-tags-in-facebook-page-reviews-656e095e69aa | |
| https://medium.com/@maxpasqua/chaining-two-vulnerabilities-to-break-facebook-appointment-times-for-the-second-time-ac639f8c8773 | |
| https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56 | |
| https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ | |
| https://medium.com/bugbountywriteup/open-redirect-developers-are-lazy-or-maybe-busy-6c51718b10e4 | |
| https://blog.nyangawa.me/security/CVE-2018-18649-Gitlab-RCE/ | |
| https://honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/ | |
| https://medium.com/bugbountywriteup/bypass-cloudflare-waf-to-pwned-application-2c9e4f862319 | |
| https://www.safetydetective.com/blog/microsoft-outlook/ | |
| https://avatao.com/blog-how-i-could-have-stolen-your-photos-from-google-my-first-3-bug-bounty-writeups/ | |
| https://medium.com/bugbountywriteup/how-i-was-able-to-generate-access-tokens-for-any-facebook-user-6b84392d0342 | |
| https://medium.com/bugbountywriteup/token-brute-force-to-account-take-over-to-privilege-escalation-to-organization-take-over-650d14c7ce7f | |
| https://medium.com/@sampanna/self-xss-in-indeed-com-e0c99c104cba | |
| https://medium.com/@rupika.luhach/change-anyones-profile-picture-exploiting-idor-41369f5acf75 | |
| https://web.archive.org/web/20191219015356/https://medium.com/@adeshkolte/proof-of-concept-nokia-cross-site-scripting-5bb47c3b9529 | |
| https://blog.securitybreached.org/2018/12/08/how-i-was-able-to-bypass-email-verification/ | |
| https://www.betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html | |
| https://whitehatfamilyguy.blogspot.com/2018/12/able-to-access-facebook-group-plan-even.html | |
| https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html | |
| https://corben.io/blog/18-12-5-XSS-to-XXE-in-Prince | |
| https://gauravnarwani.com/android-acc-takeover/ | |
| https://medium.com/bugbountywriteup/taking-over-google-calendar-of-a-company-1c49071f6a9 | |
| https://www.secu.ninja/2018/12/04/how-to-accidentally-find-a-xss-in-protonmail-ios-app/ | |
| https://pwning.re/2018/12/04/github-desktop-rce/ | |
| https://dylankatz.com/digging-in-to-scp-command-injection/ | |
| http://zhchbin.github.io/2018/12/03/Hijack-the-JS-File-of-Uber-s-Website/ | |
| https://medium.com/tenable-techblog/remotely-exploiting-zoom-meetings-5a811342ba1d | |
| https://www.andmp.com/2018/12/how-i-managed-to-get-google.html | |
| https://chainlover.blogspot.com/2018/11/love-story-of-account-takeover-chaining.html | |
| https://medium.com/@sudhanshur705/story-about-my-first-bug-bounty-9fe710be8241 | |
| https://medium.com/@yassergersy/exploiting-post-message-to-steal-users-cookies-7df43a00289a | |
| https://medium.com/@hossainwalid93/story-of-store-xss-d24c3ab862f0 | |
| https://web.archive.org/web/20191221105442/https://medium.com/bugbountywriteup/broken-authentication-bug-bounty-5c941a4a5f48 | |
| https://medium.com/@logicbomb_1/irctc-millions-of-passenger-details-left-at-huge-risk-18c5ecc09d7f | |
| https://slashcrypto.org/2018/11/28/eBay-source-code-leak/ | |
| https://medium.com/@vishnu0002/instagram-multi-factor-authentication-bypass-924d963325a1 | |
| https://www.amolbaikar.com/disclose-contact_email-of-any-facebook-application/ | |
| https://www.amolbaikar.com/xss-on-facebooks-acquisition-oculus-cdn/ | |
| https://www.amolbaikar.com/xss-on-facebook-instagram-cdn-server-bypassing-signature-protection/ | |
| https://www.amolbaikar.com/facebook-source-code-disclosure-in-ads-api/ | |
| https://medium.com/@benjitobias/from-ctfs-to-bug-bounty-booty-81bab999b70d | |
| https://www.secjuice.com/google-hall-of-fame/ | |
| https://www.hackerinside.me/2018/11/critical-stored-xss-vulnerability.html | |
| https://medium.com/@pratheesh.p.narayanan/bypassing-scratch-cards-on-google-pay-8915d5423385 | |
| https://medium.com/@zain.sabahat/exploiting-ssrf-like-a-boss-c090dc63d326 | |
| https://medium.com/@zain.sabahat/an-interesting-xxe-in-sap-8b35fec6ef33 | |
| https://medium.com/@androgaming1912/how-i-found-password-bypass-vulnerability-on-private-document-at-scribd-com-c0905e8dcc9a | |
| https://medium.com/@vignesh4303/how-i-hacked-netflix-users-use-it-free-forever-9febb1427262 | |
| https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549 | |
| https://quitten.github.io/Youtube/ | |
| https://medium.com/bugbountywriteup/xss-bypass-using-meta-tag-in-realestate-postnl-nl-32db25db7308 | |
| https://medium.com/bugbountywriteup/from-security-misconfiguration-to-gaining-access-of-smtp-server-ed833e757e6e | |
| https://web.archive.org/web/20200907110700/https://medium.com/@sameerphad72/edmodo-xss-bug-9c0fc9bdd0bf | |
| https://medium.com/@gopalsingh/bypassing-how-i-hacked-googles-bug-tracking-system-itself-for-15-600-in-bounties-16134466ab15 | |
| https://medium.com/@renwa/new-technique-to-find-blind-xss-c2efcd377cc2 | |
| https://www.askbuddie.com/blog/unauthorized-comments-on-facebook-live-stream/ | |
| https://www.vulnerability-db.com/?q=articles/2018/11/16/microsoft-bingplaces-business-url-redirect-vulnerability | |
| https://portswigger.net/blog/xss-in-hidden-input-fields | |
| https://medium.com/@ariffadhlullah2310/poc-cross-site-scripting-on-garuda-indonesia-website-452f4864f615 | |
| https://blog.hackenproof.com/customer-stories/hackenproof-customer-story-uklon/ | |
| https://cooltrickshome.blogspot.com/2018/11/spoofing-file-extensions-on-hackerone.html | |
| https://publish.whoisbinit.me/unauthorized-comments-on-facebook-live-stream | |
| https://philippeharewood.com/disclose-page-admins-via-gaming-dashboard-bans/ | |
| https://medium.com/@ritishkumarsingh/facebook-vulnerability-hiding-from-the-view-of-business-admin-in-the-business-manager-a04515fee9dd | |
| https://blog.fadyothman.com/how-i-discovered-xss-that-affects-over-20-uber-subdomains/ | |
| https://medium.com/@maxpasqua/breaking-appointments-and-job-interview-schedules-with-malformed-times-edef103e46ba | |
| https://xlab.tencent.com/en/2018/11/13/cve-2018-4277/ | |
| https://medium.com/@mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c | |
| https://medium.com/bugbountywriteup/dom-based-xss-or-why-you-should-not-rely-on-cloudflare-too-much-a1aa9f0ead7d | |
| https://www.imperva.com/blog/facebook-privacy-bug | |
| https://mike-n1.github.io/Chain_XSS | |
| http://blog.h4rsh4d.com/2018/03/olx-reflected-xss-on-resend-code-link.html | |
| https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/ | |
| https://blog.zimperium.com/cve-2018-9539-use-free-vulnerability-privileged-android-service/ | |
| https://www.elttam.com/blog/ruby-deserialization/ | |
| https://medium.com/@sadiqwest01/bugbounty-how-i-takeover-microsoft-store-a58c1b785aa0 | |
| https://medium.com/@rohitcoder/object-name-exposure-ing-bank-responsible-disclosure-program-1f8f808cc789 | |
| https://medium.com/bugbountywriteup/how-i-earned-5040-from-twitter-by-showing-a-way-to-harvest-other-users-ip-address-e9f43c931e9a | |
| https://medium.com/@prial261/vine-users-private-information-disclosure-f1c55a3abbb6 | |
| https://medium.com/@tim.kent/xss-in-dynamics-365-25c800aac473 | |
| https://www.sonarsource.com/blog/wordpress-design-flaw-leads-to-woocommerce-rce/ | |
| https://paper.seebug.org/737/ | |
| https://medium.com/bugbountywriteup/duplicate-but-still-cool-236835685075 | |
| http://codegrazer.com/blog/rsftp-to-command-injection.html | |
| https://web.archive.org/web/20201030131757/https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567 | |
| https://medium.com/@Skylinearafat/how-outdated-jira-instances-suffers-from-multiple-security-vulnerabilities-6a88c45e9ec6 | |
| https://medium.com/@kunal94/imagemagick-gif-coder-vulnerability-leads-to-memory-disclosure-hackerone-e9975a6a560e | |
| https://www.immunit.ch/blog/2018/11/01/cve-2018-11759-apache-mod_jk-access-bypass/ | |
| https://medium.com/@mateusz.olejarka/finding-hidden-gems-vol-3-quick-win-with-sh-file-722e58636ded | |
| https://blog.securitybreached.org/2018/11/03/p1-like-a-boss-information-disclosure-via-github-leads-to-employee-account-takeover/ | |
| https://medium.com/bugbountywriteup/stored-xss-in-bug-bounty-13c08e6f5636 | |
| https://medium.com/japzdivino/bypass-hackerone-2fa-requirement-and-reporter-blacklist-46d7959f1ee5 | |
| https://medium.com/@zseano/its-all-in-the-detail-email-leak-account-takeover-thanks-to-waybackmachine-extensive-4be365580dd7 | |
| https://blog.bugbountyhunter.com/email-leak-with-wayback/ | |
| https://web.archive.org/web/20181030103042/https://zseano.com/blogs/4.html | |
| https://medium.com/@plenumlab/idor-in-jwt-and-the-shortest-token-you-will-ever-see-uid-1234567890-4e02377ea03a | |
| https://blog.zimperium.com/cve-2018-9411-new-critical-vulnerability-multiple-high-privileged-android-services/ | |
| https://zseano.medium.com/site-wide-csrf-issue-chained-with-clickjacking-multiple-sites-vulnerable-6201abab0d3e | |
| https://blog.bugbountyhunter.com/improper-csrf-handling/ | |
| https://thesecurityexperts.wordpress.com/2018/10/28/journey-through-google-referer-leakage-bugs/ | |
| https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-download-the-source-code-of-indias-largest-telecom-service-52cf5c5640a1 | |
| https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/ | |
| https://medium.com/@Skylinearafat/how-misconfigured-api-leaked-user-private-information-e3e8c13e52e4 | |
| https://medium.com/@Skylinearafat/a-very-useful-technique-to-bypass-the-csrf-protection-for-fun-and-profit-471af64da276 | |
| https://web.archive.org/web/20191217012635/https://medium.com/bugbountywriteup/csrf-account-takeover-explained-automated-manual-bug-bounty-447e4b96485b | |
| https://medium.com/@prial261/subdomain-takeover-dew-to-missconfigured-project-settings-for-custom-domain-46e90e702969 | |
| https://medium.com/@kankrale.rahul/dos-on-facebook-android-app-using-65530-characters-of-zero-width-no-break-space-db41ca8ded89 | |
| https://medium.com/@mrnikhilsri/soap-based-unauthenticated-out-of-band-xml-external-entity-oob-xxe-in-a-help-desk-software-c27a6abf182a | |
| https://medium.com/@egeken/facebook-hidden-redirection-vulnerability-aeaaac0b9d73 | |
| https://medium.com/@ariffadhlullah2310/xss-deface-with-html-and-how-to-convert-the-html-into-charcode-f0c62dd5ef3f | |
| https://medium.com/@raushanraj_65039/google-sites-and-exploiting-same-origin-policy-d400bf569964 | |
| https://medium.com/@agrawalsmart7/cookie-based-injection-xss-making-exploitable-with-out-exploiting-other-vulns-81132ca01d67 | |
| https://medium.com/japzdivino/harvesting-all-private-invites-using-leave-program-fast-tracked-invitation-and-security-email-a01c8b3ce76f | |
