Vote
Score
Submited by
Vulnerability Class
Title
Description
Link

Score: 9
Submitted by: phosphore
Vulnerability class:
Stored Cross Site Scripting
Title:
Researching Polymorphic Images for XSS on Google Scholar
Description:
A stored XSS found on Google Scholar leveraging polymorphic images
Link to writeup:
https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html

Score: 6
Submitted by: securityteacher
Vulnerability class:
Firewall Bypass
Title:
unleashed firmware flipper
Description:
unleashed firmware flipper zero
Link to writeup:
https://www.mubassirkamdar.com/2022/12/unleashed-firmware-flipper.html

Score: 6
Submitted by: quas
Vulnerability class:
XXE
Title:
From blind XXE to root-level file read access
Description:
On a recent bug bounty adventure, I came across an XML endpoint that responded interestingly to attempted XXE exploitation.
Link to writeup:
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/

Score: 4
Submitted by: Eduardo nuri
Vulnerability class:
Account Takeover
Title:
How your NFT could had been stolen with one click
Description:
Get the inside scoop on the NFT marketplace exploit that could have stolen your digital assets with just one click.
Link to writeup:
https://www.permasecure.io/2023/03/03/how-your-nfts-could-have-been-stolen-in-just-one-click/

Score: 3
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
XSS and cache poisoning via upload.twitter.com on ton.twitter.com
Description:
attackers can bypass the upload restriction on upload.twitter.com to cause XSS on ton.twitter.com and cache poisoning.
Link to writeup:
https://hackerone.com/reports/84601

Score: 2
Submitted by: Hacklad
Vulnerability class:
Stored Cross Site Scripting
Title:
Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS
Description:
I found a stored XSS bug that could allow an attacker to steal user email conversations, contacts in mail.ru and myMail iOS applications (version 12.2.1)
Link to writeup:
https://medium.com/kminthein/story-of-stealing-mail-conversation-contacts-in-mail-ru-and-mymail-ios-applications-via-xss-1e49c4ed560

Score: 2
Submitted by: Hacklad
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
A Less Known Attack Vector, Second Order IDOR Attacks
Description:
Second-order SQL injection arises when user-supplied data is stored by the application and later incorporated into SQL queries in an unsafe way.
Link to writeup:
https://blog.usejournal.com/a-less-known-attack-vector-second-order-idor-attacks-14468009781a

Score: 2
Submitted by: stefano
Vulnerability class:
Remote Code Execution (RCE)
Title:
[demo.paypal.com] Node.js code injection (RCE)
Link to writeup:
http://artsploit.blogspot.com/2016/08/pprce2.html

Score: 2
Submitted by: quas
Vulnerability class:
Information Disclosure
Title:
You do not need to run 80 reconnaissance tools to get access to user accounts
Description:
An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked.
Link to writeup:
https://gist.github.com/stefanocoding/8cdc8acf5253725992432dedb1c9c781

Score: 2
Submitted by: quas
Vulnerability class:
Information Disclosure
Title:
Think Outside the Scope: Advanced CORS Exploitation Techniques
Description:
Two different cases of how I was able to exploit a CORS misconfiguration: The first case based on an XSS, and requires thinking outside of the scope, and the second is based on an advanced CORS exploitation technique.
Link to writeup:
https://medium.com/@sandh0t/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397

Score: 2
Submitted by: quas
Vulnerability class:
Stored Cross Site Scripting
Title:
Tale of a Wormable Twitter XSS
Description:
In mid-2018, I found a stored XSS on Twitter in the least likely place you could think of. Yes, right in the tweet! But what makes this XSS so special is that it had the potential to be turned into a fully-fledged XSS worm.
Link to writeup:
https://www.virtuesecurity.com/tale-of-a-wormable-twitter-xss/

Score: 2
Submitted by: quas
Vulnerability class:
XXE
Title:
A $7.500 BUG Bounty Bug explained, step by step. (BLIND XXE OOB over DNS)
Description:
In this vlog il walk you through a BLIND XXE OOB over DNS bug on a super hardened target and teach you how to exploit it.
Link to writeup:
https://www.youtube.com/watch?v=f3SXDBMGGb8

Score: 2
Submitted by: quas
Vulnerability class:
Remote File Inclusion
Title:
Exploiting Remote File Inclusion (RFI) in PHP application and bypassing remote URL inclusion restriction
Description:
Exploiting Remote File Inclusion (RFI) vulnerability in PHP applications which is vulnerable to "File Inclusion attack". We will bypass the Remote URL inclusion restriction and perform the exploitation of RFI even if PHP environment is configured not to include files from remote HTTP/FTP URL.
Link to writeup:
http://www.mannulinux.org/2019/05/exploiting-rfi-in-php-bypass-remote-url-inclusion-restriction.html

