writeups.xyz / Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities

Submitter : c2a

Date: 8 March 2017

Bounty : undisclosed

Vulnerabilities :

• XSS
• CSP Bypass

Programs :

• Airbnb

Authors :

• Brett Buerhaus (@Bbuerhaus)
• Ben Sadeghipour (@Nahamsec)

Link :
https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/