| https://medium.com/@notsoshant/a-possibility-of-account-takeover-in-medium-8d950e547639 | |
| https://github.com/cymtrick/lol/blob/d17ed765129b26a1bf8060757e5aebd4e237c908/_posts/2018-10-20-CVE-2018-17082-PHP-XSS-A-Story-of-Chunked-Requests.md | |
| https://bugs.php.net/bug.php?id=76582 | |
| https://www.itsecguy.com/xss-with-put-in-ghost-blog/ | |
| https://medium.com/bugbountywriteup/add-comment-on-a-private-oculus-developer-bug-report-93f35bc80b2c | |
| https://medium.com/japzdivino/security-teams-internal-attachments-can-be-exported-via-export-as-zip-feature-on-hackerone-35ca6ec2bf8b | |
| https://blog.netspi.com/xxe-in-ibms-maas360-platform/ | |
| https://blog.harshjaiswal.com/path-traversal-while-uploading-results-in-rce | |
| https://medium.com/bugbountywriteup/brave-browser-script-blocker-bypass-vulnerability-fffd659c5a7 | |
| https://web.archive.org/web/20200825165404/https://medium.com/@adeshkolte/how-i-got-500-from-microsoft-for-csrf-vulnerability-700accaf48b9 | |
| https://medium.com/bugbountywriteup/bug-bounty-mail-ru-234fa6f5a5a | |
| https://medium.com/@m4shahab1/magic-xss-with-two-parameters-463559b03949 | |
| https://medium.com/bugbountywriteup/add-description-to-instagram-posts-on-behalf-of-other-users-6500-7d55b4a24c5a | |
| https://leucosite.com/Microsoft-Edge-RCE/ | |
| https://medium.com/@yassergersy/access-to-staging-environment-via-user-agent-string-23470546577f | |
| https://artkond.com/2018/10/10/symantec-authentication-bypass/ | |
| https://pratikyadav0.blogspot.com/2018/10/hello-everyone-took-some-time-from-my.html | |
| https://philippeharewood.com/facebook-business-takeover/ | |
| https://jonbottarini.com/2018/10/09/get-as-image-function-pulls-any-insights-nrql-data-from-any-new-relic-account-idor/ | |
| https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/ | |
| https://medium.com/bugbountywriteup/make-any-unit-in-facebook-groups-undeletable-efb68e26adb9 | |
| https://medium.com/bugbountywriteup/critical-bypass-csrf-protection-on-ibm-313ffb68dd0c | |
| https://medium.com/@jonathanbouman/persistent-xss-unvalidated-open-graph-embed-at-linkedin-com-db6188acedd9 | |
| https://medium.com/@alicanact60/my-first-0day-exploit-csp-bypass-reflected-xss-bugbounty-c7efa4bed3d7 | |
| https://portswigger.net/research/bypassing-web-cache-poisoning-countermeasures | |
| https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-paypal-case-study/ | |
| https://medium.com/@raushanraj_65039/clickjacking-in-google-docs-and-voice-typing-feature-c481d00b020a | |
| https://securitylab.github.com/research/apache-struts-double-evaluation/ | |
| https://www.martinvigo.com/googlemeetroulette | |
| https://www.sec-down.com/wordpress/?p=809 | |
| https://medium.com/@jonathanbouman/stored-xss-unvalidated-embed-at-medium-com-528b0d6d4982 | |
| https://medium.com/bugbountywriteup/exploiting-an-unknown-vulnerability-a752272ffd7f | |
| https://medium.com/@rohitcoder/email-id-phone-number-can-be-exposed-through-business-manager-e79b970ea288 | |
| http://10degres.net/aws-takeover-through-ssrf-in-javascript/ | |
| https://medium.com/@saamux/applying-a-small-bypass-to-steal-facebook-session-tokens-in-uber-5b9638b7a18c | |
| https://rudr4sarkar.blogspot.com/2018/10/how-i-found-stored-xss-on-your.html | |
| https://blog.securityevaluators.com/collecting-shells-by-the-sea-of-nas-vulnerabilities-155a0bd7c525 | |
| https://web.archive.org/web/20200929001941/https://www.mohamedharon.com/2018/10/subdomain-takeover-via-shopify-vendor.html | |
| https://medium.com/@alexali5080/how-i-was-able-to-takeover-accounts-of-an-earning-app-c22d07d8ce9 | |
| https://ls-la.fyi/2018/09/28/subway-xposed/ | |
| https://medium.com/@justmorpheus/idor-content-spoofing-and-url-redirection-via-unsubscribe-email-in-confluent-1fa7398cfe7a | |
| https://medium.com/@sivakrishnasamireddi/just-another-tale-of-severe-bugs-on-a-private-program-405870b03532 | |
| https://medium.com/@logicbomb_1/bugbounty-from-finding-jenkins-instance-to-command-execution-secure-your-jenkins-instance-9bd1e75c2288 | |
| https://medium.com/@mantissts/thick-client-attacking-databases-the-fun-easy-way-6e31162b1335 | |
| https://medium.com/@mantissts/arbitrary-file-read-in-one-of-the-largest-crms-658caa2f05d2 | |
| https://medium.com/@ratnadip1998/how-i-got-4000-from-visma-for-rce-d541e6042086 | |
| https://www.kumar.ninja/2018/09/xss-surveydropboxcom.html | |
| https://medium.com/@rahulraveendran06/weaponizing-xss-attacking-internal-domains-d8ba1cbd106d | |
| https://blog.securitybreached.org/2018/09/24/subdomain-takeover-via-unsecured-s3-bucket/ | |
| https://rpadovani.com/facebook-responsible-disclosure | |
| https://medium.com/@efkan162/how-i-xssed-uber-and-bypassed-csp-9ae52404f4c5 | |
| https://nirmaldahal.com.np/posts/2019/11/r-xss-leading-csrf-bypass-to-account-takeover/ | |
| https://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/ | |
| https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html | |
| https://sites.google.com/securifyinc.com/secblogs/shopify-athena-bug | |
| https://medium.com/@jonathanbouman/local-file-inclusion-at-ikea-com-e695ed64d82f | |
| https://mohitdabas.wordpress.com/2018/09/18/bypassing-authentication-using-javascript-debugger/ | |
| https://web.archive.org/web/20190320205543/https://medium.com/@0ktavandi/how-i-bypassed-akamai-kona-waf-xss-in-overstock-com-f205b0e71a0d | |
| https://bugbounty.blog/2018/09/18/facebook-750-reward-for-a-simple-bug/ | |
| https://medium.com/@armaanpathan/chain-the-bugs-to-pwn-an-organisation-lfi-unrestricted-file-upload-remote-code-execution-93dfa78ecce | |
| https://medium.com/@jonathanbouman/reflected-xss-at-philips-com-e48bf8f9cd3c | |
| https://randywestergren.com/xss-vulnerabilities-in-multiple-iframe-busters-affecting-top-tier-sites/ | |
| https://medium.com/bugbountywriteup/user-account-takeover-in-indias-largest-digital-business-company-c7b6d61dadb9 | |
| https://blog.securitybreached.org/2018/09/16/idor-account-takeover-using-facebook/ | |
| https://web.archive.org/web/20200811013311/https://medium.com/@protector47/persistent-cross-site-scripting-on-redacted-worth-2-000-1e760617ccab | |
| https://medium.com/intigriti/how-i-hijacked-your-account-when-you-opened-my-cat-picture-9a0a0acca9e8 | |
| https://medium.com/@Mthirup/hacking-your-own-antivirus-for-fun-and-profit-safe-browsing-gone-wrong-365db9d1d3f7 | |
| https://medium.com/@alirazzaq/subdomain-takeover-worth-200-ed73f0a58ffe | |
| https://medium.com/@maxon3/reflected-dom-xss-and-clickjacking-on-https-silvergoldbull-de-bt-html-daa36bdf7bf0 | |
| https://medium.com/@aniltom/open-redirect-vulnerability-in-udacity-com-7cba7abcfd48 | |
| https://medium.com/@mahitman1/hacking-a-crypto-debit-card-service-730f287aaee7 | |
| https://medium.com/@jonathanbouman/xxe-at-bol-com-7d331186de54 | |
| https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75 | |
| https://blog.securitybreached.org/2018/09/10/sqli-login-bypass-autotraders/ | |
| https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html | |
| https://www.hackerinside.me/2018/09/stored-xss-vulnerability-in-h1c-private.html | |
| https://ash-king.co.uk/facebook-bug-bounty-09-18.html | |
| https://blog.securitybreached.org/2018/09/09/zol-zimbabwe-authbypass-sqli-xss/ | |
| https://web.archive.org/web/20200904145527/https://medium.com/@protector47/how-i-find-open-redirect-vulnerability-in-redacted-com-one-of-the-top-payment-gateway-e9b92afdc114 | |
| https://www.hackerinside.me/2018/09/stored-xss-vulnerability-in-tumblr.html | |
| https://websecblog.com/vulns/reflected-xss-in-google-code-jam/ | |
| https://blog.securitybreached.org/2018/09/08/sqli-bootcampnutanix-com-bug-bounty-poc/ | |
| https://opsecx.com/index.php/2018/09/07/bypassing-hotstar-premium-with-dom-manipulation-and-some-javascript/ | |
| https://blog.securitybreached.org/2018/09/07/rce-jenkins-instance-dosomething-org-bug-bounty-poc/ | |
| http://omespino.com/write-up-lovestory-from-closed-as-informative-to-xx00-usd-in-yahoo-ios-mail-app/ | |
| https://medium.com/@ciph3r7r0ll/simple-login-brute-force-current-password-requirement-bypass-e8f58931e257 | |
| https://medium.com/@logicbomb_1/bugbounty-how-naaptol-indias-popular-home-shopping-company-kept-their-millions-of-user-data-e414cd4151c | |
| https://medium.com/@aroraminali21/how-i-could-download-the-source-code-of-an-indian-e-commerce-website-30cb8310b6e4 | |
| https://medium.com/@Wh11teW0lf/p1-vulnerability-in-60-seconds-85ef93d42b99 | |
| https://medium.com/@alicanact60/facebook-bug-bounty-permission-bug-19c9358d2297 | |
| https://b3nac.github.io/bugs/2018/09/01/How-I-could-have-launched-a-spear-phishing-campaign-with-Starbucks-newsletter-signup.html | |
| https://blog.sagarvd.me/2018/09/youtube-csrf.html | |
| https://medium.com/@mahitman1/i-own-your-customers-22e965761abd | |
| https://dev.to/antogarand/pwned-together-hacking-devto-hkd | |
| https://medium.com/@rohanchavan/100-bounty-in-300-seconds-isnt-bad-4f4112c102ef | |
| https://web.archive.org/web/20200929012934/https://www.mohamedharon.com/2018/08/mapboxxss.html | |
| https://medium.com/@mateusz.olejarka/finding-hidden-gems-vol-2-reamde-md-the-story-of-a-bit-too-helpful-readme-file-12d6bb51e77f | |
| https://medium.com/@D0rkerDevil/a-infinite-loop-story-f2bc05771a88 | |
| https://gauravnarwani.com/a-1000-bounty/ | |
| https://web.archive.org/web/20200929004149/https://www.mohamedharon.com/2018/08/wordpressXSS.html | |
| https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a | |
| https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-top-fans-4f1887aad85a | |
| https://blog.hawkeyesecurity.com/2018/08/27/traversing-the-path-to-rce/ | |
| https://medium.com/@nandwanajatin25/my-first-valid-xss-hackerone-f8ba0a7c647 | |
| https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/ | |
| https://medium.com/@UpdateLap/privileged-escalation-in-facebook-messenger-rooms-e71cb7275101 | |
| https://web.archive.org/web/20200829220607/https://medium.com/@adeshkolte/sql-injection-vulnerability-in-university-of-cambridge-b4c8d0381e1 | |
| https://websecblog.com/vulns/stored-xss-in-webcomponents-org/ | |
| https://medium.com/@YumiSec/api-key-the-real-goldmine-84490a56b7c4 | |
| https://www.updatelap.com/2018/08/privileged-escalation-in-facebook-rooms.html | |
| https://medium.com/@Thuva11/user-credentials-are-sent-in-clear-text-fixed-facebook-bug-bounty-7f1e05ecedd9 | |
| https://medium.com/@black_b/yahoo-idor-elimination-of-any-comment-e898f4f955f1 | |
