Airbnb | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)	Web Cache Poisoning	Akamai Paypal Airbnb Tesla Valve Zomato Whitejar Starbucks PlayStation Marriott Hyatt Hotels Goldman Sachs Microsoft Apple LastPass Brussels Airlines Mastercard EToro BBP BMW Group Rockstar Games	Francesco Mariani (@_Medusa_1_) Jacopo Tediosi (@Jacopotediosi)
Airbnb : Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method (IDOR)	IDOR	Airbnb	Vijay Kumar (@IndoAppSec)
Account takeover on Airbnb acquisition \| An Unusual Bug Part-2 🐛	IDOR Account Takeover	Airbnb	PRince CHaddha (@Princechaddha)
OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect	Open Redirect Token Leak Account Takeover	Airbnb	Evgeniy Yakovchuk (@H1_sp1d3r)
Authentication bypass on Airbnb via OAuth tokens theft	OAuth Login CSRF Open Redirect Authentication Bypass	Airbnb	Arne Swinnen (@ArneSwinnen)
Airbnb – Web to App Phone Notification IDOR to view Everyone’s Airbnb Messages	IDOR	Airbnb	Brett Buerhaus (@Bbuerhaus) Ben Sadeghipour (@Nahamsec)
Airbnb – Ruby on Rails String Interpolation led to Remote Code Execution	RCE	Airbnb	Brett Buerhaus (@Bbuerhaus) Ben Sadeghipour (@Nahamsec)
Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat	Open Redirect SSRF Path Traversal	Airbnb	Brett Buerhaus (@Bbuerhaus) Ben Sadeghipour (@Nahamsec)
Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities	XSS CSP Bypass	Airbnb	Brett Buerhaus (@Bbuerhaus) Ben Sadeghipour (@Nahamsec)

Page 1 of 1