API tools faq
paste
Drvirus1911

Information Disclosure Writeups

Drvirus1911
May 17th, 2020
291
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.23 KB | None | 0 0
raw download clone embed print report
  1. http://carnal0wnage.attackresearch.com/2020/03/what-is-your-gcp-infra-worthabout-700.html
  2. https://0xsha.io/posts/exploiting-magic-links-critical-bugs-are-one-line-away
  3. https://0xsha.io/posts/hunting-for-bounties-antihackme-case-study
  4. https://aaronesau.com/blog/posts/5
  5. https://addictivehackers.blogspot.com/2019/08/from-github-recon-to-account-takeover.html
  6. https://blog.assetnote.io/bug-bounty/2019/04/23/getting-access-zendesk-gcp/
  7. https://blog.doyensec.com/2019/08/22/modern-password-managers-flag-secure.html
  8. https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417
  9. https://blog.usejournal.com/how-recon-helped-samsung-protect-their-production-repositories-of-samsungtv-ecommerce-estores-4c51d6ec4fdd
  10. https://daleys.space/writeup/0day/2019/09/09/verizon-leak.html
  11. https://evanricafort.blogspot.com/2019/07/business-logic-plex-tv.html
  12. https://flex0geek.blogspot.com/2019/10/leak-can-i-take-user-information-please.html
  13. https://geleta.eu/2020/a-tale-of-verbose-error-message-and-jwt-token/
  14. https://hackernoon.com/how-i-could-have-hacked-all-uber-accounts-rtzl3z72
  15. https://medium.com/@D0rkerDevil/how-i-found-credential-enriched-redis-dump-2b9e808024c4
  16. https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
  17. https://medium.com/@R0X4R/graphql-introspection-leads-to-sensitive-data-disclosure-714f1d9d9d4a
  18. https://medium.com/@Skylinearafat/how-to-look-for-js-files-vulnerability-for-fun-and-profit-78bfdfbd6731
  19. https://medium.com/@abss0x7tbh/ls-disclose-scheduled-bacc90d6c1f5
  20. https://medium.com/@bhaveshthakur2015/complete-information-disclosure-using-broken-access-control-269368af7043
  21. https://medium.com/@cc1h2e1/unauthorized-access-to-all-user-information-leaks-5db95746aecf
  22. https://medium.com/@ddigvijay29/how-i-dumped-millions-of-crypto-currencies-accounts-28d388053713
  23. https://medium.com/@dr.spitfire/sensitive-information-disclosure-web-cache-deception-attack-bcac6cb9cd86
  24. https://medium.com/@edmundaa222/poc-disclose-members-in-any-closed-facebook-group-259783fa4bf
  25. https://medium.com/@godofdarkness.msf/users-email-disclosure-via-invalid-password-reset-link-250-c431ed46680e
  26. https://medium.com/@harrmahar/how-i-get-my-first-p1-sensitive-information-disclosure-using-wpscan-c2fba00ac361
  27. https://medium.com/@hbothra22/recon-to-sensitive-information-disclosure-in-minutes-503fc7ccdf0b
  28. https://medium.com/@hisokamorou12/finding-gem-in-someones-report-instant-500usd-at-hackerone-platform-9a1afa0df813
  29. https://medium.com/@iframe_h1/a-picture-that-steals-data-ff604ba1012
  30. https://medium.com/@imranparray/privilege-escalation-on-private-program-a2a5548cde09
  31. https://medium.com/@jayateerthag/google-referer-leak-bug-434f6293ce66
  32. https://medium.com/@jonathanbouman/leaked-salesforce-api-access-token-at-ikea-com-132eea3844e0
  33. https://medium.com/@kaustubhk80/how-i-got-access-to-critical-data-of-a-company-in-no-time-6c396aee21c0
  34. https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7
  35. https://medium.com/@mateusz.olejarka/finding-hidden-gems-vol-4-rakefile-a-k-a-how-to-get-aws-keys-again-ed0d840e0ec
  36. https://medium.com/@mehedi1194/how-i-get-my-first-swag-from-sidn-sensitive-data-expose-fc8e202fef85
  37. https://medium.com/@naveenroy008/tale-of-a-misconfiguration-in-password-reset-e8fb484a4661
  38. https://medium.com/@navne3t/confirmation-bypass-ab57c29ae413
  39. https://medium.com/@nishantrustlingup/admin-account-total-information-disclosure-72ec60da4a78
  40. https://medium.com/@noob.assassin/dont-underestimates-the-errors-they-can-provide-good-bounty-d437ecca6596
  41. https://medium.com/@pranaybafna/graphql-introspection-leads-to-sensitive-data-disclosure-65b385452d7f
  42. https://medium.com/@pratyush1337/inf0rm-tion-disclosure-via-idor-20f1ba5aa508
  43. https://medium.com/@pratyush1337/information-disclosure-via-misconfigured-aws-to-aws-bucket-takeover-6a6a66470d0e
  44. https://medium.com/@rajsek/how-i-was-able-to-get-your-facebook-private-friend-list-responsible-disclosure-91984606e682
  45. https://medium.com/@ravillabharath123/account-take-over-without-user-interaction-f4ed2bf977de