| https://medium.com/bugbountywriteup/3-minutes-xss-71e3340ad66b | |
| https://web.archive.org/web/20220309092244/https://s0cket7.com/idor-account-takeover/ | |
| https://swisskyrepo.github.io/An-XSS-Story/ | |
| https://sites.google.com/securifyinc.com/secblogs/uber-business-support-bug | |
| https://medium.com/@friendly_/xss-at-hubspot-and-xss-in-email-areas-674fa39d5248 | |
| https://medium.com/bugbountywriteup/idor-leads-to-getting-access-tokens-of-users-linked-to-google-drive-on-edmodo-3978017134bd | |
| https://medium.com/bugbountywriteup/distorted-and-undeletable-posts-in-facebook-group-9424e15f5551 | |
| http://blog.orange.tw/2018/08/how-i-chained-4-bugs-features-into-rce-on-amazon.html | |
| https://medium.com/@justmorpheus/s3-bucket-misconfiguration-in-amazon-a7da6a6e02ea | |
| https://medium.com/bugbountywriteup/adminer-script-results-to-pwning-server-private-bug-bounty-program-fe6d8a43fe6f | |
| https://www.tutorgeeks.net/2018/08/misconfigured-jira-setting-apigee.html | |
| https://web.archive.org/web/20191219011242/https://medium.com/@zk34911/twitter-bug-bounty-misconfigured-json-endpoint-on-ads-twitter-com-2771ec83a82 | |
| https://portswigger.net/research/practical-web-cache-poisoning | |
| https://0xpatrik.com/subdomain-takeover-starbucks-ii/ | |
| https://medium.com/bugbountywriteup/from-tomcat-to-nt-authority-system-a79fa09c4abb | |
| https://web.archive.org/web/20201006184247/https://www.mohamedharon.com/2018/08/reverb-api.html | |
| https://medium.com/@carlosdanielgiovanella/this-is-how-can-i-spoof-any-sentry-log-infinitely-and-create-fake-error-logs-74406367f4ba | |
| https://medium.com/mcorral74/my-first-critical-report-9ceeb15f20c3 | |
| https://steemit.com/cryptocurrency/@mabdullah22/how-i-hacked-a-crypto-exchange-bug-bounty-writeup | |
| https://dev.to/antogarand/from-data-leak-to-account-takeover-1kck | |
| https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab | |
| https://medium.com/bugbountywriteup/sending-out-phishing-e-mails-from-microsoft-com-84c3b918ada2 | |
| https://research.checkpoint.com/2018/fakesapp-a-vulnerability-in-whatsapp/ | |
| https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs | |
| https://medium.com/@friendly_/self-xss-leads-to-blind-xss-and-reflected-xss-950b1dc24647 | |
| https://medium.com/@friendly_/reflected-xss-primagames-com-c7a641912626 | |
| https://www.secjuice.com/logical-bug-at-edmodo/ | |
| https://blog.evanricafort.com/2018/08/blind-xss-in-chrome-experiments-google.html | |
| https://medium.com/@friendly_/stored-xss-in-gameskinny-aa26c6a6ae40 | |
| https://blog.evanricafort.com/2018/08/blind-xss-in-chrome-experiments-google.html | |
| https://medium.com/@logicbomb_1/bugbounty-paytm-customer-information-is-at-risk-indias-largest-digital-wallet-company-6f7116d4b2d5 | |
| https://ioactive.com/discovering-and-exploiting-a-vulnerability-in-androids-personal-dictionary/ | |
| https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/ | |
| https://web.archive.org/web/20201022195925/https://www.mohamedharon.com/2018/08/Shipttakeover.html | |
| https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545 | |
| https://medium.com/@thehackerish/how-i-could-access-your-internal-servers-steal-and-modify-your-image-repository-d477f79b329a | |
| https://medium.freecodecamp.org/hacking-imgur-for-fun-and-profit-3b2ec30c9463 | |
| https://medium.com/@0xHyde/yahoo-two-xssi-vulnerabilities-chained-to-steal-user-information-750-bounty-e9bc6a41a40a | |
| https://www.youtube.com/watch?v=0oKHov6y6mw | |
| https://medium.com/@tomnomnom/making-a-blind-sql-injection-a-little-less-blind-428dcb614ba8 | |
| https://medium.com/@ameerassadi/binary-com-clickjacking-vulnerability-exploiting-html5-security-features-368c1ff2219d | |
| https://medium.com/@codingkarma/how-i-found-xss-on-amazon-f62b50f1c336 | |
| https://medium.com/@d0nut/exfiltration-via-css-injection-4e999f63097d | |
| https://mahmoudsec.blogspot.com/2018/07/sql-injection-and-silly-waf.html | |
| http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/ | |
| https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-chat-aka-how.html | |
| https://medium.com/@mateusz.olejarka/finding-hidden-gems-vol-1-forging-oauth-tokens-using-discovered-client-id-and-client-secret-467f1cd21714 | |
| https://www.updatelap.com/2018/07/the-malicious-person-add-people-to-top.html | |
| https://medium.com/@prial261/unclaimed-medium-publication-takeover-in-wetransfer-c268cdb51e2f | |
| https://medium.com/bug-bounty-hunting/google-assistant-bug-worth-3133-7-830a03724a04 | |
| https://sites.google.com/view/harshjaiswalblog/rce-due-to-showexceptions | |
| https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/ | |
| https://medium.com/@root_31068/the-call-is-coming-from-inside-the-house-dns-rebinding-in-eosio-keosd-wallet-e11deae05974 | |
| https://sites.google.com/securifyinc.com/secblogs/yahoo-luminate-rce | |
| https://haiderm.com/how-i-was-able-to-delete-13k-microsoft-translator-projects/ | |
| https://pulsesecurity.co.nz/advisories/WebLogic-SAML-Vulnerabilities | |
| https://medium.com/devanshwolf/hey-developer-give-me-your-api-keys-b8c99ab1c4f5 | |
| https://medium.com/bugbountywriteup/bypass-admin-approval-mute-member-and-posting-permissions-for-only-admins-in-facebook-groups-ef476cb3d524 | |
| https://medium.com/@khaled.hassan/hacking-thousands-of-companies-through-their-helpdesk-8f180a8595ef | |
| https://www.ambionics.io/blog/prestashop-privilege-escalation | |
| http://omespino.com/write-up-telegram-bug-bounty-whatsapp-n-a-blind-xss-stored-ios-in-messengers-twins-who-really-care-about-your-security/ | |
| https://medium.com/@vishnu0002/attacking-postgresql-database-834a9a3471bc | |
| https://medium.com/@SQLiBasic/bug-bounty-at-bangladeshi-site-21da8b7eb687 | |
| https://sites.google.com/securifyinc.com/secblogs/finding-leaked-sensitive-data | |
| https://medium.com/@sudhanshur705/xss-in-microsoft-subdomain-81c4e46d6631 | |
| https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html | |
| https://medium.com/@jonathanbouman/persistent-xss-at-ah-nl-198fe7b4c781 | |
| https://medium.com/@logicbomb_1/bugbounty-compromising-user-account-how-i-was-able-to-compromise-user-account-via-http-4288068b901f | |
| https://www.linkedin.com/feed/update/urn:li:activity:6421357227923337216 | |
| https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html | |
| https://hateshape.github.io/general/2018/07/05/CVE-2016-3473.html | |
| https://medium.com/bugbountywriteup/latex-to-rce-private-bug-bounty-program-6a0b5b33d26a | |
| https://samcurry.net/the-12000-intersection-between-clickjacking-xss-and-denial-of-service/ | |
| https://www.nahamsec.com/posts/chaining-multiple-vulnerabilities-to-gain-admin-access | |
| https://leigh-annegalloway.com/tumblr/ | |
| https://www.cyberonesecurity.com/blog/unauthenticated-command-injection-vulnerability-in-vmware-nsx-sd-wan-by-velocloud | |
| https://medium.com/@intideceukelaire/this-popular-facebook-app-publicly-exposed-your-data-for-years-12483418eff8 | |
| https://ahussam.me/Take-Advantage-of-Out-of-Scope-Domains-in-Bug-Bounty/ | |
| https://zseano.medium.com/how-re-signing-up-for-an-account-lead-to-account-takeover-3a63a628fd9f | |
| https://blog.bugbountyhunter.com/account-takeover-bugbounty/ | |
| https://0xpatrik.com/subdomain-takeover-starbucks/ | |
| https://medium.com/@yassergersy/account-take-over-via-reset-password-f2e9d887bce1 | |
| https://www.coengoedegebure.com/how-i-got-access-to-local-aws-info-via-jira/ | |
| https://kongwenbin.com/fastest-fix-on-open-bug-bounty-platform | |
| https://medium.com/@jonathanbouman/how-i-hacked-apple-com-unrestricted-file-upload-bcda047e27e3 | |
| https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html | |
| https://medium.com/@cachemoney/using-a-github-app-to-escalate-to-an-organization-owner-for-a-10-000-bounty-4ec307168631 | |
| https://blog.bentkowski.info/2018/06/setting-arbitrary-request-headers-in.html | |
| https://jakearchibald.com/2018/i-discovered-a-browser-bug/ | |
| https://pulsesecurity.co.nz/advisories/ManageEngine-OpManager-RCE | |
| https://medium.com/bugbountywriteup/responsible-disclosure-how-i-could-have-booked-movie-tickets-through-other-user-accounts-2db26a037b4c | |
| https://web.archive.org/web/20191217223802/https://medium.com/@tahasmily2013m/how-i-found-blind-xss-in-apple-c890775e745a | |
| https://medium.com/@jonathanbouman/reflected-client-xss-amazon-com-7b0d3cec787 | |
| https://web.archive.org/web/20191219011308/https://medium.com/@tahasmily2013m/i-have-found-vulnerability-in-360totalsecurity-is-reflected-xss-in-3a6bd602bb5a | |
| https://medium.com/@khaled.hassan/the-2-5-btc-stored-xss-f2f9393417f2 | |
| https://medium.com/@khaled.hassan/how-i-got-paid-premium-plan-for-free-on-many-popular-websites-90e62a52416a | |
| https://medium.com/@black_b/vulnerability-netflix-cross-site-scripting-xss-d44010142e2c | |
| https://medium.com/@jonathanbouman/unvalidated-open-redirect-bol-com-b270151380e6 | |
| https://medium.com/@khaled.hassan/full-account-takeover-via-reset-password-function-8b6ef15f346f | |
| https://www.bishopfox.com/blog/2018/06/server-side-spreadsheet-injections/ | |
| https://www.coalfire.com/The-Coalfire-Blog/June-2018/How-I-Found-CVE-2018-8819-Out-of-Band-(OOB)-XXE | |
| https://blog.ayoubaitelmokhtar.com/2018/06/paypal-bbp-i-couldve-deleted-all-smc.html | |
| https://thehackerblog.com/steam-fire-and-paste-a-story-of-uxss-via-dom-xss-clickjacking-in-steam-inventory-helper/index.html | |
| https://medium.com/@adrien_jeanneau/how-i-was-able-to-list-some-internal-information-from-paypal-bugbounty-ca8d217a397c | |
| https://web.archive.org/web/20210117211538/https://medium.com/@adeshkolte/how-i-found-xss-via-ssrf-vulnerability-adesh-kolte-873b30a6b89f | |
| https://medium.com/@logicbomb_1/bugbounty-database-hacked-of-indias-popular-sports-company-bypassing-host-header-to-sql-7b9af997c610 | |
| https://www.imperva.com/blog/2018/06/how-i-impersonated-someone-else-using-auth0/ | |
| https://www.nc-lp.com/blog/searching-for-xss-found-ldap-injection | |
| https://medium.com/@khaled.hassan/are-you-sure-this-is-a-trusted-email-291121028320 | |
| https://thehackerblog.com/reading-your-emails-with-a-readwrite-chrome-extension-same-origin-policy-bypass-8-million-users-affected/index.html | |
| https://hk.saowen.com/a/a8d21c0bdf39e733395aefc0e331998e3d618558f90cf06135aa4df411804e59 | |
| http://www.shawarkhan.com/2018/06/getting-php-code-execution-and-leverage.html | |
