writeups.xyz / Plenum (@Plenumlab)

Title	Vulnerabilities	Programs	Authors
Identifying and Exploiting Unsafe Deserialization in Ruby	Insecure Deserialization	Undisclosed	Plenum (@Plenumlab)
What do Netcat, SMTP and self XSS have in common? Stored XSS	Stored XSS	Undisclosed	Plenum (@Plenumlab)
Account takeover using IDOR and the misleading case of error 403.	IDOR	Undisclosed	Plenum (@Plenumlab)
Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over	Account Takeover Privilege Escalation Bruteforce	Undisclosed	Plenum (@Plenumlab)
Duplicate but still cool	IDOR Account Takeover	Undisclosed	Plenum (@Plenumlab)
IDOR in JWT and the shortest token you will ever see {}.{“uid”: “1234567890”}	IDOR	Undisclosed	Plenum (@Plenumlab)

Page 1 of 1