| ‘Websocket Hijacking’ to steal Session_ID of victim users |
|
|
|
| Information Disclosure to Account Takeover |
|
|
|
| Stealing Chat session ID with CORS and execute CSRF attack |
|
|
|
| Simple & Sweet: Bypass email update restriction to change emails of team members |
|
|
|
| Information Disclosure through Signup Endpoint |
|
|
|
| Exploiting Max. Character Limitation |
|
|
|
writeups.xyz
/
Sunil Yedla (@Sunilyedla2)