| https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158 | |
| https://web.archive.org/web/20200814185643/https://medium.com/@adeshkolte/how-i-earned-750-bounty-reward-from-at-t-bug-bounty-adesh-kolte-ae62dea44083 | |
| https://medium.com/@raghav2039/bug-bounty-how-i-booked-a-rental-house-for-just-1-00-inr-price-manipulation-in-citrus-pay-318ff6e0d8a8 | |
| https://web.archive.org/web/20200929003129/https://www.mohamedharon.com/2018/05/reflected-xss-in-hk-yahoo.html | |
| https://twitter.com/0x01alka/status/1001763583447969792 | |
| https://blog.witcoat.com/2018/05/30/account-takeover-and-blind-xss-go-pro-get-bugs/ | |
| http://cybristerboy.blogspot.com/2018/05/how-i-found-5-store-xss-on-private.html | |
| https://medium.com/@emenalf/how-i-got-hall-of-fame-in-two-fortune-500-companies-an-rce-story-9c89cead81ff | |
| http://cybristerboy.blogspot.com/2018/05/how-i-was-able-to-get-admin-panel-on.html | |
| https://andresriancho.com/recaptcha-bypass-via-http-parameter-pollution | |
| https://wesecureapp.com/blog/persistent-xss-to-steal-passwords-paypal/ | |
| https://medium.com/@r99tiq/idor-how-i-was-able-to-see-any-private-album-passwrod-in-picturepush-264913f45e10 | |
| https://medium.com/@BgxDoc/bugbounty-how-i-was-able-to-hack-any-user-account-via-password-reset-9009d84d94ff | |
| https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config | |
| https://medium.com/ymedialabs-innovation/an-aws-managed-policy-that-allowed-granting-root-admin-access-to-any-role-51b409ea7ff0 | |
| https://www.shawarkhan.com/2018/05/getting-read-access-on-edmodo.html | |
| https://medium.com/@renwa/self-xss-csrf-to-stored-xss-54f9f423a7f1 | |
| https://web.archive.org/web/20180523180902/https://sites.google.com/site/testsitehacking/-36k-google-app-engine-rce | |
| https://medium.com/@kongwenbin/fastest-fix-on-open-bug-bounty-platform-4bb03ff846e8 | |
| https://medium.com/@aayushpokhrel/how-i-got-100-from-one-private-website-3c62c27f6b5d | |
| https://medium.com/@aayushpokhrel/how-i-hacked-admin-account-via-password-reset-idor-of-one-private-currency-exchanger-site-51723c7c8704 | |
| https://medium.com/@ozil.hakim/stored-xss-in-yahoo-and-all-subdomains-bbcaa7c3b8d | |
| https://medium.com/@hacker_eth/xss-in-microsoft-7a70416aee75 | |
| https://blog.securitybreached.org/2018/05/18/get-subscription-of-120-year-for-free-bug-bounty-poc | |
| https://medium.com/@pratheesh.p.narayanan/whatsapp-dos-vulnerability-on-android-ios-web-7628077d21d4 | |
| https://medium.com/bugbountywriteup/hsts-bypass-vulnerability-in-ie-preview-fa956161fa8 | |
| https://medium.freecodecamp.org/discovering-the-hidden-mine-of-credentials-and-sensitive-information-8e5ccfef2724 | |
| https://medium.com/@honcbb/internet-safety-for-kids-families-trend-micro-dom-xss-db34c9bbb120 | |
| https://www.seekurity.com/blog/general/asus-control-center-an-information-disclosure-and-a-database-connection-clear-text-password-leakage-vulnerability/ | |
| https://web.archive.org/web/20200904133318/https://medium.com/bugbountywriteup/a-five-minute-sql-i-16ab75b20fe4 | |
| https://medium.com/bugbountywriteup/how-i-got-paid-0-from-the-indias-largest-online-gifting-portal-bug-bounty-program-fd9e14f9ca20 | |
| https://medium.com/bugbountywriteup/4500-bounty-how-i-got-lucky-99d8bc933f75 | |
| https://medium.com/bugbountywriteup/disclose-private-video-thumbnail-from-facebook-workplace-52b6ec4d73b7 | |
| https://medium.com/@evilboyajay/stealing-money-from-one-account-to-another-account-d7c5ee68922b | |
| https://medium.com/@prial261/story-of-a-stored-xss-bypass-26e6659f807b | |
| https://sysdream.com/news/lab/2018-04-30-multiple-security-vulnerabilities-in-domains-belonging-to-google/ | |
| https://medium.com/@kedrisec/how-i-found-2-9-rce-at-yahoo-bug-bounty-program-20ab50dbfac7 | |
| https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-bypass-firewall-to-get-rce-and-then-went-from-server-shell-to-get-783f71131b94 | |
| https://medium.com/@newp_th/reflected-xss-on-stack-overflow-b8366a855472 | |
| https://medium.com/@mdisrail2468/bypassing-the-confirmation-email-for-newsletter-bof-nl-682c05cb927f | |
| https://medium.com/@sivakrishnasamireddi/how-i-earned-60k-from-private-program-71bd51554490 | |
| https://medium.com/bug-bounty-hunting/application-logic-bugs-600245fb5bf0 | |
| https://medium.com/@nuraalamdipu/xss-403-forbidden-bypass-write-up-e070de52bc06 | |
| https://medium.com/bugbountywriteup/how-we-got-lfi-in-apache-drill-recon-like-a-boss-6f739a79d87d | |
| http://blog.mindedsecurity.com/2018/04/dom-based-cross-site-scripting-in.html | |
| https://medium.com/@malcolmx0x/three-cases-three-open-redirect-bypasses-887bda60b38c | |
| https://medium.com/@YoKoKho/turning-self-xss-into-non-self-stored-xss-via-authorization-issue-at-paypal-tech-support-and-brand-3046f52ac16b | |
| https://medium.com/@prial261/story-of-a-stored-xss-bypass-26e6659f807b | |
| https://medium.com/@logicbomb_1/bugbounty-journey-from-lfi-to-rce-how-a69afe5a0899 | |
| https://medium.com/@YoKoKho/bypassing-the-current-password-protection-at-techsupport-portal-b9005ee17e64 | |
| https://medium.com/@newp_th/google-bug-posting-on-groups-as-any-users-behalf-c24e7f524be5 | |
| https://medium.com/@kankrale.rahul/whatsapp-users-ip-disclosure-with-link-preview-feature-39a477f54fba | |
| https://medium.com/@YoKoKho/ribose-idor-with-simple-csrf-bypass-unrestricted-changes-and-deletion-to-other-photo-profile-e4393305274e | |
| https://medium.com/@YoKoKho/idor-at-private-bug-bounty-program-that-could-leads-to-personal-data-leaks-d2536d026bf5 | |
| http://firstsight.me/2018/04/idor-at-private-bug-bounty-program-that-could-leads-to-personal-data-leaks/ | |
| https://medium.com/@vis_hacker/how-i-got-stored-xss-using-file-upload-5c33e19df51e | |
| https://medium.com/@YumiSec/from-an-error-message-to-db-diclosure-1af879c74474 | |
| https://medium.com/@saamux/spoof-a-user-to-create-a-description-of-a-group-in-flickr-72b6b8432404 | |
| https://medium.com/bugbountywriteup/bypassing-captcha-like-a-boss-d0edcc3a1c1 | |
| https://web.archive.org/web/20180706194218/https://sites.google.com/site/testsitehacking/-5k-service-dependencies | |
| https://medium.com/bugbountywriteup/securitybreach-how-i-was-able-to-book-hotel-room-for-1-50-9b35f18e49e8 | |
| https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754 | |
| https://medium.com/@iSecMax/how-i-hacked-companies-related-to-the-crypto-currency-and-earned-60-000-93e9b3299f4e | |
| https://medium.com/@flex0geek/how-i-bypassed-ebay-process-on-redirect-98739384b4bc | |
| https://www.seekurity.com/blog/general/hijacking-users-private-information-access_token-from-microsoft-office360-facebook-app | |
| https://web.archive.org/web/20191217083137/http://blog.jr0ch17.com/2018/Please-email-me-your-password/ | |
| https://medium.com/bugbountywriteup/how-i-broke-into-google-issue-tracker-667b9e33e931 | |
| https://medium.com/@rojanrijal/source-code-analysis-in-ysurvey-luminate-bug-c86dc29b70c4 | |
| https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a | |
| https://medium.com/@yassergersy/xss-to-session-hijack-6039e11e6a81 | |
| https://web.archive.org/web/20200929003337/https://www.mohamedharon.com/2018/04/reflected-xss-on-wwwzomatocom-by.html | |
| https://medium.com/@hisham.mir/exploiting-a-single-parameter-6f4ba2acf523 | |
| https://web.archive.org/web/20201123204445/https://www.mohamedharon.com/2018/04/link-injection-on-2-twitter-subdomain.html | |
| https://medium.com/@logicbomb_1/bugbounty-your-details-are-saved-into-my-account-user-info-disclosure-vulnerability-in-practo-fe36930a1246 | |
| https://medium.com/@satboy.fb/how-i-caught-multiple-vulnerabilities-in-udemy-com-14012a8a1421 | |
| https://www.gosecure.net/blog/2018/04/03/beyond-xss-edge-side-include-injection/ | |
| https://whitehatfamilyguy.blogspot.com/2019/04/hijacking-friend-requests-facebook.html | |
| https://web.archive.org/web/20201022201335/https://www.mohamedharon.com/2018/04/my-best-small-report-bounty-report-in.html | |
| https://web.archive.org/web/20200929004520/https://www.mohamedharon.com/2018/03/xss-in-subdomain-httpsyefgrantsyahoocom.html | |
| https://web.archive.org/web/20200928235353/https://www.mohamedharon.com/2018/03/xss-in-sportstwcampaignyahoonet.html | |
| https://medium.com/@valeriyshevchenko/how-i-hacked-one-cryptocurrency-service-db3cb0f81d6c | |
| https://medium.com/bugbountywriteup/how-i-could-have-promoted-any-facebook-page-for-free-70b0f4fc0feb | |
| https://medium.com/bugbountywriteup/creating-test-conversion-using-any-app-8b32ee0a735 | |
| http://www.tomanthony.co.uk/blog/google-xml-sitemap-auth-bypass-black-hat-seo-bug-bounty/ | |
| https://web.archive.org/web/20200929015014/https://www.mohamedharon.com/2018/03/reflected-xss-moogaloop-swf-version-62x.html | |
| https://medium.com/@markchristiandeduyo/misconfiguration-of-demographics-privacy-in-a-page-682feb1179f2 | |
| https://medium.com/@logicbomb_1/bugbounty-rewarded-by-securing-vulnerabilities-in-bookmyshow-indias-largest-online-movie-bb81dba9b82 | |
| https://medium.com/bugbountywriteup/hacking-oracle-in-5-minutes-b52107a6124c | |
| https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27 | |
| https://ahussam.me/Leaking-WordPress-CSRF-Tokens/ | |
| https://blog.zimperium.com/cve-2017-13253-buffer-overflow-multiple-android-drm-services/ | |
| https://labs.detectify.com/2018/03/14/graphql-abuse/ | |
| https://medium.com/bugbountywriteup/bugbounty-how-i-was-able-to-compromise-any-user-account-via-reset-password-functionality-a11bb5f863b3 | |
| https://medium.com/@nuraalamdipu/union-based-sql-injection-write-up-a-private-company-site-273f89a49ed9 | |
| https://medium.com/@agrawalsmart7/how-i-hacked-74k-users-of-a-website-869e8a0b319 | |
| https://www.josipfranjkovic.com/blog/facebook-friendlist-paymentcard-leak | |
| https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html | |
| https://medium.com/@raushanraj_65039/google-clickjacking-6a04132b918a | |
| https://medium.com/@raushanraj_65039/facebook-bug-bounty-reports-1c1b8b55c050 | |
| https://medium.com/bugbountywriteup/bugbounty-how-i-could-book-cab-using-your-wallet-money-in-indias-largest-auto-transportation-e0c4252ca1a3 | |
| https://medium.com/bug-bounty-hunting/how-i-found-a-surprising-xss-vulnerability-on-oracle-netsuite-2d48b7fcf0c8 | |
| https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations | |
| https://www.seekurity.com/blog/general/the-2-5mins-or-2-5k-hawk-eye-bug-a-facebook-pages-admins-disclosure-vulnerability/ | |
