Jack Whitton (@Fin1te) | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Messenger.com Site-Wide CSRF	CSRF	Meta / Facebook	Jack Whitton (@Fin1te)
Obtaining Login Tokens for an Outlook, Office or Azure Account	CSRF	Microsoft	Jack Whitton (@Fin1te)
Uber Bug Bounty: Turning Self-XSS into Good-XSS	XSS	Uber	Jack Whitton (@Fin1te)
An XSS on Facebook via PNGs & Wonky Content Types	XSS	Meta / Facebook	Jack Whitton (@Fin1te)
Bypassing Google Authentication on Periscope's Administration Panel	Authentication Bypass	Google	Jack Whitton (@Fin1te)
Abusing CORS for an XSS on Flickr	XSS	Flickr	Jack Whitton (@Fin1te)
Instagram's One-Click Privacy Switch	CSRF	Meta / Facebook	Jack Whitton (@Fin1te)
Content Types and XSS: Facebook Studio	XSS	Meta / Facebook	Jack Whitton (@Fin1te)
Removing Covers Images on Friendship Pages, on Facebook	Broken Authorization	Meta / Facebook	Jack Whitton (@Fin1te)
Hijacking a Facebook Account with SMS	Broken Authorization Account Takeover	Meta / Facebook	Jack Whitton (@Fin1te)
Overwriting Banner Images on Etsy	Broken Authorization	Etsy	Jack Whitton (@Fin1te)
Stealing Facebook Access Tokens with a Double Submit	CSRF OAuth	Meta / Facebook	Jack Whitton (@Fin1te)
Framing, Part 1: Click-Jacking Etsy	Clickjacking	Etsy	Jack Whitton (@Fin1te)
Persistent XSS on myworld.ebay.com	XSS	Ebay	Jack Whitton (@Fin1te)
My Experience with the PayPal Bug Bounty Programme	CSRF	Paypal	Jack Whitton (@Fin1te)

Page 1 of 1