| From AngularJS CSTI to credentials theft |
|
|
|
| The story of exposed service, SSRF, CSP bypass and credentials stealing via XSS |
|
|
|
| Broken links hijacking and CDN takeover |
|
|
|
| How I found multiple critical bugs in Red Bull |
|
|
|
| Chaining multiple vulnerabilities for credential stealing |
|
|
|
| Blind account takeover |
|
|
|
| Turning cookie based XSS into account takeover |
|
|
|
| Blind command injection |
|
|
|
| Five-minute hunting for hidden XSS |
|
|
|
| The forgotten API and XSS filter bypass |
|
|
|
| URL filter bypass, RFI and XSS |
|
|
|
| XSS via Angular Template Injection |
|
|
|
writeups.xyz
/
Bartłomiej Bergier (@_Bergee_)