| https://www.seekurity.com/blog/general/redressing-instagram-leaking-application-tokens-via-instagram-clickjacking-vulnerability/ | |
| https://infosecwriteups.com/how-i-hacked-into-a-bugcrowd-public-program-fcfdd4fb1b69 | |
| https://medium.com/bugbountywriteup/bugbounty-api-keys-leakage-source-code-disclosure-in-indias-largest-e-commerce-health-care-c75967392c7e | |
| https://medium.com/@JubaBaghdad/how-i-was-able-to-delete-any-image-in-facebook-community-question-forum-a03ea516e327 | |
| https://medium.com/bugbountywriteup/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3 | |
| https://www.seekurity.com/blog/general/the-fuzz-the-bug-the-action-a-race-condition-bug-in-facebook-chat-groups-leads-to-spy-on-conversations | |
| https://medium.com/@joshuaregio/modifying-any-ad-space-and-placement-e22c7cec050f | |
| http://omespino.com/write-up-twitter-bug-bounty-my-1st-bugbounty-poodle-sslv3-bug-on-multiple-twitter-smtp-servers/ | |
| https://blog.evanricafort.com/2018/02/rce-remote-code-execution-in-wordpress.html | |
| https://medium.freecodecamp.org/hacking-tinder-accounts-using-facebook-accountkit-d5cc813340d1 | |
| https://www.pingsafe.com/blog/how-tinder-accounts-could-be-hacked-using-facebook-account-kit | |
| https://bughunt1307.herokuapp.com/googlebugs.html | |
| https://bugbaba.blogspot.com/2018/02/exploiting-cors-miss-configuration.html | |
| https://medium.com/bugbountywriteup/bugbounty-exploiting-crlf-injection-can-lands-into-a-nice-bounty-159525a9cb62 | |
| https://medium.com/bugbountywriteup/how-i-was-able-to-remotely-crash-any-android-users-instagram-app-and-was-paid-a-mere-500-for-it-d4420721290e | |
| https://web.archive.org/web/20200420235005/https://sites.google.com/site/testsitehacking/-7-5k-Google-services-mix-up | |
| https://edoverflow.com/2018/logic-flaws-in-wot-services | |
| https://medium.com/bugbountywriteup/bugbounty-how-i-was-able-to-shop-for-free-payment-price-manipulation-b29355a8e68e | |
| https://web.archive.org/web/20200818084242/https://medium.com/@adeshkolte/oracle-cross-site-scripting-vulnerability-adesh-kolte-ddc5d9f279be | |
| https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd | |
| https://medium.freecodecamp.org/responsible-disclosure-how-i-could-have-hacked-all-facebook-accounts-f47c0252ae4d | |
| https://www.josipfranjkovic.com/blog/facebook-partners-portal-account-takeover | |
| https://blog.intothesymmetry.com/2018/02/bug-bounty-left-over-and-rant-part-iii.html | |
| https://medium.com/bugbountywriteup/how-i-gained-access-to-sonys-database-f3ba08d0e035 | |
| https://medium.com/bugbountywriteup/sql-injection-with-load-file-and-into-outfile-c62f7d92c4e2 | |
| https://blog.securitybreached.org/2018/02/05/how-i-found-idor-on-twitters-acquisition-mopub-com/ | |
| https://medium.com/@kankrale.rahul/facebook-mailto-injection-leads-to-social-engineering-spam-attack-68b08e36764a | |
| https://medium.com/bugbountywriteup/bugbounty-i-dont-need-your-current-password-to-login-into-your-account-how-could-i-e51a945b083d | |
| https://codeburst.io/hunting-insecure-direct-object-reference-vulnerabilities-for-fun-and-profit-part-1-f338c6a52782 | |
| https://codeburst.io/hunting-insecure-direct-object-reference-vulnerabilities-for-fun-and-profit-part-2-af832d1c0bb6 | |
| http://omespino.com/nokia-internal-ips-disclosure | |
| https://blog.securitybreached.org/2018/02/02/how-i-was-able-to-bypass-xss-protection-on-hackerones-private-program/ | |
| http://omespino.com/facebook-bug-bounty-getting-access-to-prompt-debug-dialog-and-serialized-tool-on-main-website-facebook-com/ | |
| https://blog.securitybreached.org/2018/01/27/how-i-was-able-to-download-any-file-from-web-server/ | |
| https://web.archive.org/web/20210122102751/https://www.guptashubham.com/how-i-got-22000-worth-ethereum/ | |
| https://medium.com/@pig.wig45/json-csrf-attack-on-a-social-networking-site-hackerone-platform-3d7aed3239b0 | |
| https://medium.freecodecamp.org/how-anyone-could-have-used-uber-to-ride-for-free-36cdee5ea854 | |
| https://medium.com/@saamux/full-account-takeover-through-cors-with-connection-sockets-179133384815 | |
| https://web.archive.org/web/20191218054030/https://medium.com/@zk34911/yahoo-bug-bounty-unauthorized-access-to-unisphere-management-server-debugging-facility-on-448aeb6d0c94 | |
| http://blog.jr0ch17.com/2018/No-RCE-then-SSH-to-the-box/ | |
| https://web.archive.org/web/20201207232241/https://www.mohamedharon.com/2018/01/reflected-xss-possible-server-side.html | |
| https://medium.com/bugbountywriteup/bugbounty-linkedln-how-i-was-able-to-bypass-open-redirection-protection-2e143eb36941 | |
| https://web.archive.org/web/20200926101239/https://medium.com/@adeshkolte/asus-web-application-vulnerabilities-by-adesh-n-kolte-4c14a1bb8739 | |
| http://omespino.com/write-up-file-disclosure-via-ds_store-file-macos | |
| https://medium.com/@circleninja/internshala-bug-in-internshala-student-partner-33d7b66c1bd5 | |
| https://twitter.com/kl_sree/status/953999305370607617 | |
| https://web.archive.org/web/20201022204145/https://www.mohamedharon.com/2018/01/reflected-file-download-rfd-in.html | |
| https://emtunc.org/blog/01/2018/research-misconfigured-jenkins-servers/ | |
| http://c0rni3sm.blogspot.com/2018/01/1800-in-less-than-hour.html | |
| https://blog.ibrahimdraidia.com/xss-via-angularjs-template-injection_hostinger/ | |
| https://medium.com/bugbountywriteup/bugbounty-aws-s3-added-to-my-bucket-list-f68dd7d0d1ce | |
| https://philippeharewood.com/view-the-bug-subscriptions-for-any-oculus-user/ | |
| https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf | |
| https://medium.com/bugbountywriteup/bugbounty-how-i-was-able-to-delete-anyones-account-in-an-online-car-rental-company-8a4022cc611 | |
| https://corben.io/blog/18-1-11-chaining-yahoo-bugs | |
| https://medium.com/bugbountywriteup/bugbounty-how-i-was-able-to-read-chat-of-users-in-an-online-travel-portal-c55a1787f999 | |
| https://web.archive.org/web/20200929023045/https://www.mohamedharon.com/2018/01/rce-vulnerabilite-in-yahoo-subdomain.html | |
| https://blog.securitybreached.org/2018/02/04/hunting-insecure-direct-object-reference-vulnerabilities-for-fun-and-profit-part-1/ | |
| https://research.digitalinterruption.com/2018/01/04/toytalk-bug-bounty-writeup/ | |
| https://wwws.nightwatchcybersecurity.com/2018/01/04/rce-in-duolingos-tinycards-app-for-android-cve-2017-16905/ | |
| https://voidzone.me/facebook-chat-dashboard-content-injection | |
| https://www.jonbottarini.com/2018/01/02/abusing-internal-api-to-achieve-idor-in-new-relic/ | |
| https://blog.witcoat.com/2018/05/30/stealing-10000-yahoo-cookies/ | |
| https://w00troot.blogspot.com/2017/12/how-i-found-ssrf-on-thefacebookcom.html | |
| https://medium.com/bugbountywriteup/jumping-to-the-hell-with-10-attempts-to-bypass-devils-waf-4275bfe679dd | |
| https://web.archive.org/web/20200920204426/https://medium.com/@adeshkolte/microsoft-sharepoints-follow-feature-xss-cve-2017-8514-adesh-kolte-d78d701cd064 | |
| https://bhavukjain.com/blog/2017/12/20/facebook-google-login-misconfig/ | |
| https://mike-n1.github.io/SSRF_P4toP2 | |
| https://blog.securitybreached.org/2017/12/19/unrestricted-file-upload-to-rce-bug-bounty-poc/ | |
| https://nirmaldahal.com.np/posts/2017/12/lfi-to-10-servers-pwn/ | |
| https://corben.io/blog/17-12-17-hackertarget | |
| https://lightningsecurity.io/blog/host-header-injection/ | |
| https://blog.securitybreached.org/2017/12/10/how-i-was-able-to-takeover-facebook-account-bug-bounty-poc/ | |
| https://medium.com/@joshuaregio/using-app-ads-helper-as-an-analytic-user-e751fcf9c594 | |
| https://medium.com/bugbountywriteup/bug-bounty-fastmail-feeda67905f5 | |
| https://medium.com/secjuice/how-i-was-able-to-view-exact-bounty-balance-of-any-bug-bounty-program-in-hackerone-f0e18e4206d5 | |
| https://www.fortinet.com/blog/threat-research/multiple-plone-cross-site-scripting-vulnerabilities | |
| https://medium.com/@uranium238/getting-a-rce-ctf-way-2fd612fb643f | |
| https://medium.com/@Skylinearafat/xss-protection-bypass-made-my-quickest-bounty-ever-f4fd970c9116 | |
| https://medium.com/@maxon3/lfi-to-command-execution-deutche-telekom-bug-bounty-6fe0de7df7a6 | |
| https://corben.io/blog/17-11-30-asus-sqli | |
| https://corben.io/blog/17-11-27-tricky-CORS | |
| https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html | |
| https://medium.com/@malcolmx0x/story-of-bypassing-referer-header-to-make-open-redirect-94f938b9d032 | |
| https://ysx.me.uk/taking-note-xss-to-rce-in-the-simplenote-electron-client/ | |
| https://blog.securitybreached.org/2017/11/20/uber-wildcard-subdomain-takeover | |
| https://medium.com/@honcbb/amazon-bypass-open-redirect-12609c879dff | |
| https://medium.com/@honcbb/vmware-official-vcdx-reflected-xss-90e69a3c35e1 | |
| https://medium.com/bugbountywriteup/account-take-over-vulnerability-in-google-acquisition-famebit-e93b1a0a7af9 | |
| https://medium.com/bugbountywriteup/transforming-a-domain-into-the-matrix-an-open-redirect-story-4bd87c3a8caa | |
| https://emtunc.org/blog/11/2017/jwt-refresh-token-manipulation/ | |
| https://medium.com/@agrawalsmart7/sql-is-every-where-5cba6ae9480a | |
| http://www.digitalmunition.com/WhyIWalkedFrom3k.pdf | |
| https://medium.com/bugbountywriteup/bypassing-crossdomain-policy-and-hit-hundreds-of-top-alexa-sites-af1944f6bbf5 | |
| https://zseano.medium.com/how-signing-up-for-an-account-with-an-company-com-email-can-have-unexpected-results-7f1b700976f5 | |
| https://blog.bugbountyhunter.com/company-account-unexpected/ | |
| https://www.ansariosama.com/2017/11/how-i-pwned-company-using-idor-blind-xss.html | |
| https://medium.com/@abdelfattahibrahim/from-recon-to-dom-based-xss-f279602a14cf | |
| http://blog.shashank.co/2017/11/stealing-bitcoin-wallet-backups-from.html | |
| https://medium.com/@valeriyshevchenko/how-to-delete-all-company-progress-by-one-rm-command-in-aws-s3-bucket-df9c44727d7b | |
| http://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html | |
| https://medium.com/@tungpun/from-ssrf-to-local-file-disclosure-58962cdc589f | |
| https://web.archive.org/web/20200825165420/https://medium.com/@adeshkolte/get-your-microsoft-account-hijacked-by-simply-clicking-connect-button-adesh-kolte-cc0b335b0221 | |
| https://web.archive.org/web/20201013141953/https://medium.com/@adeshkolte/multiple-intel-vulnerabilities-adesh-kolte-9f74372db34c | |
| https://web.archive.org/web/20200819161548/https://medium.com/@adeshkolte/non-persistent-xss-at-microsoft-adesh-kolte-ad36b1b4a325 | |
| http://blog.shashank.co/2017/11/crlf-injection-in-bockchaininfo.html | |