Score: 1
Submitted by: quas
Vulnerability class:
Inspirational talk
Title:
How to Differentiate Yourself as a Bug Bounty Hunter - Mathias Karlsson @avlidienbrunn
Description:
There are a lot of illusions and misconceptions around the bug bounty industry. Is it too late to join? Are all the vulnerabilities already found? Is everything automated nowadays so there's no way to be late to the party? Frans and Mathias have been in the mythical world of bounties for a few years and will share their thoughts and ideas on how to actually approach it technically, methodologically and mentally. And also, how to use bug bounties for your own advantage, to improve your career and to increase your pentesting and vulnerability hunting skills.
Link to writeup:
https://www.youtube.com/watch?v=WTH6f0R7uzo

Score: 1
Submitted by: quas
Vulnerability class:
Various Vulnerabilities
Title:
CRACKING THE LENS (James Kettle)
Description:
EXPLOITING HTTP'S HIDDEN ATTACK-SURFACE
Link to writeup:
https://www.blackhat.com/docs/us-17/wednesday/us-17-Kettle-Cracking-The-Lens-Exploiting-HTTPs-Hidden-Attack-Surface.pdf

Score: 1
Submitted by: quas
Vulnerability class:
Charset Blogpost
Title:
The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!)
Description:
Ever wonder about that mysterious Content-Type tag? You know, the one you’re supposed to put in HTML and you never quite know what it should be?
Link to writeup:
https://www.joelonsoftware.com/2003/10/08/the-absolute-minimum-every-software-developer-absolutely-positively-must-know-about-unicode-and-character-sets-no-excuses/

Score: 1
Submitted by: quas
Vulnerability class:
OAuth Account Takeover
Title:
Oh-Auth - Abusing OAuth to take over millions of accounts
Description:
Hackers could take over millions of accounts on Grammarly, Vidio and Bukalapak. The issue was fixed but users at other websites could still be at risk.
Link to writeup:
https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts

Score: 1
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
Hacking Auto-GPT and escaping its docker container
Description:
We showcase an attack which leverages indirect prompt injection to trick Auto-GPT into executing arbitrary code when it is asked to perform a seemingly harmless task such as text summarization on an attacker controlled website
Link to writeup:
https://positive.security/blog/auto-gpt-rce

Score: 1
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
Blog: CVE-2023-4634 - Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old Imagick
Description:
As discussed in many of our articles, you already know that WordPress and related plugins are taking up a large space in the global attack surface we are monitoring for our customers. Discovering always new methods and techniques to exploit potential flaws on these technologies allows us to be pro-active and try to maintain an advantage over potential attackers. The vulnerability described below is a perfect example of that proactivity: we promptly alerted all our customers who were using the vulnerable plugins, even before the fix for the vulnerability became available (in most cases, our clients either disabled the plugin or implemented a custom fix provided by us).
Link to writeup:
https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/

Score: 1
Submitted by: quas
Vulnerability class:
Reflected Cross Site Scripting
Title:
Hacking GTA V RP Servers Using Web Exploitation Techniques
Description:
As I roam the city in my car, nearby players are attempting to play the music from the URL being broadcasted by my car. Since this "URL" is a maliciously crafted payload, they are instead connecting to my websocket awaiting further command.
Link to writeup:
https://www.nullpt.rs/hacking-gta-servers-using-web-exploitation

Score: 1
Submitted by: quas
Vulnerability class:
Account Takeover due to use of UUIDv1
Title:
0 Click ATO with the Sandwich Attack
Description:
In this article we are going to talk about a technique called the "Sandwich Attack" and how we used it to get a 0 Click Account Take Over (ATO). In fact, I have had the pleasure of presenting this vulnerability at the HacktivityCon 2022 in Las Vegas and on the French Channel Underscore_
Link to writeup:
https://www.landh.tech/blog/20230811-sandwich-attack/

Score: 1
Submitted by: quas
Vulnerability class:
Multiple Vulnerabilities
Title:
Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform
Description:
Between March 2023 and May 2023, we identified multiple security vulnerabilities within points.com, the backend provider for a significant portion of airline and hotel rewards programs. These vulnerabilities would have enabled an attacker to access sensitive customer account information, including names, billing addresses, redacted credit card details, emails, phone numbers, and transaction records. Moreover, the attacker could exploit these vulnerabilities to perform actions such as transferring points from customer accounts and gaining unauthorized access to a global administrator website. This unauthorized access would grant the attacker full permissions to issue reward points, manage rewards programs, oversee customer accounts, and execute various administrative functions.
Link to writeup:
https://samcurry.net/points-com/

