writeups.xyz
/
0xrz (@Omidxrz)
Title
Vulnerabilities
Programs
Authors
Hijacking OAuth Code via Reverse Proxy for Account Takeover
OAuth
Account Takeover
Undisclosed
0xrz (@Omidxrz)
$9240 Bounty in 30 days Hunt Challenge
Information Disclosure
Reflected XSS
Account Takeover
CORS Misconfiguration
Web Cache Deception
Logic Flaw
CSV Injection
HTML Injection
Client-Side Enforcement of Server-Side Security
2FA / MFA Bypass
Broken Access Control
Privilege Escalation
Pre-Account Takeover
Undisclosed
0xrz (@Omidxrz)
Uncovering a Command Injection, $2400 Bounty
OS Command Injection
RCE
File Upload
Weak Credentials
Undisclosed
0xrz (@Omidxrz)
The Tale of a Command Injection by Changing the Logo
RCE
OS Command Injection
Unrestricted File Upload
Directory Listing
HTTP Response Manipulation
Undisclosed
0xrz (@Omidxrz)
Page 1 of 1
writeups.xyz
/
0xrz (@Omidxrz)