writeups.xyz writeups.xyz / Privilege Escalation

Title Vulnerabilities Programs Authors
Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL
Azure Monitor – Malicious KQL Query
Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account
AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
Abusing Azure Hybrid Workers for Privilege Escalation – Part 2: An Azure PrivSec Story
Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline
Abusing Azure Hybrid Workers for Privilege Escalation – Part 1
Escalating from Logic App Contributor to Root Owner in Azure
Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
How I earned $9000 with Privilege escalations
A misconfigured Apache Airflow to AWS Account Compromise
Exploiting Redash instances with CVE-2021-41192
Accessing GoDaddy internal instance through an email logic bug.
Hacking into Admin Panel of U.S Federal government system C.A.R.S — without credentials.
Privilege Escalation in Microsoft Teams
Multiple Vulnerabilities In Concrete CMS – Part2 (PrivEsc/SSRF/etc)
URL whitelist bypass in https://cxl-services.appspot.com
Privilege Escalation, worth of €300
ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
4 Crits in 48 hours: Unicorn Programs
Bypassing required reviews using GitHub Actions
Privilege Escalation to stored XSS
Bug-Bounty | FASTMAIL [topicbox.com: Privileges Escalation > Organization Takeover]
Admin access !!
Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances