| 2FA Bypass - IDN Mischief |
|
|
|
| IDN Homograph Attack - Reborn of the Rare Case |
|
|
|
| IDN Homograph Attack and Response Manipulation - The Rarest Case |
|
|
|
| Stored Iframe Injection & Permanent Open Redirection - Zero Day |
|
|
|
| API Misconfiguration - Algolia API Key |
|
|
|
| SQL Wildcard DoS - Hang Till Death |
|
|
|
| LFI - An Interesting Tweak |
|
|
|
| IDOR - Inside the Session Storage |
|
|
|
| API Misconfiguration - No Swag of SwaggerUI |
|
|
|
| Account Takeover - Inside The Tenant |
|
|
|
| HTTP Parameter Pollution - It’s Contaminated Again |
|
|
|
| Business Logic Errors - Art of Testing Cards |
|
|
|
| XSS - The LocalStorage Robbery |
|
|
|
| Parameter Pollution - Zero Day |
|
|
|
| Broken Link Hijacking - Mr. User-Agent |
|
|
|
| SQL Injection - The File Upload Playground |
|
|
|
| Open Redirection - QR Code Magic |
|
|
|
| Business Logic Errors - A Logic Destruction |
|
|
|
| Business Logic Errors - Must Vote |
|
|
|
| RCE via WebDav - Power Of PUT |
|
|
|
| PII Leakage - Revealing Secrets |
|
|
|
| Blind Command Injection - It hurts |
|
|
|
| Server Side Request Forgery - A Forged Document |
|
|
|
| XSS via Exif Data - The P2 Elevator |
|
|
|
| Cross Site Port Attack - A Stranger’s Call |
|
|
|
writeups.xyz
/
Jerry Shah (@Jerry)