Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/soxoj/information-disclosure-writeups-and-pocs

The list of write-ups, articles, and PoC of various vulnerabilites suitable for OSINT
https://github.com/soxoj/information-disclosure-writeups-and-pocs

cybersecurity osint poc

Last synced: about 2 months ago
JSON representation

The list of write-ups, articles, and PoC of various vulnerabilites suitable for OSINT

Awesome Lists containing this project

README 

        
# Information Disclosure Write-Ups And PoCs



This is the list of write-ups, articles, and PoC of various vulnerabilites (or just flaws) **suitable for OSINT** (mostly CWE-200).



For educational purposes only! By studying this content, you will understand how to find similar vulnerabilities in other systems.



All write-ups are also archived in [archive.md](https://archive.md/).



| Name  | PoCs |

| ------------- | ------------- |

| [Breno Vitório - Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg](https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac/)  | [PoC 1](./CVE-2021-3980.php), [PoC 2](/CVE-2021-3980-multi.php)  |

| [Abhishek Pathak - This is how i was able to See and Delete your Private Facebook Portal photos](https://pathleax.medium.com/this-is-how-i-was-able-to-see-and-delete-your-private-facebook-portal-photos-a93ed22f875b)  | - |

| [Tom Anthony - Google Exploit – Steal Account Login Email Addresses](https://www.tomanthony.co.uk/blog/google-exploit-steal-login-email-addresses/) | - |

| [mangopdf - When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number](https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram) | - |

| [Mohamed A. Baset - The 2.5mins or 2.5k$ hawk-eye bug - A Facebook Pages Admins Disclosure Vulnerability!](https://seekurity.com/blog/2018/02/25/admin/general/the-2-5mins-or-2-5k-hawk-eye-bug-a-facebook-pages-admins-disclosure-vulnerability) | - |

| [Youssef Sammouda - Expose the email address of Workplace users](https://ysamm.com/?p=588) | - |

| [Dávid Schütz - IDOR on clientauthconfig.googleapis.com](https://feed.bugs.xdavidhu.me/bugs/0009) | - |

| [Dávid Schütz - De-anonymising Anonymous Animals in Google Workspace](https://feed.bugs.xdavidhu.me/bugs/0003) | - |

| [Dávid Schütz - Stealing Your Private YouTube Videos, One Frame at a Time](https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/) | - |

| [Jerry Shah (Jerry) - Users Information Disclosure - WordPress CMS](https://shahjerry33.medium.com/information-disclosure-wordpress-cms-82133480b8b3), [HackerOne](https://hackerone.com/reports/1735586) | - |

| [th3.d1p4k - Microsoft bug bounty writeup (Plesk-stat)](https://dewangpanchal98.medium.com/microsoft-bug-bounty-writeup-5ee4a7264dbf) | - |

| [Minio Information Disclosure](https://www.pingsafe.com/blog/cve-2023-28432-minio-information-disclosure-vulnerability/) | [PoC](https://y4er.com/posts/minio-cve-2023-28432/) |

| [Nextcloud Information Disclosure](https://hackerone.com/reports/1690510) | - |

| [CVE-2020-9043 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2020-9043) | - |

| [CVE-2021-24917 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2021-24917) | - |

| [CVE-2022-2379 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2022-2379) | - |

| [CVE-2022-2462 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2022-2462) | - |

| [CVE-2022-2034 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2022-2034), [HackerOne](https://hackerone.com/reports/1590237) | - |

| [CVE-2022-1442 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2022-1442) | [PoC](https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf) |