| A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… |
|
|
|
| CVE-2022-21703: cross-origin request forgery against Grafana |
|
|
|
| Abusing Slack’s file-sharing functionality to de-anonymise fellow workspace members |
|
|
|
| Leveraging an SSRF to leak a secret API key |
|
|
|
| Chaining an IDOR with a business-logic error to achieve critical impact |
|
|
|
writeups.xyz
/
Julien Cretel (@Jub0bs)