| https://blog.securitybreached.org/2017/11/04/access-localhost-via-virtual-host-virtual-host-enumeration/ | |
| https://medium.com/bugbountywriteup/senstive-information-disclose-lead-to-join-any-organisation-40ab549011 | |
| https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/ | |
| https://medium.freecodecamp.org/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5 | |
| https://medium.com/bugbountywriteup/abusing-new-claps-feature-in-medium-6bd8757a64a4 | |
| https://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html | |
| https://medium.com/@th3g3nt3l/how-i-found-an-ssrf-in-yahoo-guesthouse-recon-wins-8722672e41d4 | |
| https://kciredor.com/taking-over-every-ad-on-olx-automated-an-idor-story.html | |
| https://medium.com/@yogendra_h1/sensitive-data-exposure-by-requesting-a-resource-with-a-different-content-type-27412a9d6e2f | |
| https://medium.com/@neerajedwards/how-i-hacked-all-the-redact-agents-accounts-ec165b7c514a | |
| https://medium.com/@neerajedwards/reading-internal-files-using-ssrf-vulnerability-703c5706eefb | |
| https://web.archive.org/web/20180704183048/http://stamone-bug-bounty.blogspot.com/2017/10/dom-xss-auth_14.html | |
| https://nickbloor.co.uk/2017/10/13/adobe-coldfusion-deserialization-rce-cve-2017-11283-cve-2017-11238/ | |
| https://medium.com/bugbountywriteup/how-i-was-able-to-see-someones-all-private-files-with-a-single-file-share-link-through-atom-feed-7cde46d7e84d | |
| https://mishresec.wordpress.com/2017/10/13/uber-bug-bounty-gaining-access-to-an-internal-chat-system/ | |
| https://mishresec.wordpress.com/2017/10/13/yahoo-bug-bounty-chaining-3-minor-issues-to-takeover-flickr-accounts/ | |
| https://mishresec.wordpress.com/2017/10/12/yahoo-bug-bounty-exploiting-oauth-misconfiguration-to-takeover-flickr-accounts/ | |
| https://ahussam.me/Amazon-leaking-csrf-token-using-service-worker/ | |
| https://blog.securitybreached.org/2017/10/10/bugcrowds-domain-subdomain-takeover-vulnerability | |
| https://blog.securitybreached.org/2017/10/10/exploiting-insecure-cross-origin-resource-sharing-cors-api-artsy-net | |
| https://blog.securitybreached.org/2017/10/10/subdomain-takeover-lamborghini-hacked/ | |
| https://philippeharewood.com/facebook-graphql-csrf/ | |
| https://medium.com/secjuice/how-i-was-able-to-view-private-tweets-of-any-private-twitter-account-86a9d2640ded | |
| https://ret2got.wordpress.com/2017/10/05/how-i-could-have-mass-uploaded-from-every-flickr-account/ | |
| https://markus-krell.de/craft-cms-why-case-matters/ | |
| https://medium.com/bugbountywriteup/device-authorization-bypass-aa508c9193ed | |
| https://medium.com/@saamux/filter-bypass-to-reflected-xss-on-https-finance-yahoo-com-mobile-version-22b854327b27 | |
| https://medium.com/bugbountywriteup/900-xss-in-yahoo-recon-wins-65ee6d4bfcbd | |
| https://medium.com/bugbountywriteup/how-i-bypassed-practos-firewall-and-triggered-a-xss-b30164a8f1dc | |
| https://guptashubham.com/idor-execute-javascript-into-anyone-account/ | |
| https://guptashubham.com/stored-xss-to-full-information-disclosure | |
| https://medium.com/@rojanrijal/luminate-internal-privilege-escalation-admin-to-owner-2ca28e575985 | |
| https://medium.com/@rojanrijal/this-domain-is-my-domain-g-suite-a-record-vulnerability-b447a90a8de7 | |
| https://guptashubham.com/all-about-hackerone-private-program-terapeak/ | |
| https://guptashubham.com/multiple-vulnerabilities-in-oracle-ebs/ | |
| https://kciredor.com/first-bounty-time-to-step-up-my-game.html | |
| https://www.ansariosama.com/2017/09/exploiting-single-request-for-multiple.html | |
| http://www.noob.ninja/2017/09/story-of-parameter-specific-xss.html | |
| https://medium.com/bugbountywriteup/chaining-self-xss-with-ui-redressing-is-leading-to-session-hijacking-pwn-users-like-a-boss-efb46249cd14 | |
| https://medium.com/@arbazhussain/stored-xss-with-arbitrary-cookie-installation-567931433c7f | |
| http://manuel-sousa.blogspot.com/2017/09/url-whitelist-bypass-accounts-google.html | |
| https://medium.com/intigriti/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c | |
| https://hackernoon.com/bypassing-facebook-profile-picture-guard-security-f0676550f089 | |
| https://medium.com/@0xHyde/exploiting-history-back-3ec789c124dd | |
| https://medium.com/@SyntaxError4/reflective-xss-and-open-redirect-on-indeed-com-subdomain-b4ab40e40c83 | |
| https://medium.com/@SyntaxError4/how-i-found-reflective-xss-in-yahoo-subdomain-3ad4831b386e | |
| https://medium.com/japzdivino/idor-on-hackerone-hacker-review-what-program-say-885ce3989a6f | |
| https://medium.com/@armaanpathan/dont-just-alert-1-because-xss-is-for-fun-f88cfb88d5b9 | |
| https://medium.com/@Alra3ees/my-write-up-about-uber-cross-site-scripting-by-help-of-knoxss-b1b56f8d090 | |
| https://medium.com/@arbazhussain/stealing-0auth-token-mitm-3eeab46e96cf | |
| https://medium.com/@TheShahzada/reflected-xss-in-yahoo-6e2b6b177448 | |
| http://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/ | |
| https://medium.com/@rojanrijal/luminate-store-basics-defacement-and-potential-takeover-3b53d1e45b4f | |
| https://medium.com/@rojanrijal/developer-luminate-idor-42bd0d98e0c | |
| https://medium.com/@arbazhussain/improper-storage-of-protected-projects-files-9ece8e9a4743 | |
| https://medium.com/@arbazhussain/bypassing-rate-limit-protection-by-spoofing-originating-ip-ff06adf34157 | |
| https://web.archive.org/web/20220818204507/https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/ | |
| https://medium.com/bugbountywriteup/pre-domain-wildcard-cors-exploitation-2d6ac1d4bd30 | |
| https://philippeharewood.com/facebook-stories-disclose-facebook-friend-list/ | |
| https://nahamsec.com/posts/secure-your-jenkins-instance-or-hackers-will-force-you-to-snapchats-5000-vulnerability | |
| https://lightningsecurity.io/blog/password-not-provided/ | |
| http://c0rni3sm.blogspot.com/2017/08/accidentally-typo-to-bypass.html | |
| https://medium.com/@saamux/reflected-xss-on-www-yahoo-com-9b1857cecb8c | |
| https://medium.com/@armaanpathan/chain-the-vulnerabilities-and-take-your-report-impact-on-the-moon-csrf-to-html-injection-which-608fa6e74236 | |
| https://medium.com/@armaanpathan/idor-was-leading-to-privilege-escalation-and-violating-the-facebook-policy-355c67c654e6 | |
| https://medium.com/securityescape/getting-access-to-25k-employees-details-c085d18b73f0 | |
| https://web.archive.org/web/20200411123311/https://sites.google.com/site/testsitehacking/10k-host-header | |
| http://www.tomanthony.co.uk/blog/confirm-google-users-email/ | |
| https://bugbaba.blogspot.com/2017/08/xss-because-of-wrong-content-type-header.html | |
| https://www.seekurity.com/blog/general/business-logic-vulnerabilities-series-how-i-became-invisible-and-immune-to-blocking-on-instagram/ | |
| https://medium.com/@valeriyshevchenko/massive-information-disclosure-of-1500-famous-people-b1b950fa657 | |
| https://medium.com/@arbazhussain/referer-based-xss-52aeff7b09e7 | |
| https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html | |
| https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface | |
| https://labs.detectify.com/2017/07/27/how-we-invented-the-tesla-dom-doom-xss/ | |
| https://medium.com/@zahidali_93675/disabling-new-emails-from-facebook-without-email-owner-interaction-11c979778a68 | |
| https://www.seekurity.com/blog/general/rolling-around-and-bypassing-facebook-linkshim-protection-on-ios | |
| https://medium.com/@arbazhussain/stored-xss-on-rockstar-game-c008ec18d071 | |
| https://bugbaba.blogspot.com/2017/07/open-redirect-in-flock-my-first-swag.html | |
| https://blog.zsec.uk/rce-starwars/ | |
| https://medium.com/bugbountywriteup/how-i-was-able-to-bypass-strong-xss-protection-in-well-known-website-imgur-com-8a247c527975 | |
| https://medium.com/@arbazhussain/missing-authorization-check-in-facebook-pages-manager-9f7bd879ff33 | |
| https://medium.com/@arbazhussain/race-condition-bypassing-team-limit-b162e777ca3b | |
| https://medium.com/@arbazhussain/self-xss-to-good-xss-clickjacking-6db43b44777e | |
| https://www.seekurity.com/blog/general/business-logic-vulnerabilities-series-a-brief-on-abusing-invitation-systems/ | |
| https://medium.com/@ciph3r7r0ll/that-escalated-quickly-from-partial-csrf-to-reflected-xss-to-complete-csrf-to-stored-xss-6ba8103069c2 | |
| https://medium.com/@arbazhussain/xss-using-dynamically-generated-js-file-a7a10d05ff08 | |
| https://medium.com/@arbazhussain/exploiting-misconfigured-cors-on-popular-btc-site-2aedfff906f6 | |
| https://medium.com/@arbazhussain/stealing-access-token-of-one-drive-integration-by-chaining-csrf-vulnerability-779f999624a7 | |
| https://medium.com/@arbazhussain/idor-while-connecting-social-account-in-hackster-io-2296b316b7a7 | |
| https://medium.com/@arbazhussain/ctrl-d5ffc7b0640e | |
| https://hackernoon.com/how-to-find-internal-subdomains-yql-yahoo-and-bug-bounty-d7730b374d77 | |
| https://zseano.medium.com/fun-with-mobile-apps-broken-api-leads-to-leak-of-millions-of-personal-information-e7eb0b9dcce7 | |
| https://blog.bugbountyhunter.com/user-id-leak/ | |
| https://wesecureapp.com/blog/fabric-io-api-permission-apocalypse-privilege-escalations | |
| https://wesecureapp.com/blog/how-we-tookover-shopify-accounts-with-one-single-click | |
| https://wesecureapp.com/blog/xss-by-tossing-cookies/ | |
| https://shahmeeramir.com/how-a-simple-idor-become-a-4k-user-impersonation-vulnerability-705291b55c0d | |
| https://web.archive.org/web/20180827025910/http://www.paulosyibelo.com/2017/07/coinbase-angularjs-dom-xss-via-kiteworks.html | |
| https://ahussam.me/Medium-content-spoofing-xss | |
| https://ysx.me.uk/managed-apps-and-music-a-tale-of-two-xsses-in-google-play/ | |
| https://infosecwriteups.com/whatsapp-dos-vulnerability-in-ios-android-d896f76d3253 | |
| https://web.archive.org/web/20190718104640/https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5 | |
| https://corben.io/blog/17-06-30-bandcamp-xss | |
| https://www.seekurity.com/blog/general/openproject-session-management-security-vulnerability/ | |
| https://medium.com/@zahidali_93675/posting-on-groups-as-people-whenever-their-email-was-known-by-an-attacker-9dc8d7baf970 | |
| https://buer.haus/2017/06/29/escalating-xss-in-phantomjs-image-rendering-to-ssrflocal-file-read/ | |
| https://www.seekurity.com/blog/general/reflected-xss-vulnerability-in-simplerisk | |
| https://ysx.me.uk/road-to-unauthenticated-recovery-downloading-github-saml-codes/ | |
| https://www.arneswinnen.net/2017/06/authentication-bypass-on-ubers-sso-via-subdomain-takeover/ | |
