| XSS to OAuth access token leak in office online which can be used to account takeover |
|
|
|
| You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities |
|
|
|
| Opera Browser VPN Bypass |
|
|
|
| Critical Local File Read in Electron Desktop App |
|
|
|
| The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… |
|
|
|
| $8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser |
|
|
|
| Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser |
|
|
|
| Facebook Messenger Desktop App Arbitrary File Read |
|
|
|
| Copy Drag — Paste Drop |
|
|
|
| Bypass SameSite Cookies Default to Lax and get CSRF |
|
|
|
| Facebook Messenger exposing deleted messages using [Remove for Everyone] |
|
|
|
| New technique to find Blind-XSS |
|
|
|
| Self-XSS + CSRF to Stored XSS |
|
|
|
writeups.xyz
/
Renwa (@RenwaX23)