| Vestaboard: Exploring Broken Access Controls and Privilege Escalation |
|
|
|
| How I Earned $469 Bounty: Bypassing Plan Restriction |
|
|
|
| A Creative Way To Get Someones YouTube Videos Deleted + A Copyright Strike Against Their YouTube Channel |
|
|
|
| Leaking All Users Google Drive Files |
|
|
|
| Hacking Moodle Apps Via External Functions |
|
|
|
| Using E-Notation to bypass Access Control restrictions to access arbitrary user PII-discussions |
|
|
|
| Broken access control in GoAnywhere Admin portal |
|
|
|
| Bypassing a login page and getting full admin access on an internal training platform |
|
|
|
| How I found a simple bug in Facebook events without any Test |
|
|
|
| 1 Program, 4 Business Logic Bugs and Cashing in 2300$. |
|
|
|
| How I Earned My First Bug Bounty Reward of $600 |
|
|
|
| How I Helped Indonesian Startup Company to Prevent Millions of PII Data Leaks |
|
|
|
| 500$ Access Control Bug: Performed Restricted Actions in Developer Settings by low level user. |
|
|
|
| CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1 |
|
|
|
| Navigating the Sea, Exploiting DigitalOcean APIs |
|
|
|
| $9240 Bounty in 30 days Hunt Challenge |
|
|
|
| Hacking a Large Company in MINUTES by Reading Docs |
|
|
|
| Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication Component |
|
|
|
| Spring WebFlux – CVE-2023-34034 – Write-Up and Proof-of-Concept |
|
|
|
| How I found two api vulnerabilities by analyzing JS source code |
|
|
|
| CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED] |
|
|
|
| CVE-2023-29298: Adobe ColdFusion Access Control Bypass |
|
|
|
| Unveiling Access Control Flaws: How a Viewer Became an Editor |
|
|
|
| Chaining Self Blind XSS with Broken Access Control To Make it Non Self Blind XSS |
|
|
|
| Weakness of Integration |
|
|
|
writeups.xyz
/
Broken Access Control