| The Hunt for XXE to LFI: How I Uncovered CVE-2019–9670 in a Bug Bounty Program |
|
|
|
| How I got $24000 Bounty from a Log4j RCE in Apple App Store. |
|
|
|
| Studying 0days: How we hacked Anki, the world's most popular flashcard app |
|
|
|
| Exploiting Steam: Usual and Unusual Ways in the CEF Framework |
|
|
|
| How I Found XSS In Another Govt. Site :: NCIIPC VDP !! |
|
|
|
| Real World GitLab Account Take Over |
|
|
|
| Found Multiple Bugs :: XSS, MITM, Sec-MisConf :: In a GOVT Educational Site |
|
|
|
| How I secured the United Nations Hall of Fame |
|
|
|
| Remote Code Execution by Bypassing Cloudflare: CVE-2022–29464 Analysis |
|
|
|
| CVE-2023-33733 RCE via HTMLi in reportlab |
|
|
|
| Unleashing the Power of Recon: How I Earned $2500 in 5 Minutes |
|
|
|
| Red team: Journey from RCE to have total control of cloud infrastructure |
|
|
|
| Turning Vulnerability into Bounty: How CVE-2020–17453 XSS Earned Me a $500 Bounty |
|
|
|
| Uncovering a Critical Vulnerability: My Journey of Discovering CVE-2021–31589, a Reflected XSS in LinkedIn |
|
|
|
| Remote Stealth Brute-force of Oracle Database Passwords |
|
|
|
| The Vulnerability That Exposed an UN Website to Remote Code Execution |
|
|
|
| How I got $$$$ Bounty within 5 mins |
|
|
|
| Authentication Bypass in Nexus manager (version 3.37.3–02) |
|
|
|
| RCE on admin panel of web3 website |
|
|
|
| How I DIDN’T get an RCE in a $200 Billion company — Bug Bounty |
|
|
|
| Ivanti EPM Remote Code Execution |
|
|
|
| How I bypassed PHP functions to read sensitive files on server |
|
|
|
| “How Companies Need to Widen There Scopes” |
|
|
|
| Account Takeovers — Believe the Unbelievable |
|
|
|
| Remote Code Execution in AT&T |
|
|
|
writeups.xyz
/
Components With Known Vulnerabilities