| Another 1500$: CR/LF Injection |
|
|
|
| Forced SSO Session Fixation |
|
|
|
| 2FA Bypass - IDN Mischief |
|
|
|
| Oops I UDL'd it Again |
|
|
|
| Account takeover on 8 years old public program |
|
|
|
| SCCMSecrets.py: Exploiting SCCM Policies Distribution For Credentials Harvesting, Initial Access And Lateral Movement |
|
|
|
| Breaking the Barrier: Admin Panel Takeover Worth $3500 |
|
|
|
| How I Got $150 on HackerOne for My First Bug |
|
|
|
| How I got my first $13500 bounty through Parameter Polluting (HPP) |
|
|
|
| Gotta cache 'em all: bending the rules of web cache exploitation |
|
|
|
| Listen to the whispers: web timing attacks that actually work |
|
|
|
| Splitting the email atom: exploiting parsers to bypass access controls |
|
|
|
| The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover |
|
|
|
| Exploiting Lambda Functions for Fun and Profit |
|
|
|
| My First Bug Bounty: CORS Misconfiguration |
|
|
|
| Race Condition About The User Version and Ignored |
|
|
|
| AI Under Siege: Discovering and Exploiting Vulnerabilities |
|
|
|
| CSWSH Meets LLM Chatbots |
|
|
|
| Unveiling Remote Code Execution in AI chatbot workflows 💵 |
|
|
|
| How I Earned $469 Bounty: Bypassing Plan Restriction |
|
|
|
| No Database No Table, how do you do MSSQL Injection? |
|
|
|
| Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit |
|
|
|
| Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming! |
|
|
|
| SAML Authentication Bypass Leading to Admin Panel Access |
|
|
|
| Bypass Plan Restriction & Get 350$ Bounty |
|
|
|
writeups.xyz
/
Undisclosed