BugPoC


17 total issues disclosed

$1,900 total paid publicly


Most disclosed (4 disclosures) — Cross-site Scripting (XSS) - DOM

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Strict Transport Security Misconfiguration None supplied whitehat1443hacker None 2020-11-30
Solution to the XSS Challenge Cross-site Scripting (XSS) - Reflected virenpawar No rating 2020-11-24
XSS :D Cross-site Scripting (XSS) - Reflected abankalarm High 2020-11-19
XSS PoC for the wacky.buggywebsite.com challenge None supplied vovohelo Medium 2020-11-18
Solution for XSS challenge wacky.buggywebsite.com Cross-site Scripting (XSS) - DOM d1r3wolf Critical 2020-11-13
XSS Challenge Cross-site Scripting (XSS) - Generic effectrenan No rating 2020-11-12
Reflected XSS at wacky.buggywebsite.com/frame.html Cross-site Scripting (XSS) - Reflected machinexa High 2020-11-12
csp bypass leads to xss on wacky.buggywebsite.com None supplied pirateducky No rating 2020-11-10
LFI from bypassing image parser and faking HEAD response with redirection File and Directory Information Exposure machinexa High 2020-11-06
Finally , CTF is Solved None supplied sayaanalam Critical 2020-11-06
Users can Change their Own Email Address Business Logic Errors vasi42 None 2020-10-12
LFI to steal /etc/passwd - Bypass filter in the <meta property="og:image"> tag via redirect and much more Path Traversal absshax Critical 2020-10-07
Reading arbitrary files via running arbitrary python code Privilege Escalation hackk9 None 2020-09-06
Solution for XSS challenge calc.buggywebsite.com Cross-site Scripting (XSS) - DOM d1r3wolf High 2020-08-15
DOM based Cross-site Scripting Cross-site Scripting (XSS) - DOM ivarsvids Medium 2020-08-12
XSS Challenge #2 Solution Cross-site Scripting (XSS) - DOM bad5ect0r None 2020-08-12
Improper use of "path" parameter can be used to trick testers into leaking their Front-End PoC Business Logic Errors acut3 Medium 2020-08-07