| Don’t Reply: A Clever Phishing Method In Apple’s Mail App |
|
|
|
| Reflected XSS in Tokopedia Train Ticket |
|
|
|
| Using Burp Suite match and replace settings to escalate your user privileges and find hidden features |
|
|
|
| Get as image function pulls any Insights/NRQL data from any New Relic account (IDOR) |
|
|
|
| GraphQL abuse: Bypass account level permissions through parameter smuggling |
|
|
|
| Abusing internal API to achieve IDOR in New Relic |
|
|
|
| Inspect Element leads to Stripe Account Lockout Authentication Bypass |
|
|
|
| Penetrating PornHub – XSS vulns galore (plus a cool shirt!) |
|
|
|
writeups.xyz
/
Jon Bottarini (@Jon_bottarini)