/information-disclosure-writeups-and-pocs

The list of write-ups, articles, and PoC of various vulnerabilites suitable for OSINT

Primary LanguagePHP

Information Disclosure Write-Ups And PoCs

This is the list of write-ups, articles, and PoC of various vulnerabilites (or just flaws) suitable for OSINT (mostly CWE-200).

For educational purposes only! By studying this content, you will understand how to find similar vulnerabilities in other systems.

All write-ups are also archived in archive.md.

Name PoCs
Breno Vitório - Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg PoC 1, PoC 2
Abhishek Pathak - This is how i was able to See and Delete your Private Facebook Portal photos -
Tom Anthony - Google Exploit – Steal Account Login Email Addresses -
mangopdf - When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number -
Mohamed A. Baset - The 2.5mins or 2.5k$ hawk-eye bug - A Facebook Pages Admins Disclosure Vulnerability! -
Youssef Sammouda - Expose the email address of Workplace users -
Dávid Schütz - IDOR on clientauthconfig.googleapis.com -
Dávid Schütz - De-anonymising Anonymous Animals in Google Workspace -
Dávid Schütz - Stealing Your Private YouTube Videos, One Frame at a Time -
Jerry Shah (Jerry) - Users Information Disclosure - WordPress CMS, HackerOne -
th3.d1p4k - Microsoft bug bounty writeup (Plesk-stat) -
Minio Information Disclosure PoC
Nextcloud Information Disclosure -
CVE-2020-9043 (WordPress) -
CVE-2021-24917 (WordPress) -
CVE-2022-2379 (WordPress) -
CVE-2022-2462 (WordPress) -
CVE-2022-2034 (WordPress), HackerOne -
CVE-2022-1442 (WordPress) PoC