| Privilege escalation leads to deleting other user’s account and company Workspace [Access Control] |
|
|
|
| AWS ECR Public Vulnerability |
|
|
|
| Broken access control + misconfiguration = Beautiful privilege escalation |
|
|
|
| The Untold SendBird Misconfigurations |
|
|
|
| Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames |
|
|
|
| Improper Access Control — My Third Finding on Hackerone! |
|
|
|
| Atlassian Jira Align, Version 10.107.4 Advisory |
|
|
|
| Finding Multiple Security Issues on Agorapulse |
|
|
|
| Broken Access Control leads to full team takeover and privilege escalation |
|
|
|
| [Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I] |
|
|
|
| Securing Developer Tools: OneDev Remote Code Execution |
|
|
|
| Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505) |
|
|
|
| CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to Jellyfin |
|
|
|
| We Hacked Larksuite For 1 month and Here is what we found |
|
|
|
| Access control worth $2000 (everyone missed this IDOR+Access control between two admins.) |
|
|
|
| An Out Of Scope domain Leads To a Critical Bug[$1500] |
|
|
|
| $1500 Of Broken Access Controls |
|
|
|
| We were vulnerable - how a security company could have vulns |
|
|
|
| Leaking Your GitHub Repositories With Snyk Code |
|
|
|
| Kubernetes Privilege Escalation: Excessive Permissions in Popular Platforms |
|
|
|
| How I Paid For My Holiday With Bug Bounty |
|
|
|
| [3/3] Cache Poisoning & Lateral Movement @ GitLab |
|
|
|
| How I was able to see likes and dislikes count even though is hidden by victim | YouTube #4 |
|
|
|
| Broken session control leads to access the admin panel even after revoking the access!! — #ZOHO |
|
|
|
| Securing Easy Appointments and earning CVE-2022-0482 |
|
|
|
writeups.xyz
/
Broken Access Control