| Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild |
|
|
|
| Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript |
|
|
|
| can I speak to your manager? hacking root EPP servers to take control of zones |
|
|
|
| Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More |
|
|
|
| A Tale of Exploitation in Spreadsheet File Conversions |
|
|
|
| Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read |
|
|
|
| Airbnb – Web to App Phone Notification IDOR to view Everyone’s Airbnb Messages |
|
|
|
| Airbnb – Ruby on Rails String Interpolation led to Remote Code Execution |
|
|
|
| Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat |
|
|
|
| Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities |
|
|
|
| ESEA Server-Side Request Forgery and Querying AWS Meta Data |
|
|
|
| Yahoo Login Protection Seal – Stored CSS Injection |
|
|
|
| Flickr API Explorer – Force users to execute any API request. |
|
|
|
| Google.com – Mobile Feedback URL Redirect Regex/Validation Flaw |
|
|
|
| admin.google.com Reflected Cross-Site Scripting (XSS) |
|
|
|
| Yahoo – Root Access SQL Injection – tw.yahoo.com |
|
|
|
| Facebook – Stored Cross-Site Scripting (XSS) – Badges |
|
|
|
| Facebook – Send Notifications to any User Exploit |
|
|
|
writeups.xyz
/
Brett Buerhaus (@Bbuerhaus)