| Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens |
|
|
|
| Hack ZTE router's admin panel |
|
|
|
| Unveiling a Security Vulnerability in Zoho Meet: Gaining Unauthorized Access to Private Meetings |
|
|
|
| The ART of Chaining Vulnerabilities |
|
|
|
| Neighbourhood Watch - Hikvision Intercom Eavesdropping |
|
|
|
| Unauthenticated Massive PII Leak |
|
|
|
| Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication Component |
|
|
|
| 0 Click ATO with the Sandwich Attack |
|
|
|
| Session Token Enumeration in RWS WorldServer |
|
|
|
| Demo: Brute-forcing a macOS user’s real name from a browser using mDNS |
|
|
|
| Security Feature Bypass In ASP.NET and Visual Studio – Race Condition |
|
|
|
| One mistake, Three bugs: Comprehensive android pentesting. |
|
|
|
| Brute-forcing ButterflyMX Virtual Keys and Hacking Time Limits |
|
|
|
| Pwning Admin Panel To Change Movie Ticket Prices at Disney |
|
|
|
| How I was able to get account takeover via IDOR form JWT |
|
|
|
| Rate Limit Bypass Leads to 0 Click ATO |
|
|
|
| Sorting Your Way to Stolen Passwords |
|
|
|
| Manipulating Encrypted Traffic for Manual and Automation |
|
|
|
| Remote Stealth Brute-force of Oracle Database Passwords |
|
|
|
| My First Un-Expected $$$$ Digit Bounty for an Un-Expected Vulnerability |
|
|
|
| Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console |
|
|
|
| Ransacking your password reset tokens |
|
|
|
| My Account Takeover Writeup: $5000 |
|
|
|
| Discovering The Less-known Vulnerability In Oracle Peoplesoft |
|
|
|
| An Unusual Tale of Email Verification Bypass |
|
|
|
writeups.xyz
/
Bruteforce