Bug Bounty Writeup Search

Explore the latest disclosed reports from Bug Bounty

Made by @rxrsec

Title Date Added
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
https://medium.com/@p0lyxena/2-500-bug-bounty-write-up-remote-code-execution-rce-via-unclaimed-node-package-6b9108d10643 		2024-09-18 00:00:00
Data Theft in Salesforce: Manipulating Public Links
https://www.varonis.com/blog/manipulating-salesforce-public-links 		2024-09-16 00:00:00
Attacking PowerShell CLIXML Deserialization
https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization 		2024-09-13 00:00:00
Logic Flaw: I Can Block You from Accessing Your Own Account
https://medium.com/@hashimamin/logic-flaw-i-can-block-you-from-accessing-your-own-account-63fc2a88bb72 		2024-09-13 00:00:00
Escalating From Reader To Contributor In Azure API Management
https://binarysecurity.no/posts/2024/09/apim-privilege-escalation 		2024-09-13 00:00:00
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b 		2024-09-13 00:00:00
Interesting Story of an Account Takeover Vulnerability
https://medium.com/@deepanshudev369/interesting-story-of-an-account-takeover-vulnerability-140a45a058a3 		2024-09-12 00:00:00
Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey
https://sec-consult.com/blog/detail/msi-installer-repair-to-system-a-detailed-journey/ 		2024-09-12 00:00:00
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ 		2024-09-11 00:00:00
Directory Traversal, SQL Injection and Server-Side Request Forgery
https://research.aurainfosec.io/disclosure/sagecrm2/ 		2024-09-10 00:00:00