| Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN |
|
|
|
| Zoom Session Takeover - Cookie Tossing Payloads, OAuth Dirty Dancing, Browser Permissions Hijacking, and WAF abuse |
|
|
|
| Interesting case of a DOM XSS in www.figma.com |
|
|
|
| CVE-2023-33733 RCE via HTMLi in reportlab |
|
|
|
| Account hijack for anyone using Google sign-in with , due to response-type switch + leaking href to XSS on login.redacted.com |
|
|
|
| Prototype Pollution Akamai |
|
|
|
| Discord Rich Presence LeonardSSH.vscord |
|
|
|
| Prototype Pollution in xml2js |
|
|
|
| Exploring the World of ESI Injection |
|
|
|
| Prototype Pollution in fast-xml-parser |
|
|
|
| Bug Hunting Journey of 2021 |
|
|
|
| Story of a weird CSRF bug |
|
|
|
| How I made it to Google HOF? |
|
|
|
| Reflected XSS in Facebook’s mirror websites |
|
|
|
| Bug Hunting Journey of 2019 |
|
|
|
| How Recon helped me to to find a Facebook domain takeover |
|
|
|
| Reflected XSS in Zomato |
|
|
|
| Story about my first bug bounty |
|
|
|
| XSS in Microsoft subdomain |
|
|
|
writeups.xyz
/
Sudhanshu Rajbhar (@Sudhanshur705)