Score: 1
Submitted by: quas
Vulnerability class:
Account Takeover
Title:
Customer account takeover in Shopify stores
Description:
During the recent Ambassador World Cup held by HackerOne, we identified an account takeover vulnerability in Shopify affecting a subset of Shopify’s Shop users. A successful exploit would have allowed attackers to takeover accounts of Shop’s users in public Shopify stores allowing access to order history and shipping addresses. Shopify recently introduced Shop Pay within the Shop application. Shop Pay allows users to easily purchase items in most Shopify stores by storing their payment information in their Shop account. However, Shop accounts, by default, do not have Shop Pay enabled. Users must manually enable this feature in their Shop settings or when purchasing an item from a store that supports Shop Pay.
Link to writeup:
https://ophionsecurity.com/blog/shopify-acount-takeover

Score: 1
Submitted by: quas
Vulnerability class:
Reflected Cross Site Scripting
Title:
All is XSS that comes to the .NET
Description:
The ability to easily add own resources (like .css or .js) to a project is very important feature of many frameworks. Manual updates of sub-pages to insert correct relative paths (remembering how many '../' should be added to match the directory hierarchy) can really be a nightmare. Moreover, upon decision to change the file/directory structure, fixing all of those paths again would be a waste of time. Using absolute paths, however, doesn’t solve the problem either. Deploying an application to a sub-directory, instead of the root of the domain (or changing the deployment location), makes the absolute paths useless. Luckily for the developers ASP.NET takes responsibility for the above problems by offering app-root-relative URLs. Luckily for the attackers – it also opens some new ways to attack web applications.
Link to writeup:
https://blog.isec.pl/all-is-xss-that-comes-to-the-net/

Score: 1
Submitted by: quas
Vulnerability class:
Race Condition
Title:
Smashing the state machine: the true potential of web race conditions
Description:
For too long, web race condition attacks have focused on a tiny handful of scenarios. Their true potential has been masked thanks to tricky workflows, missing tooling, and simple network jitter hiding all but the most trivial, obvious examples. In this paper, I'll introduce new classes of race condition that go far beyond the limit-overrun exploits you're probably already familiar with. With these I'll exploit both multiple high-profile websites and Devise, a popular authentication framework for Rails.
Link to writeup:
https://portswigger.net/research/smashing-the-state-machine

Score: 1
Submitted by: quas
Vulnerability class:
Authentication Bypass
Title:
Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899)
Description:
In modern web development, while cookies are the go-to method for transmitting session IDs, the .NET Framework also provides an alternative: encoding the session ID directly in the URL. This method is useful to clients that do not support cookies.
Link to writeup:
https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/

Score: 1
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
Patch Diffing Progress MOVEIt Transfer RCE (CVE-2023-34362)
Description:
In the last few days, threat actors have been exploiting a critical pre-authentication vulnerability within Progress MOVEIt Transfer. There have been several great blog posts covering the incident response, forensic artifacts, and detection engineering efforts when it comes to preventing compromise. Assetnote was successful at determining the full exploit chain for this vulnerability, including the SQL injection and the remote code execution attack vector.
Link to writeup:
https://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure/

Score: 1
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
MOVEIt Transfer RCE Part Two (CVE-2023-34362)
Description:
In our last post we detailed our initial work reversing the recent Progress MOVEit Transfer remote code execution vulnerability as well as our proof-of-concept demonstrating the exploit. We implemented checks in our Attack Surface Management platform providing our customers with assurance on whether or not they are affected. However, we declined to post the full exploit chain as it was being actively exploited at the time. Since then, a public proof-of-concept has been posted and so we will now detail the steps we took to reverse the vulnerability.
Link to writeup:
https://blog.assetnote.io/2023/06/13/moveit-transfer-part-two/

Score: 1
Submitted by: quas
Vulnerability class:
Google Cloud
Title:
$7.5k Google Cloud Platform organization issue
Description:
GCP organizations can be used to easily manage resources (Such as projects, billing accounts, IAM roles, etc.) in one single place. Most resources cannot be detached from the organization they were created in, and even though they can be deleted, most of them can be restored within a month. Because of this, it is important that users pay attention to where they are putting their resources, for example: if for some reason they created a billing account on an organization they do not trust, they could end up being charged for the actions of someone else.
Link to writeup:
https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html

Score: 1
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
RCE in Google Cloud Deployment Manager
Description:
By using an internal (dogfood) version of the Google Cloud Deployment Manager, I was able to issue requests to some Google internal endpoints through Google's Global Service Load Balancer, which could have led to RCE.
Link to writeup:
https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html

Score: 1
Submitted by: quas
Vulnerability class:
Google Cloud SQL
Title:
How to contact Google SRE: Dropping a shell in Cloud SQL
Description:
This write-up covers vulnerabilities that we have discovered in the MySQL versions 5.6 and 5.7 of Cloud SQL.
Link to writeup:
https://www.ezequiel.tech/2020/08/dropping-shell-in.html

Score: 1
Submitted by: quas
Vulnerability class:
Authentication Bypass
Title:
Auth bypass: Leaking Google Cloud service accounts and projects
Description:
It was possible to list IAM service accounts of any Google Cloud Platform project, given its project number, by forging a pageToken for the projects.serviceAccounts.list method of the IAM API. Due to the design of certain services in Google Cloud, this issue could lead to the leak of lots of Google Cloud Platform project IDs, which are considered PII, and which could be further used to scan for unsecured resources in the platform, such as App Engine apps, Container Registry repositories, etc.
Link to writeup:
https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html

Score: 1
Submitted by: quas
Vulnerability class:
Authentication Bypass
Title:
Authentication bypass using empty parameters.
Description:
Exploiting Authentication Bypass vulnerability in Codeigniter with a tricky technique.
Link to writeup:
https://eslam3kl.gitbook.io/blog/bug-hunting-findings/authentication-bypass-using-empty-parameters.

