| [2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package |
|
|
|
| Logic Flaw: I Can Block You from Accessing Your Own Account |
|
|
|
| Interesting Story of an Account Takeover Vulnerability |
|
|
|
| We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI |
|
|
|
| Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation |
|
|
|
| When Certificates Fail: A Story of Bypassed MFA in Remote Access |
|
|
|
| Self-XSS to ATO via Site Features |
|
|
|
| How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack |
|
|
|
| SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff |
|
|
|
| Unmasking Harmful Content in a Medical Chatbot: A Red Team Perspective |
|
|
|
| Ghost In The Ppl Part 1: Byovdll |
|
|
|
| How I Got $250 For My Second Bug on HackerOne |
|
|
|
| IIS welcome page to source code review to LFI! |
|
|
|
| The Hunt for XXE to LFI: How I Uncovered CVE-2019–9670 in a Bug Bounty Program |
|
|
|
| Key and E: A Pentester’s Tale on How a Photo Opened Real Doors |
|
|
|
| Bypassing airport security via SQL injection |
|
|
|
| $15k RCE Through Monitoring Debug Mode |
|
|
|
| CSRF Bypass Using Domain Confusion Leads To ATO |
|
|
|
| “Like” Bypass on Customer Reviews — €500 bounty |
|
|
|
| Hitting the jackpot with RCE! |
|
|
|
| How I Got Bugs From Google Dorks |
|
|
|
| Hidden in Plain Sight: Uncovering RCE on a Forgotten Axis2 Instance |
|
|
|
| Authorization bypass due to cache misconfiguration |
|
|
|
| World of SELECT-only PostgreSQL Injections: (Ab)using the filesystem |
|
|
|
| $1600 Bounty on a Main Domain |
|
|
|
writeups.xyz
/
Undisclosed