| ServiceNow Insecure Access Control To Full Admin Takeover |
|
|
|
| How we tried to book a train ticket and ended up with a databreach with 245,000 records |
|
|
|
| The Unexpected “0” Master ID for Account Data Manipulation |
|
|
|
| Taking Over an Entire Organization - A Journey Through Multiple Bugs |
|
|
|
| Compromising Honda’s power equipment / marine / lawn & garden dealer eCommerce platform through a vulnerable password reset API |
|
|
|
| Kanboard - Spraying Malicious Tasks Across all Projects |
|
|
|
| What is kong & why we’re relying on it |
|
|
|
| Exploits Explained: Permission misconfiguration within Salesforce JavaScript Remoting tokens used for Apex Controllers |
|
|
|
| How Material Security Uncovered a Vulnerability in the Gmail API |
|
|
|
| From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR |
|
|
|
| Account Take Over (Via an API) |
|
|
|
| High severity vulnerability fixed in WordPress Elementor Pro plugin. |
|
|
|
| Joomla! CVE-2023-23752 to Code Execution |
|
|
|
| The Time I Hacked Google’s Manual Actions Database |
|
|
|
| Unauthorized access to Codespace secrets in GitHub |
|
|
|
| Exposing Users Table From a Leaky GraphQL Query |
|
|
|
| 30-Minute Heist: How I Bagged a $1500 Bounty in Just few Minutes! |
|
|
|
| Unauthorized Access To Admin Panel via Swagger |
|
|
|
| How I Used JS files inspection and Fuzzing to do admins/supports stuff |
|
|
|
| [1500$ Worth — Slack] vulnerability, bypass invite accept process |
|
|
|
| Exposing 185M+ Indians’ Personal Information and much more |
|
|
|
| We Hacked GitHub for a Month: Here’s What We Found |
|
|
|
| Vulnerabilities in ManageEngine ADSelfService Plus 6.1 build 6117 |
|
|
|
| Full Account Take Over by very simple trick. |
|
|
|
| Full Team Takeover |
|
|
|
writeups.xyz
/
Broken Access Control