| IPv6 DNS Takeover via mitm6 (Write Up) |
|
|
|
| Generate online votes using Race Condition Vulnerability in Woobox Web Application (Write Up) |
|
|
|
| HTML Injection and a dream in Google Chrome for Linux (Write Up) |
|
|
|
| Unexpected IDOR Vulnerability in [REDACTED] - [redacted].net (Write Up) |
|
|
|
| 2FA Verification Bypass in Shapeshift [shapeshift.com] (Write Up) |
|
|
|
| Hijacking Reset Password Link in https://www.niteflirt.com/ via Host Header Poising (Write Up) |
|
|
|
| Changing other users Episode title & description - IDOR Vulnerability in [REDACTED] (Write Up) |
|
|
|
| [CVE-2019-17674 & CVE-2020-11025] Stored XSS through navigation menu item edited in Customizer in Wordpress (Write Up) |
|
|
|
| XSS in Peerio 2 Windows Application (Write Up) |
|
|
|
| Popping Alerts in Mixmax Chrome Extension (Write Up) |
|
|
|
| HTML Injection to XSS bypass in [REDACTED.com] |
|
|
|
| SSRF Vulnerability in https://app.[REDACTED].com |
|
|
|
| Application Level Denial of Service [DoS] using SVG file in https://[REDACTED].com (Write Up) |
|
|
|
| Read other user support tickets in https://support..com (Write Up) |
|
|
|
| Disclose any main and 3rd party contributors email address and movie local path thru XML file in Plex TV - plex.tv (Write Up) |
|
|
|
| Not a fancy bug, just HTML Injection in Clause - clause.io (Write Up) |
|
|
|
| Blind-XSS in Chrome Experiments - Google (Write Up) |
|
|
|
| [RCE] Remote Code Execution in Wordpress iOS Application (version 9.3) |
|
|
|
| XSS Vulnerability in Twitter [https://twitter.com] (Write Up) |
|
|
|
| Arbitary File Upload Vulnerability in Google Nest (Write Up) |
|
|
|
| Local File XSS Vulnerability in Wordpress.com (Write Up) |
|
|
|
writeups.xyz
/
Evan Ricafort (@Evanricafort)