writeups.xyz / Yasser Mohammed (@Boomneroli)

Title	Vulnerabilities	Programs	Authors
Why u should use burp to test Path Traversal Vulnerability and also get RXSS	Path Traversal XSS CSRF Account Takeover	Undisclosed	Yasser Mohammed (@Boomneroli)
How we was able to takeover whole organization via Privilege Escalation	Privilege Escalation Broken Authorization	Undisclosed	Yasser Mohammed (@Boomneroli)
Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli	Race Condition Lack of Rate Limiting OTP Bypass SQL Injection	Undisclosed	Yasser Mohammed (@Boomneroli)
OAuth Misconfiguration Leads to Full Account takeover	OAuth Clickjacking CSRF Account Takeover	Undisclosed	Yasser Mohammed (@Boomneroli)

Page 1 of 1