Score: 1
Submitted by: helich0pper
Vulnerability class:
Pivoting
Title:
Pivot Into A Network Using A Compromised Router
Description:
Access devices on the internal network after gaining shell access to an environment with constraints such as low storage/memory (eg. a Linux-based microcontroller or a router).
Link to writeup:
https://helich0pper.github.io/router_rce/

Score: 1
Submitted by: lukeberner
Vulnerability class:
Information Disclosure
Title:
Cloning internal Google repos for fun and… info?
Description:
Cloning internal Google repositories to find sensitive information
Link to writeup:
https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00

Score: 1
Submitted by: Jitendra chandel
Vulnerability class:
Client Side Request Forgery
Title:
Account Takeover via CSRF
Description:
There is no protection against CSRF in changing email which lead to CSRF to account takeover
Link to writeup:
https://bugreader.com/_imjitendra_@account-takeover-via-csrf-260

Score: 1
Submitted by: Hacklad
Vulnerability class:
Authorization Bypass
Title:
SAML AUTH BYPASS
Description:
When using SAML authentication, responses are not checked properly. This allows attacker to inject/modify any assertions in the SAML response and thus, for example, authenticate as administrator.
Link to writeup:
https://hackerone.com/reports/812064

Score: 1
Submitted by: securityteacher
Vulnerability class:
Remote Code Execution (RCE)
Title:
CSV Injection
Description:
Run Commands On Company Machines
Link to writeup:
https://www.mubassirkamdar.com/2019/04/run-commands-on-company-machines-csv.html?m=1

Score: 1
Submitted by: maxsam4
Vulnerability class:
Denial of Service (DoS)
Title:
Free blockchain storage – Tale of a bug in Substrate’s FRAME runtime
Description:
A bug in Substrate's FRAME runtime allowed anyone to store infinitely large data on the blockchain for free. It affected substrate chains including Polkadot, Kusama, and Polymesh.
Link to writeup:
https://mudit.blog/free-blockchain-storage-bug-substrate/

Score: 1
Submitted by: stefano
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
Paypal bug $10K - All Secondary users account takeover leads to unauthorized money transfer from paypal business accounts
Link to writeup:
https://whitehathaji.blogspot.com/2019/07/paypal-bug-10k-all-secondary-users.html

Score: 1
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
A Questionable Journey From XSS to RCE
Description:
As many of you reading this probably already know, in mid April, a good friend of mine (@Daley) and I located a Remote Code Execution vulnerability in EA’s Origin client (CVE-2019-11354). Today I’m going to go in depth on how we discovered this vulnerability, along with a couple others we needed to chain along the way ;pp
Link to writeup:
https://zeropwn.github.io/2019-05-13-xss-to-rce/

Score: 1
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
JUMPING TO THE HELL WITH 10 ATTEMPTS TO BYPASS DEVIL’S WAF
Description:
This is a quick write up for a waf bypass on a private bbp, so i will keep hidden the name of the program.
Link to writeup:
https://medium.com/bugbountywriteup/jumping-to-the-hell-with-10-attempts-to-bypass-devils-waf-4275bfe679dd

Score: 1
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
XSS without parentheses and semi-colons
Description:
A few years ago I discovered a technique to call functions in JavaScript without parentheses using onerror and the throw statement. It works by setting the onerror handler to the function you want to call and the throw statement is used to pass the argument to the function
Link to writeup:
https://portswigger.net/blog/xss-without-parentheses-and-semi-colons

Score: 1
Submitted by: quas
Vulnerability class:
Recon
Title:
Awesome Asset Discovery
Description:
Through this repository, we want to put out a list of curated resources which help during asset discovery phase of a security assessment engagement.
Link to writeup:
https://github.com/redhuntlabs/Awesome-Asset-Discovery

Score: 1
Submitted by: quas
Vulnerability class:
Blind Server Side Request Forgery (Blind SSRF)
Title:
BLIND SSRF in *.stripe.com due to Sentry Misconfiguration
Description:
Before we doing pentesting we should know our target using any third party service.
Link to writeup:
https://medium.com/@0ktavandi/blind-ssrf-in-stripe-com-due-to-sentry-misconfiguration-60ebb6a40b5

