writeups.xyz writeups.xyz / Mohamed A. Baset

Title Vulnerabilities Programs Authors
Asus Control Center – An Information Disclosure and a database connection Clear-Text password leakage Vulnerability
Hijacking User’s Private Information access_token from Microsoft Office360 facebook App
Re-dressing Instagram – Leaking Application Tokens via Instagram ClickJacking Vulnerability!
The 2.5mins or 2.5k$ hawk-eye bug – A Facebook Pages Admins Disclosure Vulnerability!
OpenProject Session Management Security Vulnerability aka CVE-2017-11667
CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System
Vulnerability in Metasploit Project aka CVE-2017-5244
Godaddy XSS affects parked domains redirector/processor!
BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!
TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking
RunKeeper Stored XSS Vulnerability – Where worms are able to run too!
Microsoft Yammer Clickjacking – Exploiting HTML5 Security Features
When your privacy disclosure is a “feature” not a “bug” – Badoo & HotorNot failure!
Fiverr.com Full Accounts Takeover – A Vulnerability Puts $50 Million Company At Risk
FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!
Facebook movies recommendation vulnerability – A bug capable of erasing all your important notifications!
WhatsApp Clickjacking Vulnerability – Yet another web client failure!
Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak
Facebook ClickJacking – How we put a new dress on Facebook UI
A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)