| Hacking Millions of Modems (and Investigating Who Hacked My Modem) |
|
|
|
| Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild |
|
|
|
| Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform |
|
|
|
| can I speak to your manager? hacking root EPP servers to take control of zones |
|
|
|
| Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More |
|
|
|
| Exploiting Static Site Generators: When Static Is Not Actually Static |
|
|
|
| Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library |
|
|
|
| Exploiting Vulnerabilities in a TLD Registrar to Takeover Tether, Google, and Amazon |
|
|
|
| Whose app are you downloading? Link hijacking Binance’s shortlinks through AppsFlyer |
|
|
|
| Hacking Chess.com and Accessing 50 Million Customer Records |
|
|
|
| We Hacked Apple for 3 Months: Here’s What We Found |
|
|
|
| Hacking Starbucks and Accessing Nearly 100 Million Customer Records |
|
|
|
| Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts |
|
|
|
| Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty |
|
|
|
| Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure |
|
|
|
| Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program |
|
|
|
| Reading ASP secrets for $17,000 |
|
|
|
| The $12,000 Intersection between Clickjacking, XSS, and Denial of Service |
|
|
|
writeups.xyz
/
Sam Curry (@Samwcyo)