  46. https://medium.com/@sasaxxx777/cors-misconfiguration-leading-to-private-information-disclosure-3034cfcb4b93
  47. https://medium.com/@saurabh5392/how-i-earned-by-finding-confidential-customer-data-including-plain-text-passwords-f93c4ce2631
  48. https://medium.com/@shahjerry33/password-reset-token-leak-via-referrer-2e622500c2c1
  49. https://medium.com/@souravnewatia/exif-geolocation-data-not-stripped-from-uploaded-images-794d20d2fa7d
  50. https://medium.com/@spade.com/api-secret-key-leakage-leads-to-disclosure-of-employees-information-5ca4ce17e1ce
  51. https://medium.com/@sudhanshur705/bug-hunting-journey-of-2019-95e5190aca7c
  52. https://medium.com/@tiendat253/writeup-bugbounty-facebook-disclosure-the-verified-phone-number-in-checkpoint-aa652faeaf21
  53. https://medium.com/@timpaxerror/page-admin-disclosure-via-an-upgraded-page-post-57863fb02c50
  54. https://medium.com/@tod4ro/for-paypal-security-team-get-user-balances-and-transaction-details-is-not-a-vulnerability-2e5b7f8780de
  55. https://medium.com/@vbharad/full-account-takeover-android-application-78fa922f78c5
  56. https://medium.com/@yusuffurkan/facebook-bug-bounty-page-admin-disclose-bug-facebook-android-app-c0fa50459177
  57. https://medium.com/a-bugz-life/the-bugs-are-out-there-hiding-in-plain-sight-12d056613ea3
  58. https://medium.com/bug-bounty-hunting/facebook-bug-bounty-story-x000-for-an-information-disclosure-bug-f0c0d19d7815
  59. https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
  60. https://medium.com/bugbountywriteup/banner-grabbing-to-dos-and-memory-corruption-2442b1c25bbb
  61. https://medium.com/bugbountywriteup/exploiting-jsonp-and-bypassing-referer-check-2d6e40dfa24
  62. https://medium.com/bugbountywriteup/from-recon-to-optimizing-rce-results-simple-story-with-one-of-the-biggest-ict-company-in-the-ea710bca487a
  63. https://medium.com/bugbountywriteup/information-disclosure-at-paypal-and-xoom-paypal-acquisition-via-simple-google-dork-1-000-usd-b726fe628a05
  64. https://medium.com/bugbountywriteup/million-users-pii-leak-attack-288c5e37b283
  65. https://medium.com/bugbountywriteup/wrong-swipe-tinder-29fe1eb0203c
  66. https://medium.com/dataseries/weird-vulnerabilities-happening-on-load-balancers-shallow-copies-and-caches-9194d4f72322
  67. https://medium.com/nassec-cybersecurity-writeups/page-admin-disclosure-facebook-bug-bounty-2020-8a45cf911e24
  68. https://noobe.io/articles/2019-09/exploiting-cookie-based-xss-by-finding-rce
  69. https://philippeharewood.com/determine-a-user-from-an-email-address/
  70. https://philippeharewood.com/disclose-the-owner-of-a-recruiting-manager-in-jobs-beta/
  71. https://philippeharewood.com/facebook-employee-internal-tool-and-conversations-and-leaked-in-facebook-video/
  72. https://philippeharewood.com/facebook-marketing-confidential-call-transcript/
  73. https://philippeharewood.com/get-page-inbox-notifications-for-any-facebook-page/
  74. https://philippeharewood.com/instagram-github-token-with-public_scope-found-in-travis-ci-build-logs/
  75. https://philippeharewood.com/view-facebook-payouts-for-any-facebook-trivia-game/
  76. https://philippeharewood.com/view-the-ranked-messenger-users-for-any-page/
  77. https://pwnsec.ninja/2019/07/26/facebook-bugbounty-tale-of-an-instagram-bug-disclosing-users-phone-number-via-checkpoint/
  78. https://pwnsec.ninja/2020/03/04/bug-bounty-catches-part-1/
  79. https://samcurry.net/analysis-of-cve-2019-14994/
  80. https://spenkk.github.io/bugbounty/Local-File-Inclusion/
  81. https://terjanq.github.io/Bug-Bounty/Twitter/protected-tweets-exposure-efvju8i785y1/
  82. https://utkusen.com/blog/why-you-shouldnt-use-password-manager-for-linode.html
  83. https://www.7elements.co.uk/resources/blog/facebooks-burglary-shopping-list/
  84. https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
  85. https://www.amolbaikar.com/disclose-facebook-business-account-id/
  86. https://www.contrastsecurity.com/security-influencers/i-made-600-with-contrast-ce-cve-2019-8442
  87. https://www.updatelap.com/2019/08/Rights-Manager-Graph-API-Disclosure-of-business-employee-to-non-business-employee.html
  88. https://www.valbrux.it/blog/2019/04/04/google-ads-information-disclosure-via-null-pointer-exception/
  89. https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html
  90. https://ysamm.com/?p=321
  91. https://ysamm.com/?p=437
  92. https://ysamm.com/?p=444
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!