| Google OAuth is broken (sort of) |
|
|
|
| OAuth 2.0 Redirect URI Validation Falls Short, Literally |
|
|
|
| [1500$ Worth — Slack] vulnerability, bypass invite accept process |
|
|
|
| Monitoring Linux host metrics with the Node Exporter information disclosure $350 |
|
|
|
| Write Up – XSS Stored In files.slack.com Via XML/SVG File (iOS) – $1,000 USD |
|
|
|
| Abusing Slack’s file-sharing functionality to de-anonymise fellow workspace members |
|
|
|
| Link Previews: How a Simple Feature Can Have Privacy and Security Risks |
|
|
|
| Stored XSS on Slack, Bug Bounty |
|
|
|
| Exploiting popular macOS apps with a single “.terminal” file. |
|
|
|
| How we abused Slack's TURN servers to gain access to internal services |
|
|
|
| Abusing Slack for Offensive Operations |
|
|
|
| Keylogging users via Slack themes |
|
|
|
| A Tale of Exploitation in Spreadsheet File Conversions |
|
|
|
| 500$ bounty: Man in the Middle on Slack |
|
|
|
| Stealing Downloads from Slack Users |
|
|
|
| Slack announcement-only channel post restriction bypass |
|
|
|
| $1.000 SSRF in Slack |
|
|
|
| Open Redirect in SLACK |
|
|
|
| Slack SAML authentication bypass |
|
|
|
| How I hacked hundreds of companies through their helpdesk |
|
|
|
| Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token |
|
|
|
| How I snooped into your private Slack messages [Slack Bug bounty worth $2,500] |
|
|
|
writeups.xyz
/
Slack