Score: 1
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
Facebook IDOR bug in GraphQL
Description:
The vulnerability type "IDOR": allows any potential attacker to change the account settings for another user
Link to writeup:
https://www.youtube.com/watch?v=lY_5FHhRVko&feature=youtu.be

Score: 1
Submitted by: quas
Vulnerability class:
XXE
Title:
Exploiting XXE with local DTD files
Description:
This little technique can force your blind XXE to output anything you want!
Link to writeup:
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/

Score: 1
Submitted by: quas
Vulnerability class:
Recon
Title:
Github OSINT
Description:
When performing your initial recon on an organization dont forget about Github. Github is used by developers to maintain and share their code, most of the time they end up sharing much more though.
Link to writeup:
https://medium.com/@ghostlulzhacks/github-osint-1e8a96f9fdb8

Score: 1
Submitted by: quas
Vulnerability class:
Denial of Service (DoS)
Title:
Denial of Service using Cookie Bombing
Description:
While observing headers and response of the first request which was simple GET request to homepage WWW.EXAMPLE.COM, it came to my mind that why not check hidden get parameters?
Link to writeup:
https://medium.com/@ronak_9889/denial-of-service-using-cookie-bombing-55c2d0ef808c

Score: 1
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect
Description:
com.twitter.android.lite.TwitterLiteActivity is set to exported and doesn't validate data pass to intent due to which this activity vulnerable to steal users local files, javascript injection and open redirect.
Link to writeup:
https://hackerone.com/reports/499348

Score: 1
Submitted by: quas
Vulnerability class:
Recon
Title:
5 super important main-app testing tips for bug bounty hunters with STOK&Haddix
Description:
Five things to test on the main app. And If you don't test for these, well then you're missing out!.
Link to writeup:
https://www.youtube.com/watch?v=aNQg9mg4WNI

Score: 0
Submitted by: quas
Vulnerability class:
Reverse Engineering (RE)
Title:
Reversing WordPress CVEs: Baby Steps
Description:
While searching for fun CVEs in Wordpress Plugins, CVE-2023–2834 caught our eye. The plugin Bookit was vulnerable to an Authentication Bypass. As per Patchstack, this was a CVSS 9.8 issue, meaning it was quite impactful! Hence, me and Arpeet Rathi decided to take a look.
Link to writeup:
https://infosecwriteups.com/reversing-wordpress-cves-baby-steps-1069feb50dd4

Score: 0
Submitted by: quas
Vulnerability class:
Reflected Cross Site Scripting
Title:
Bypassing XSS Filters: Techniques and Solutions
Description:
In the ever-evolving landscape of web security, Cross-Site Scripting (XSS) stands as one of the most pernicious vulnerabilities. XSS allows attackers to inject malicious scripts into web pages which then run on another user’s browser. These injected scripts can lead to a variety of malicious actions, such as stealing session cookies or defacing web pages. To counteract these vulnerabilities, developers deploy multiple techniques. But as developers fortify defenses, attackers refine their techniques to bypass these security measures. This article will explore some techniques used to bypass XSS filters and how developers can stay vigilant.
Link to writeup:
https://infosecwriteups.com/bypassing-xss-filters-techniques-and-solutions-d6674029f1e9

Score: 0
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
Gone in a Click: IDOR Vulnerabilities in Image Upload Function
Description:
Mostly I do hunting on weekends so while hunting on one program let’s consider the program as a redacted.com so while hunting on a platform within a three hours I got 3–4 IDOR vulnerabilities with full account takeover (Regarding account takeover I will write about it later in detail). Let’s see how was the approach in discovering it, so after creating the account I started looking for vulnerabilities while going through the website features and functionalities.
Link to writeup:
https://infosecwriteups.com/gone-in-a-click-idor-vulnerabilities-in-image-upload-function-6c4817b44d8c

Score: 0
Submitted by: quas
Vulnerability class:
Reflected Cross Site Scripting
Title:
XSS Intigriti challenge
Description:
Hello hunters, let me explain how did I overcome this XSS challenge set up by the bug bounty platform Intigriti.
Link to writeup:
https://infosecwriteups.com/xss-intigriti-challenge-dae2dba1cb4c

Score: 0
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
Story of a very lethal IDOR.
Description:
If I didn’t even try to find that IDOR vulnerability I couldn’t have achieved this account takeover.
Link to writeup:
https://infosecwriteups.com/idor-that-allowed-me-to-takeover-any-users-account-129e55871d8

Score: 0
Submitted by: quas
Vulnerability class:
Cross-Account, Cross-Region Replication of Encrypted Objects
Title:
Seamless Cross-Account, Cross-Region Replication of Encrypted Objects in AWS S3: Simplified Data Protection
Description:
In today’s digital landscape, data protection is paramount for organizations handling sensitive information. Amazon Simple Storage Service (S3) offers a robust solution for storing and managing data in the cloud. One of the powerful features provided by S3 is Cross-Region Replication, which allows for automatic and asynchronous replication of objects between different AWS regions.
Link to writeup:
https://infosecwriteups.com/seamless-cross-account-cross-region-replication-of-encrypted-objects-in-aws-s3-simplified-data-4e3972b63618

