| Access files uploaded by employees to internal CDNs / Regenerate URL signature of user uploaded content. |
|
|
|
| Delete linked payments accounts of a Facebook page (or user) |
|
|
|
| How I Hacked Everyone’s Resume/CV’s and Got €€€ |
|
|
|
| Simple & Sweet: Bypass email update restriction to change emails of team members |
|
|
|
| How I was able to Regain access to account deleted by Admin leading to $$$ |
|
|
|
| Unauthorized Access to OData Entities + $2K Bounty From Microsoft |
|
|
|
| Broken Access Control on samsung.com subdomain leads to Mass Account Takeover of Samsung employees application accounts |
|
|
|
| JavaScript analysis leading to Admin portal access |
|
|
|
| Disclosing the members of private Facebook Group as a non-member. |
|
|
|
| User’s private watched videos/saved videos exposed through a messenger call from a locked smartphone. |
|
|
|
| Delete Any Photos In Facebook |
|
|
|
| Forcing for a bounty$$ |
|
|
|
| Abusing 'Report Abuse' |
|
|
|
| Perform substring search for emails even if Workplace admin hides email profile field. |
|
|
|
| Weak Password Setting function on practo.com |
|
|
|
| SVE-2020-18025: Unauthorised access to Samsung secure folder files |
|
|
|
| Unhiding the hidden |
|
|
|
| How could I Tag Photo to any user’s Scrapbook on Facebook |
|
|
|
| New features means new bugs |
|
|
|
| The Noob Way Of Taking Over Accounts |
|
|
|
| Authorization bypass in Google’s ticketing system (Google-GUTS) |
|
|
|
| CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data |
|
|
|
| Hunting Android Application Bugs Using Android Studio. |
|
|
|
| Disclose content of internal Facebook javascript modules ( Revisited ) |
|
|
|
| How I lost my followers on Medium |
|
|
|
writeups.xyz
/
Broken Authorization