| https://www.seekurity.com/blog/general/stored-xss-in-the-heart-of-the-russian-email-provider-giant-mail-ru/ | |
| https://dos.sh/blog/2017/6/21/yahoo-small-business-luminate-and-the-not-so-secret-keys | |
| https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/ | |
| https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/ | |
| https://web.archive.org/web/20170620023433/https://medium.com/@know.0nix/how-i-hack-23-900-000-tumblr-domains-at-once-341edad6e7cc | |
| https://blog.witcoat.com/2018/05/30/xss-on-bugcrowd-and-so-many-other-websites-main-domain/ | |
| https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-cve-2017-5244/ | |
| https://www.seekurity.com/blog/write-ups/godaddy-xss-affects-parked-domains-redirector-processor | |
| https://www.seekurity.com/blog/general/lets-steal-some-tokens | |
| https://medium.com/bugbountywriteup/whatsapp-dos-vulnerability-in-ios-android-d896f76d3253 | |
| http://c0rni3sm.blogspot.com/2017/06/from-js-to-another-js-files-lead-to.html | |
| https://medium.com/bugbountywriteup/how-i-got-5500-from-yahoo-for-rce-92fffb7145e6 | |
| https://seanmelia.files.wordpress.com/2017/06/django-privilege-escalation-e28093-zero-to-superuser.pdf | |
| https://www.rafaybaloch.com/2017/06/stored-xss-csrf-and-clickjacking.html | |
| https://www.rafaybaloch.com/2017/06/a-tale-of-another-sop-bypass-in-android.html | |
| https://www.rafaybaloch.com/2017/06/android-browser-same-origin-policy.html | |
| https://www.rafaybaloch.com/2017/06/dom-based-xss-in-microsoft.html | |
| https://www.rafaybaloch.com/2017/06/paypal-mobile-verification-and-payment.html | |
| https://www.rafaybaloch.com/2017/06/nokia-asha-series-lock-screen-bypass.html | |
| https://www.rafaybaloch.com/2017/06/android-browser-all-versions-address.html | |
| https://blog.fraktal.fi/comparing-cloud-wafs-in-2024-61b689b1b0e1 | |
| http://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html | |
| https://ysx.me.uk/a-pair-of-plotly-bugs-stored-xss-and-aws-metadata-ssrf/ | |
| https://medium.com/@nmalcolm/hacking-the-nhs-for-fun-and-no-profit-90931029dcb4 | |
| http://panchocosil.blogspot.com/2017/05/one-cloud-based-local-file-inclusion.html | |
| https://philippeharewood.com/find-mingle-suggestions-for-any-facebook-user-revisited/ | |
| https://medium.com/@rojanrijal/i-got-emails-g-suite-vulnerability-917e1f6a91f6 | |
| http://karmainsecurity.com/tales-of-sugarcrm-security-horrors | |
| https://web.archive.org/web/20190506160222/https://tutorgeeks.blogspot.com/2017/04/aws-s3-bucket-misconfiguration.html | |
| https://www.jonbottarini.com/2017/04/03/inspect-element-leads-to-stripe-account-lockout-authentication-bypass/ | |
| https://buer.haus/2017/03/31/airbnb-web-to-app-phone-notification-idor-to-view-everyones-airbnb-messages/ | |
| https://medium.com/bugbountywriteup/hundreds-of-hundreds-subdomains-hack3d-including-hacker0ne-ad3acd1c0a44 | |
| https://www.nc-lp.com/blog/critical-information-disclosure-on-wappalyzer-com | |
| https://blog.ettic.ca/near-universal-xss-in-mcafee-web-gateway-cf8dfcbc8fc3 | |
| https://www.jonbottarini.com/2017/03/16/penetrating-pornhub-xss-vulns-galore-plus-a-cool-shirt | |
| https://emtunc.org/blog/03/2017/bypassing-safe-links-exchange-online-advanced-threat-protection/ | |
| https://buer.haus/2017/03/13/airbnb-ruby-on-rails-string-interpolation-led-to-remote-code-execution/ | |
| https://corben.io/blog/17-3-10-att-rce | |
| https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff | |
| https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/ | |
| https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/ | |
| https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/ | |
| https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/ | |
| https://timeofcheck.com/time-based-blind-sqli-on-news-starbucks-com/ | |
| https://medium.com/@sean.roesner/one-company-262-bugs-100-acceptance-2-57-priority-300million-user-details-saved-dd88ecb10f6f | |
| https://blog.bugbountyhunter.com/one-company-262-bugs/ | |
| https://medium.com/intigriti/how-i-got-your-phone-number-through-facebook-223b769cccf1 | |
| https://eslam.io/posts/practical-exploitation-of-error-based-sql-injection | |
| https://hackernoon.com/how-i-bypassed-state-bank-of-india-otp-f145469a9f1d | |
| https://medium.com/bugbountywriteup/how-i-was-able-to-remove-your-instagram-phone-number-d346515e79c3 | |
| https://ysx.me.uk/from-rss-to-xxe-feed-parsing-on-hootsuite/ | |
| http://mahmoudsec.blogspot.com/2017/02/sql-injection-in-update-query-bug.html | |
| https://ysx.me.uk/lightweight-markup-a-trio-of-persistent-xss-in-gitlab/ | |
| https://medium.com/@zahidali_93675/vulnerabilities-in-facebook-login-approval-form-dfa5fce92023 | |
| https://medium.com/@zahidali_93675/conflict-account-recovery-form-in-facebook-2b6e7d203cfd | |
| https://medium.com/@zahidali_93675/bypassed-facebook-phone-number-security-9e2d34dc063b | |
| https://foxglovesecurity.com/2017/02/07/type-juggling-and-php-object-injection-and-sqli-oh-my/ | |
| https://medium.com/@zahidali_93675/hijack-facebook-groups-721c08526326 | |
| https://medium.com/@zahidali_93675/cross-site-request-forgery-in-facebook-86087201d8c | |
| https://web.archive.org/web/20170206221502/https://deadpool.sh/2017/RCE-Springs/ | |
| https://web.archive.org/web/20200822111544/https://whitehatnepal.tumblr.com/post/156707088037/i-got-emails-g-suite-vulnerability | |
| https://medium.com/@prateek_0490/how-i-could-have-compromised-any-account-on-one-of-the-biggest-startup-based-in-california-3ebc8c6844b5 | |
| https://httpsonly.blogspot.com/2017/01/0day-writeup-xxe-in-ubercom.html | |
| https://medium.com/bugbountywriteup/how-i-could-have-hacked-iit-guwahatis-website-52dff319b056 | |
| https://tij.me/blog/stealing-passwords-from-mcdonalds-users/ | |
| https://tij.me/blog/xss-on-hema-one-of-the-largest-dutch-franchisors/ | |
| http://www.pranav-venkat.com/2016/12/idor-in-facebooks-acquisition-parse.html | |
| https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/index.html | |
| https://evilpacket.net/2016/atom-io-misconfiguration-allowed-code-execution-on-untrusted-networks/ | |
| https://www.arneswinnen.net/2016/11/authentication-bypass-on-sso-ubnt-com-via-subdomain-takeover-of-ping-ubnt-com/ | |
| https://medium.com/pentesternepal/bypassing-ebay-xss-protection-8cf73466ba0f | |
| https://guptashubham.com/svg-xss-in-unifi-v5-0-2/ | |
| https://guptashubham.com/stored-xss-in-unifi-v4-8-12-controller/ | |
| https://portswigger.net/research/backslash-powered-scanning-hunting-unknown-vulnerability-classes | |
| https://philippeharewood.com/rewriting-a-photo-not-owned-by-the-session-user-in-moments-app-revisited/ | |
| https://ahussam.me/leak-private-videos-vimeo/ | |
| https://foxglovesecurity.com/2016/10/14/hacking-jasperreports-the-hidden-shell-feature/ | |
| https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties | |
| https://blog.mert.ninja/twitter-hpp-vulnerability/ | |
| https://medium.com/bugbountywriteup/open-redirect-scanner-c72cd60d0bf | |
| https://www.betterhacker.com/2016/10/command-injection-without-spaces.html | |
| https://blog.zsec.uk/gif-time-pornhub/ | |
| https://blog.evanricafort.com/2016/09/xss-vulnerability-in-twitter.html | |
| https://blog.zsec.uk/persisting-pornhub/ | |
| https://medium.com/@know.0nix/link-injection-manipulation-at-admin-google-com-6da3b15a2854 | |
| https://ahussam.me/Vine-Reauth-Bypass | |
| https://github.com/cymtrick/lol/blob/d17ed765129b26a1bf8060757e5aebd4e237c908/_posts/2016-09-20-Facebook-partners-CSRF.md | |
| http://blog.rakeshmane.com/2016/09/bug-bounty-account-takeover.html | |
| https://web.archive.org/web/20200817171403/https://whitehatnepal.tumblr.com/post/150381068912/how-i-snooped-into-your-private-slack-messages | |
| https://wss.sh/en/blog/bugbounty-decoding-a-😱-00000-htpasswd-bounty/ | |
| https://web.archive.org/web/20220401221504/https://blog.innerht.ml/internet-explorer-has-a-url-problem/ | |
| https://web.archive.org/web/20200822010745/https://whitehatnepal.tumblr.com/post/149985438982/reading-ubers-internal-emails-uber-bug-bounty | |
| https://web.archive.org/web/20200811013300/https://whitehatnepal.tumblr.com/post/149933960267/rce-in-addthis | |
| https://web.archive.org/web/20200819161533/https://whitehatnepal.tumblr.com/post/149937173467/pornhub-email-confirmation-bypass | |
| https://httpsonly.blogspot.com/2016/08/turning-self-xss-into-good-xss-v2.html | |
| https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/ | |
| http://artsploit.blogspot.com/ | |
| https://www.evilsocket.net/2016/08/17/Samsung-Galaxy-Apps-MITM-Vulnerabilities/ | |
| https://guptashubham.com/swf-xss-dom-based-xss/ | |
| https://guptashubham.com/xss-filter-bypass-in-yahoo-dev-flurry-com/ | |
| https://guptashubham.com/xss-on-flickr/ | |
| https://blog.zsec.uk/csvhub/ | |
| https://whitton.io/articles/messenger-site-wide-csrf/ | |
| https://www.seekurity.com/blog/general/bmw-vulnerabilities-hijack-cars-connecteddrive-service/ | |
| http://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html | |
| https://web.archive.org/web/20220709205125/https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/ | |
| https://avicoder.me/2016/07/22/Twitter-Vine-Source-code-dump/ | |
| https://mhmdiaa.com/blog/spotify-blind-xss/ | |
| https://www.josipfranjkovic.com/blog/hacking-facebook-csrf-device-login-flow | |
| https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/ | |
| https://www.josipfranjkovic.com/blog/race-conditions-on-web | |
| https://www.seekurity.com/blog/general/topcoder-vulnerabilities-a-tail-of-site-wide-bugs-leads-to-accounts-compromise-payments-hijacking/ | |
| https://medium.com/@r0t1v/uber-hacking-how-we-found-out-who-you-are-where-you-are-and-where-you-went-1e0769674535 | |
| https://ahussam.me/Medium-full-account-takeover/ | |
| https://lab.wallarm.com/critical-linkedin-vulnerability-proactively-resolved-by-wallarm-xxe-in-application-server-239bba28e415 | |
| https://medium.com/bugbountywriteup/two-vulnerabilities-makes-an-exploit-xss-and-csrf-in-bing-cd4269da7b69 | |
| https://medium.com/intigriti/why-you-shouldnt-share-links-on-facebook-f317ba4aa58b | |
| https://blog.zsec.uk/pwning-pornhub | |
| https://www.seekurity.com/blog/general/runkeeper-stores-xss-vulnerability/ | |
| https://www.arneswinnen.net/2016/05/instabrute-two-ways-to-brute-force-instagram-account-credentials/ | |
| https://www.seekurity.com/blog/general/microsoft-yammer-clickjacking-exploiting-html5-security-features | |
| https://www.seekurity.com/blog/general/badoo-hotornot-privacy-disclosure-feature-not-a-bug | |
