| Phishing the anti-phishers: Exploiting anti-phishing tools for internal access |
|
|
|
| Identifying vulnerabilities in GitHub Actions & AWS OIDC Configurations |
|
|
|
| Exploiting GitHub Actions on open source projects |
|
|
|
| RocketChat - Monitor User Messages |
|
|
|
| Auth Issues |
|
|
|
| RocketChat - Unauthenticated access to messages |
|
|
|
| G Suite - Device Management XSS |
|
|
|
| Multiple XSS |
|
|
|
| Stored XSS on biz.waze.com |
|
|
|
| Blind XSS against a Googler |
|
|
|
| Scary Tickets😨 |
|
|
|
| Exploiting Google Calendars |
|
|
|
| Shopify Athena Bug |
|
|
|
| Another "TicketTrick" story |
|
|
|
| Unauth meetings access |
|
|
|
| RCE on Yahoo Luminate |
|
|
|
| Should this be public though? |
|
|
|
| Source Code Analysis in YSurvey — Luminate bug |
|
|
|
| Getting a RCE — CTF Way |
|
|
|
| Luminate Internal Privilege Escalation — Admin to Owner |
|
|
|
| This domain is my domain — G Suite A record vulnerability |
|
|
|
| Developer Luminate IDOR |
|
|
|
| Luminate Store Basics defacement and potential takeover |
|
|
|
| I got emails - G Suite Vulnerability |
|
|
|
| How I snooped into your private Slack messages [Slack Bug bounty worth $2,500] |
|
|
|
writeups.xyz
/
Rojan Rijal (@Uraniumhacker)