Score: 0
Submitted by: quas
Vulnerability class:
Server Side Request Forgery
Title:
SSRF’s up! Real World Server-Side Request Forgery (SSRF)
Description:
n this blog post we’re going to explain what an SSRF attack is, how to test for it, and some basic guidelines on how to fix it. We will be using a real-world example, exploiting a vulnerability we discovered in a commercial Business Intelligence product called Dundas BI.
Link to writeup:
https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/

Score: 0
Submitted by: Liam
Vulnerability class:
Other
Title:
Social Media Intelligence (SOCMINT) - Practical tips & tools
Description:
This article shows you how to perform recon on targets across different social media websites
Link to writeup:
https://www.osintteam.com/social-media-intelligence-socmint-practical-tips-tools/

Score: 0
Submitted by: ife
Vulnerability class:
SQL Injection
Title:
bWAPP GET/Search
Description:
Using the buggy web application with Docker, you can exploit the URL by searching through the bWAPP database to find user information, including login and password!
Link to writeup:
http://www.itsecgames.com/

Score: 0
Submitted by: Santosh bobade
Vulnerability class:
DNS
Title:
How I Got An Appreciation Letter From Harvard University
Description:
Subdomain takeover at harvard university : A Subdomain Takeover is defined as Subdomain takeover attacks are a class of security issues where an attacker is able to seize control of an organization’s subdomain via cloud services like AWS or Azure. … The potential for a subdomain takeover occurs when the webpage hosted at the cloud provider is deleted but the DNS entry is kept.
Link to writeup:
https://santoshdbobade.medium.com/how-i-got-an-appreciation-letter-from-harvard-university-a3d19de69701

Score: 0
Submitted by: Santosh bobade
Vulnerability class:
DNS
Title:
How I Got An Appreciation Letter From Harvard University
Description:
Subdomain takeover at harvard university :
Link to writeup:
https://santoshdbobade.medium.com/how-i-got-an-appreciation-letter-from-harvard-university-a3d19de69701

Score: 0
Submitted by: Santosh bobade
Vulnerability class:
Recon
Title:
Creating Your Own Telegram Bot For Recon Bug Bounty
Description:
You can create a telegram bot for recon and your own methodology for automation
Link to writeup:
https://santoshdbobade.medium.com/creating-your-own-telegram-bot-for-recon-bug-bounty-8c3fd3dfcbcf

Score: 0
Submitted by: Santosh bobade
Vulnerability class:
Reflected Cross Site Scripting
Title:
An Accidental XSS on uu.nl
Description:
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
Link to writeup:
https://santoshdbobade.blogspot.com/2021/02/an-accidental-xss-onuunl.html

Score: 0
Submitted by: Santosh bobade
Vulnerability class:
Reflected Cross Site Scripting
Title:
How I got Reflected Cross Site Scripting(RXSS) on Manchester Metropolitan University
Description:
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
Link to writeup:
https://link.medium.com/BRQtX1baupb

Score: 0
Submitted by: securityteacher
Vulnerability class:
Host Header Injection
Title:
Account Takeover Using Reset Password
Link to writeup:
https://www.mubassirkamdar.com/2020/07/account-takeover-poc.html

Score: 0
Submitted by: Yurii Sanin
Vulnerability class:
Server Side Request Forgery
Title:
CVE-2020–15823: Server-Side Request Forgery (SSRF) in JetBrains YouTrack
Description:
More than a year ago I discovered a misconfiguration that leads to SSRF in YouTrack, and here are detailed steps on how I did it.
Link to writeup:
https://mitmlab.com/cve-2020-15823-server-side-request-forgery-ssrf-in-jetbrains-youtrack-74543a86a248

Score: 0
Submitted by: Hacklad
Vulnerability class:
Information Disclosure
Title:
Deleted data stored permanently on Instagram?
Description:
Today I am going to explain one of the coolest and easiest bugs which I accidentally found on Instagram a few months ago
Link to writeup:
https://medium.com/infosec/deleted-data-stored-permanently-on-instagram-facebook-bug-bounty-2020-26074c229955

Score: 0
Submitted by: Hacklad
Vulnerability class:
Denial of Service (DoS)
Title:
Top 25 Denial-of-Service (DoS) Bug Bounty Reports
Description:
In this article, we will discuss Denial-of-Service vulnerabilities, how to find one, and present 25 disclosed reports based on this issue.
Link to writeup:
https://medium.com/swlh/top-25-denial-of-service-dos-bug-bounty-reports-4aaeb4e9a052

Score: 0
Submitted by: Hacklad
Vulnerability class:
Server Side Request Forgery
Title:
An exciting journey to find SSRF , Bypass Cloudflare , and extract AWS metadata !
Description:
This is my first write-up, and in this write-up i’m gonna share with you my recent exciting finding which led me to extract aws metadata !
Link to writeup:
https://infosecwriteups.com/an-exciting-journey-to-find-ssrf-bypass-cloudflare-and-extract-aws-metadata-fdb8be0b5f79

Score: 0
Submitted by: Hacklad
Vulnerability class:
Information Disclosure
Title:
Misconfigured $3 Bucket - A Semi Opened Environment
Description:
First of all, just learn to recon and improve your methodology in recon don’t just follow another one’s recon tip if you do so there is no difference between you and them
Link to writeup:
https://medium.com/techiepedia/misconfigured-3-bucket-a-semi-opened-environment-9cfb9dee782d

Score: 0
Submitted by: Hacklad
Vulnerability class:
Cross Site Scripting (XSS)
Title:
Take Advantage of Out-of-Scope Domains in Bug Bounty Programs
Description:
In brief, you may be able to escalate your attacks by using API’s, javacript workarounds, a misconfiguration on a domain that isn’t under the program scope.
Link to writeup:
https://ahussam.me/Take-Advantage-of-Out-of-Scope-Domains-in-Bug-Bounty/

Score: 0
Submitted by: quas
Vulnerability class:
Client Side Request Forgery
Title:
Account Takeover Using CSRF(json-based)
Description:
I was hunting on Bugcrowd private program. The program has 4 different kinds of roles Like Admin, H-User, L-User, and Guest.
Link to writeup:
https://medium.com/@shub66452/account-takeover-using-csrf-json-based-a0e6efd1bffc

Score: 0
Submitted by: quas
Vulnerability class:
Pastejacking
Title:
Pastejacking
Description:
Browsers now allow developers to automatically add content to a user's clipboard, following certain conditions. Namely, this can only be triggered on browser events. This post details how you can exploit this to trick a user into running commands they didn't want to get ran, and gain code execution.
Link to writeup:
https://github.com/dxa4481/Pastejacking

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
Drag Drop XSS in Google ;)
Description:
It was started with a tweet from Dr. Mario here https://twitter.com/0x6D6172696F/status/558346300790276096
Link to writeup:
https://blog.yappare.com/2016/04/drag-drop-xss-in-google.html

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
Cross Site Scripting for Fun: PasteJacking
Description:
A few weeks ago I found an issue which initially looks like unexploitable, it was Self XSS again, this time in Search Box where users can search for books/documents, XSS get triggered once we type/paste our payload in search box via Applications AutoSuggestion feature, but once search get completed it gets blocked by WAF at the backend, so only way to trigger XSS was AutoSuggestion feature which only can be done by user himself, so we cant do anything fancy here like THIS.
Link to writeup:
https://www.geekboy.ninja/blog/cross-site-scripting-for-fun-pastejacking/

Score: 0
Submitted by: quas
Vulnerability class:
Server Side Request Forgery
Title:
Vimeo SSRF with code execution potential.
Description:
Recently i discovered a semi responded SSRF on Vimeo with code execution possibility. This blog post explains how i found & exploited it. So lets get started.
Link to writeup:
https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
The pitfalls of postMessage
Description:
The postMessage API is an alternative to JSONP, XHR with CORS headers and other methods enabling sending data between origins. It was introduced with HTML5 and like many other cross-document features it can be a source of client-side vulnerabilities.
Link to writeup:
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/

Score: 0
Submitted by: quas
Vulnerability class:
Authorization Bypass
Title:
A deep dive into AWS S3 access controls – taking full control over your assets
Description:
TL;DR: Setting up access control of AWS S3 consists of multiple levels, each with its own unique risk of misconfiguration. We will go through the specifics of each level and identify the dangerous cases where weak ACLs can create vulnerable configurations impacting the owner of the S3-bucket and/or through third party assets used by a lot of companies.
Link to writeup:
https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/

Score: 0
Submitted by: quas
Vulnerability class:
Authorization Bypass
Title:
GraphQL abuse: Bypass account level permissions through parameter smuggling
Description:
If you’re unfamiliar with GraphQL, here’s a quick refresher: In its most basic use case, GraphQL allows you to call specific fields on objects – but that’s just the beginning.
Link to writeup:
https://labs.detectify.com/2018/03/14/graphql-abuse/

Score: 0
Submitted by: quas
Vulnerability class:
UI Redressing
Title:
GOTCHA: Taking phishing to a whole new level
Description:
Why X-FRAME-OPTIONS matters on API endpoints
Link to writeup:
https://medium.com/intigriti/gotcha-taking-phishing-to-a-whole-new-level-72eda9e30bef

Score: 0
Submitted by: quas
Vulnerability class:
Server Side Request Forgery
Title:
SSRF vulnerability via FFmpeg HLS processing
Description:
I found a form for uploading my videos in the user’s personal account. But in such a simple action for uploading video, I found two critical security issues.
Link to writeup:
https://medium.com/@valeriyshevchenko/ssrf-vulnerability-via-ffmpeg-hls-processing-f3823c16f3c7

Score: 0
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
IDOR FACEBOOK: malicious person add people to the “Top Fans”
Description:
After digging around in Facebook looking for possible bug’s, I watched Facebook recently added a feature that allows fans to allow them to submit requests to be categorized in their favorite pages as their “Top Fans”. Facebook has made this optional.
Link to writeup:
https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-top-fans-4f1887aad85a

Score: 0
Submitted by: quas
Vulnerability class:
Insecure Direct Object Reference (IDOR)
Title:
How I was able to delete any image in Facebook community question forum
Description:
I said what if I change my “fbid” number with other user’s “fbid” attached photo :)
Link to writeup:
https://medium.com/@JubaBaghdad/how-i-was-able-to-delete-any-image-in-facebook-community-question-forum-a03ea516e327

Score: 0
Submitted by: quas
Vulnerability class:
Recon
Title:
Live Hacking like a MVH
Description:
A walkthrough on methodology and strategies to win big
Link to writeup:
https://speakerdeck.com/fransrosen/live-hacking-like-a-mvh-a-walkthrough-on-methodology-and-strategies-to-win-big

Score: 0
Submitted by: quas
Vulnerability class:
Reflected Cross Site Scripting
Title:
The Shortest Reflected XSS Attack Possible
Description:
How to achieve a full reflected XSS attack which includes the ability to run a complete script and not just an alert popup with the least amount of characters?
Link to writeup:
https://brutelogic.com.br/blog/shortest-reflected-xss-possible/?utm_source=ReviveOldPost&utm_medium=social&utm_campaign=ReviveOldPost

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
Advanced JavaScript Injections
Description:
There are cases where the injection point lands in the middle of a more complex JS code: inside functions and conditionals (if or if+else), nested inside each other.
Link to writeup:
https://brutelogic.com.br/blog/advanced-javascript-injections/

Score: 0
Submitted by: quas
Vulnerability class:
Cross Site Scripting (XSS)
Title:
XSS in Limited Input Formats
Description:
Testing for XSS vulnerabilities requires knowing the data format of input. Usually the format is simply “string” without any restrictions but sometimes the manipulation of XSS entry point is limited.
Link to writeup:
https://brutelogic.com.br/blog/xss-limited-input-formats/

Score: 0
Submitted by: quas
Vulnerability class:
Server Side Template Injection (SSTI)
Title:
Explotación y Prevención de SSTI
Description:
Las aplicaciones modernas utilizan plantillas para agilizar tiempos, mostrar contenido de forma ordenada y estructurada para hacer más sencilla la vida de los desarrolladores, sin embargo, algunos motores e implementaciones son vulnerables a inyecciones, permitiendo interactuar de forma directa con el motor o inclusive la ejecución remota de código.
Link to writeup:
https://slides.com/artssec/explotacion-y-prevencion-de-ssti#/

Score: 0
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/
Description:
I first got to this subdomain via the usual subdomain enumeration. It looked unpromising: a 404 page that said “this website is not in use,” a little picture, and nothing else. Running path discovery for the usual pages turned up nothing, not even a useful robots.txt. However, I took a closer look at the footer.
Link to writeup:
https://hackerone.com/reports/502758

Score: 0
Submitted by: quas
Vulnerability class:
Remote Code Execution (RCE)
Title:
“Web scraping considered dangerous”: Exploiting the telnet service in scrapy < 1.5.2
Description:
SSRF->Telnet->RCE chain in Scrapy, found by @alertot
Link to writeup:
https://medium.com/alertot/web-scraping-considered-dangerous-exploiting-the-telnet-service-in-scrapy-1-5-2-ad5260fea0db

Score: 0
Submitted by: quas
Vulnerability class:
Server Side Request Forgery
Title:
Server Side Request Forgery(SSRF){port issue hidden approach }
Description:
I was looking for server side issue i see there box for adding url for job advertise first thing come in my mind try for SSRF here
Link to writeup:
https://medium.com/@w_hat_boy/server-side-request-forgery-ssrf-port-issue-hidden-approch-f4e67bd8cc86

Score: 0
Submitted by: quas
Vulnerability class:
Recon
Title:
All in one Recon Methodology PDF by @1ndianl33t
Description:
How To Shot Web :- @jhaddix Domain Discovery Theg HuntersMethodology v2.1 & v3 It's the Little Things II :-@Nahamsec Recon Like A Boss BUG BOUNTY FUNSHOP:- @prateek_0490 Journey to the top on:- @yappare
Link to writeup:
https://drive.google.com/file/d/1uBTra6_jwhLnZALJVp9hmHaty2pBBUH2/view