drop drop

Writeups

Taking Over Employee Accounts by Managers with Zero Employee Interaction

Reported to Private – Published on: 13 Aug 2021

Read Full Writeup

RCE via Internal Access to Adminer Database Management (Critical)

Reported to Private – Published on: 24 Apr 2021

Read Full Writeup

Finding Hidden Login Endpoint Exposing Secret `Client ID`

Reported to Private – Published on: 7 Mar 2021

Read Full Writeup

Secret Key Exposure in API Config Directory

Reported to Private – Published on: 28 Feb 2021

Read Full Writeup

Denial Of Service (Out Of Memory) on Updating Bounty Table

Reported to HackerOne – Published on: 3 Feb 2021

Read Full Writeup

XSS in Email Input

Reported to Automattic – Published on: 26 Dec 2020

Read Full Writeup

Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities

Reported to Private – Published on: 29 Nov 2020

Read Full Writeup

Information Disclosure of Garbage Collection Cycle

Reported to Basecamp – Published On: 4 Nov 2020

Read Full Writeup

Manipulate Uneditable Messages in Support

Reported to CSMoney – Published On: 27 Oct 2020

Read Full Writeup

IDOR in Google APIs

Reported to Google – Published On: 10 Jun 2020

Read Full Writeup

Reflected XSS in Microsoft Social Forums

Reported to Microsoft – Published On: 11 Apr 2020

Read Full Writeup

Broken Authentication in Two Step Verification

Reported to Avira – Published On: 08 Nov 2019

Read Full Writeup

Viewing Facebook Contacts On Locked Device

Reported to Facebook – Published On: 31 Oct 2019

Read Full Writeup

Abusing Post Service (Create Unlimited Posts)

Reported to LinkedIn  – Published On: 15 Oct 2019

Read Full Writeup

IDOR & SQL Query Manipulation to Fetch User Details

Reported to Private – Published On: 23 Oct 2020

Read Full Writeup

Open Redirect

Reported to Private – Published On: 14 Jul 2020

Read Full Writeup

Crashing Chat Bot System

Reported to Maximum – Published On: 21 Aug 2020

Read Full Writeup

Bypass CSRF Protection Lead to Account Takeover

Reported to Private – Published On: 30 May 2020

Read Full Writeup

XSS on Change Folder Name

Reported to Private – Published On: 14 May 2020

Read Full Writeup

CSRF – Close Account

Reported to U.S. Dept Of Defense – Published On: June 11, 2020

Read Full Writeup

Flaw in Change Email https://youtu.be/MMvlcHIGs2A

Reported to Staging.Every.org – Published On: March 24, 2020

Read Full Writeup

CSRF – Modify Company Info

Reported to U.S. Dept Of Defense – Published On: June 11, 2020

Read Full Writeup

CSRF – Modify Project Settings

Reported to Stripo Inc – Published On: February 3, 2020

Read Full Writeup

Internal IP Address Disclosed

Reported to U.S. Dept Of Defense – Published On: May 14, 2020

Read Full Writeup