writeups.xyz

This Website is a collection of Information Security and Bug Bounty writeups that allows you to easily filter writeups by vulnerabilities, programs, authors, and more, making your research and exploration of security issues simpler and more efficient.

Important Note: Please remember that the inclusion of a program or target in this directory does not imply permission to conduct any hacking activities. Always review and adhere to the specific policies of each program before taking any action.

Title	Vulnerabilities	Programs	Authors
Multi-sandwich attack with MongoDB Object ID or the scenario for real-time monitoring of web application invitations: a new use case for the sandwich attack	Sandwich Attack	Undisclosed	Aethlios (@AethliosIK)
Windows Installer, Exploiting Custom Actions	Local Privilege Escalation	Microsoft (Windows)	Adrian Denkiewicz
Bypassing Account Suspension Using Anonymous Posting \| Facebook Bug Bounty	Authorization Bypass	Meta / Facebook	Ph.Hitachi
GitHub Actions Exploitation: Self Hosted Runners	CI/CD Self-Hosted Runner Takeover	Haskell Scroll	Hugo Vincent (@Hugow_vincent)
SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts	AI Cloud Kubernetes Privilege Escalation Missing Authentication	SAP	Hillai Ben-Sasson (@Hillai) Shir Tamari (@Shirtamari) Nir Ohfeld (@Nirohfeld) Sagi Tzadik (@Sagitz_) Ronen Shustin (@Ronenshh)
Unveiling TE.0 HTTP Request Smuggling: Discovering a Critical Vulnerability in Thousands of Google Cloud Websites	HTTP Request Smuggling Cloud	Google (GCP)	Paolo Arnolfo (@Sw33tLie) Guillermo Gregorio (@Bsysop) Francesco Mariani (@_Medusa_1_)
Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability	Local Privilege Escalation DLL Search Order Hijacking	Delinea	Brenden Meeder
SSD Advisory – XenForo RCE Via CSRF	RCE CSRF Security Code Review	XenForo	Egidio Romano / EgiX
Type confusion attacks in ProseMirror editors	Type Confusion Stored XSS CSP Bypass	Outline	Pham Van Khanh
Encoding Differentials: Why Charset Matters	XSS	Undisclosed	Stefan Schiller (@Scryh_)
How to Bypass Golang SSL Verification	SSL Verification Bypass Security Code Review	Undisclosed	Michael Pasternak
Unauthenticated SSRF on Havoc C2 teamserver via spoofed demon agent	SSRF Security Code Review	Havoc C2	Chebuya (@_Chebuya)
Firmware Security: Alcatel-Lucent ALE-DeskPhone	VoIP Hacking Hardware Hacking Reverse Engineering Arbitrary File Read TOCTOU Local Privilege Escalation	Alcatel-Lucent	Moritz Abrell (@Moritz_abrell)
Hacking a Secure Industrial Remote Access Gateway	OS Command Injection XSS Hardcoded Secrets Industrial System (OT)	HMS (Ewon Cosy+)	Moritz Abrell (@Moritz_abrell)
SSD Advisory – SonicWall SMA100 Stored XSS To RCE	RCE OS Command Injection Stored XSS	SonicWall	SeongJoon Cho
A Race to the Bottom - Database Transactions Undermining Your AppSec	Race Condition	Undisclosed	Viktor Chuchurski (@Viktorot)
Bidding Like a Billionaire - Stealing NFTs With 4-Char CSTIs	CSTI	Undisclosed	Matan Berson (@MtnBer)
Chaining Three Bugs to Access All Your ServiceNow Data	RCE SSTI Security Code Review	ServiceNow	Adam Kues (@Hash_kitten)
Dynamics 365 Business Central - A Journey With Ups and Downs	Insecure Deserialization Missing Authentication	Microsoft	Florian Hauser (@Frycos)
Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution	RCE XSS Electron Thick Client	Evernote	Patrick Peng (@Retr0reg)
GitHub Actions Exploitation: Repo Jacking And Environment Manipulation	Repojacking Supply Chain Attack	Microsoft (Azure) Swagger Google (Firebase) Alibaba	Hugo Vincent (@Hugow_vincent)
Bypassing ACLs – IDOR exploitation via HPP	IDOR HTTP Parameter Pollution	Undisclosed	Adrian Tiron (@Adrian__t)
CVE-2024-29511 – Abusing Ghostscript’s OCR device	Arbitrary File Read Arbitrary File Write Security Code Review	Ghostscript	Thomas Rinsma (@Thomasrinsma)
Fickle PDFs: exploiting browser rendering discrepancies	Phishing	Undisclosed	Zakhar Fedotkin / D4d (@D4d89704243)
Intigriti XSS Challenge July 2024 — Finding a new DOMPurify bug	DOM Clobbering	DOMPurify	Realansgar (@Realansgar)

Page 7 of 255