| https://wss.sh/en/blog/bugbounty-sleeping-stored-google-xss-awakens-a-5000-bounty/ | |
| https://blog.darabi.me/2016/05/how-i-bypassed-facebook-csrf-in-2016.html | |
| https://www.seekurity.com/blog/general/facebook-vulnerability-a-cute-bug-that-reveals-the-likes-of-deleted-posts-regardless-of-their-privacy-settings/ | |
| https://www.seekurity.com/blog/general/fiverr-com-full-accounts-takeover-vulnerability/ | |
| https://www.seekurity.com/blog/general/firefox-find-my-device-service-clickjacking/ | |
| https://thehackerblog.com/poisoning-the-well-compromising-godaddy-customer-support-with-blind-xss/index.html | |
| https://www.seekurity.com/blog/general/facebook-movies-recommendation-bug/ | |
| https://www.seekurity.com/blog/general/whatsapp-clickjacking-vulnerability-yet-another-web-client-failure | |
| https://www.seekurity.com/blog/general/telegram-web-client-clickjacking-vulnerability/ | |
| https://www.seekurity.com/blog/write-ups/facebook-clickjacking-how-we-put-a-new-dress-on-facebook-ui/ | |
| https://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-meta-data/ | |
| https://buer.haus/2016/04/18/yahoo-login-protection-seal-stored-css-injection/ | |
| https://medium.com/@albeckshahar/facebook-invitees-email-address-disclosure-25059ae93725 | |
| https://whitton.io/articles/obtaining-tokens-outlook-office-azure-account/ | |
| https://medium.com/swlh/watch-paint-dry-how-i-got-a-game-on-the-steam-store-without-anyone-from-valve-ever-looking-at-it-2e476858c753 | |
| https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts | |
| https://whitton.io/articles/uber-turning-self-xss-into-good-xss/ | |
| http://www.pranav-venkat.com/2016/03/command-injection-which-got-me-6000.html | |
| https://nareshlamgade.com.np/2016/03/sql-injection-on-mega/ | |
| http://karmainsecurity.com/hacking-magento-ecommerce-for-fun-and-17000-usd | |
| https://www.rcesecurity.com/2016/02/ubiquiti-bug-bounty-unifi-v3-2-10-generic-csrf-protection-bypass/ | |
| https://ahussam.me/how-i-hacked-oculus-oauth-ebay-ibm/ | |
| https://www.seekurity.com/blog/write-ups/eset-broken-authentication-vulnerability/ | |
| https://bitquark.co.uk/blog/2016/02/09/how_i_got_access_to_millions_of_redacted_accounts | |
| https://www.agarri.fr/blog/archives/2016/02/06/deserialization_in_perl_v5_8/index.html | |
| https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs | |
| https://whitton.io/articles/xss-on-facebook-via-png-content-types | |
| http://artsploit.blogspot.com/2016/01/paypal-rce.html | |
| https://medium.com/bugbountywriteup/broken-access-control-in-bingmapsportal-a012bffd2c43 | |
| https://medium.com/bugbountywriteup/how-i-got-listed-in-microsoft-hall-of-fame-8f96ca4535c2 | |
| http://exfiltrated.com/research-Instagram-RCE.php | |
| https://web.archive.org/web/20210511011807/https://blog.evanricafort.com/2015/12/local-file-xss-vulnerability-in.html | |
| https://blog.evanricafort.com/2015/12/arbitary-file-upload-vulnerability-in.html | |
| https://web.archive.org/web/20180322133921/http://codel10n.com/how-to-hack-payu-buy-10x-more-same-price/ | |
| https://www.agarri.fr/blog/archives/2015/12/17/amf_parsing_and_xxe/index.html | |
| https://ahussam.me/Cloudflare-xss/ | |
| https://maustin.net/2015/11/12/hipchat_rce.html | |
| https://medium.com/@r0t1v/open-redirect-in-linkedin-and-yahoo-a3ffd2a9cc48 | |
| http://mahmoudsec.blogspot.com/2015/09/how-i-found-xss-vulnerability-in-google.html | |
| https://matatall.com/xss/rce/bugbounty/2015/09/08/xss-to-rce.html | |
| https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/ | |
| https://thezerohack.com/hacking-facebook-pages | |
| https://ahussam.me/One-payload-to-xss-them/ | |
| https://ahussam.me/Blind-sqli-Hootsuite/ | |
| https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/ | |
| https://josipfranjkovic.blogspot.com/2015/07/the-easiest-bug-bounties-i-have-ever-won.html | |
| https://web.archive.org/web/20200313201545/http://www.anandpraka.sh/2015/06/how-i-hacked-zomatocom-to-see-data-of.html | |
| https://blog.darabi.me/2015/03/facebook-bypass-ads-account-roles.html | |
| https://josipfranjkovic.blogspot.com/2015/04/race-conditions-on-facebook.html | |
| https://blog.darabi.me/2015/04/bypass-facebook-csrf.html | |
| https://blog.zimperium.com/telegram-hack/ | |
| https://web.archive.org/web/20210423154459/https://yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/ | |
| https://buer.haus/2015/02/03/google-com-mobile-feedback-url-redirect-regexvalidation-flaw/ | |
| https://buer.haus/2015/02/03/flickr-api-explorer-force-users-to-execute-any-api-request/ | |
| https://buer.haus/2015/01/21/admin-google-com-reflected-cross-site-scripting-xss/ | |
| http://nbsriharsha.blogspot.com/2015/01/vimeo-buying-pro-membership-ondemand.html | |
| https://buer.haus/2015/01/15/yahoo-root-access-sql-injection-tw-yahoo-com/ | |
| https://wss.sh/en/blog/bugbounty-papyal-xml-upload-cross-site-scripting-vulnerability/ | |
| https://www.yassineaboukir.com/blog/how-I-discovered-a-1000$-open-redirect-in-facebook/ | |
| https://wss.sh/en/blog/bugbounty-reflected-cross-site-scripting-at-paypal-com/ | |
| https://wss.sh/en/blog/bugbounty-malicious-redirect-on-mailroom-prezi-com/ | |
| https://quitten.github.io/Aliexpress/ | |
| https://josipfranjkovic.blogspot.com/2014/12/reading-local-files-from-facebooks.html | |
| https://www.rcesecurity.com/2014/11/google-bug-bounty-nice-catch-on-google-cloud-platform-live | |
| https://wss.sh/en/blog/bugbounty-reflected-cross-site-scripting-billmelater/ | |
| https://wss.sh/en/blog/bugbounty-paypal-stored-xss-security-bypass/ | |
| https://blog.it-securityguard.com/bugbounty-paypal-dom-xss-main-domain/ | |
| https://wss.sh/en/blog/bugbounty-the-5000-google-xss/ | |
| https://philippeharewood.com/facebook-bug-bounty-secondary-damage-revisited-why-i-really-like-reporting-to-facebook-too/ | |
| https://wss.sh/en/blog/bugbounty-yahoo-phpinfo-php-disclosure-2/ | |
| https://www.agarri.fr/blog/archives/2014/10/15/bypassing_blacklists_based_on_ipy/index.html | |
| https://www.agarri.fr/blog/archives/2014/09/11/trying_to_hack_redis_via_http_requests/index.html | |
| https://josipfranjkovic.blogspot.com/2014/09/step-by-step-exploiting-sql-injection.html | |
| https://bitquark.co.uk/blog/2014/08/31/popping_a_shell_on_the_oculus_developer_portal | |
| https://ahussam.me/Flickr-CSRF/ | |
| https://buer.haus/2014/06/16/facebook-stored-cross-site-scripting-xss-badges/ | |
| https://thehackerblog.com/ebay-mobile-reflected-xss-disclosure-writeup/index.html | |
| https://wss.sh/en/blog/bug-bounty-prezi-map-prezi-com-path-traversal/ | |
| https://maustin.net/google_docs | |
| https://www.rcesecurity.com/2014/04/magix-bug-bounty-magix-com-rce-sqli-and-xara-com-lfi-xss/ | |
| https://wss.sh/en/blog/a-tale-of-7-vulnerabilities-paypal-bug-bounty/ | |
| https://buer.haus/2014/04/07/facebook-send-notifications-to-any-user-exploit/ | |
| http://www.tomanthony.co.uk/blog/google-exploit-steal-login-email-addresses/ | |
| https://bitquark.co.uk/blog/2014/02/23/tesla_motors_blind_sql_injection | |
| https://0day.click/recipe/2014-02-22-github/ | |
| https://blog.includesecurity.com/2014/02/how-i-was-able-to-track-the-location-of-any-tinder-user/ | |
| http://homakov.blogspot.com/2014/02/how-i-hacked-github-again.html | |
| https://bitquark.co.uk/blog/2013/12/30/google_sites_a_tale_of_five_vulnerabilities | |
| http://blog.shashank.co/2013/12/waze-arbitrary-file-upload.html | |
| http://blog.shashank.co/2013/12/imgur-xss.html | |
| https://maustin.net/articles/2013-12/flickr_xss | |
| https://whitton.io/articles/abusing-cors-for-an-xss-on-flickr/ | |
| http://blog.shashank.co/2013/12/heroku-directory-transversal.html | |
| http://manuel-sousa.blogspot.com/2013/11/xss-google-groups-groupsgooglecom.html | |
| https://www.agarri.fr/blog/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html | |
| http://blog.shashank.co/2013/11/oracle-xss.html | |
| https://whitton.io/articles/instagrams-one-click-privacy-switch/ | |
| http://blog.shashank.co/2013/10/nokia-email-app-pwnage.html | |
| http://blog.shashank.co/2013/10/lfi-in-nokia-maps.html | |
| https://josipfranjkovic.blogspot.com/2013/11/facebook-bug-bounty-secondary-damage.html | |
| https://whitton.io/articles/content-types-and-xss-facebook-studio/ | |
| https://www.josipfranjkovic.com/blog/facebook-csrf-full-account-takeover | |
| https://www.rcesecurity.com/2013/09/paypal-bug-bounty-paypaltech-com-e-mail-injection/ | |
| https://whitton.io/articles/removing-covers-images-on-friendship-pages-on-facebook/ | |
| https://arulkumar.in/delete-any-photo-from-facebook-by-exploiting-support-dashboard | |
| https://arulkumar.in/multiple-open-url-redirection-vulnerability-in-facebook-worth-1500/ | |
| https://josipfranjkovic.blogspot.com/2013/07/sql-injections-in-nokia-sites.html | |
| https://josipfranjkovic.blogspot.com/2013/07/how-i-found-my-way-into-instagrams.html | |
| https://bitquark.co.uk/blog/2013/07/19/admob_creative_image_xss | |
| https://bitquark.co.uk/blog/2013/07/03/amazon_packaging_feedback_xss | |
| https://whitton.io/articles/hijacking-a-facebook-account-with-sms/ | |
| https://whitton.io/articles/overwriting-banner-images-on-etsy/ | |
| https://www.rcesecurity.com/2013/04/paypal-bug-bounty-paypaltech-com-xss/ | |
| https://whitton.io/articles/stealing-facebook-access-tokens-with-a-double-submit/ | |
| http://c0rni3sm.blogspot.com/2013/04/how-i-rewarded-with-usdk-just-with.html | |
| http://www.rafayhackingarticles.net/2013/02/dom-based-xss-in-avg.html | |
| https://www.agarri.fr/blog/archives/2013/02/25/mutation-based_fuzzing_of_xslt_engines/index.html | |
| https://whitton.io/archive/framing-part-1-click-jacking-etsy | |
| https://whitton.io/archive/persistent-xss-on-myworld-ebay-com/ | |
| https://josipfranjkovic.blogspot.com/2013/01/googlecom-cross-site-scripting-and.html | |
| https://whitton.io/archive/my-experience-with-the-paypal-bug-bounty-programme/ | |
| https://www.agarri.fr/blog/archives/2012/08/28/all_your_postgresql_databases_are_belong_to_us/index.html | |
| https://www.agarri.fr/blog/archives/2012/05/11/svg_files_and_java_code_execution/index.html | |
| https://www.agarri.fr/blog/archives/2012/02/17/compromising_hp_san_appliances/index.html | |
| https://maustin.net/articles/2011-08/FBML_dom_traversal | |
| https://maustin.net/articles/2010-07/facebook_fbml_xss | |
| https://maustin.net/articles/2010-07/facebook_html5 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment