| My First Bug Bounty: CORS Misconfiguration |
|
|
|
| How I Got $5,000 for Out-of-Scope XSS |
|
|
|
| Bypassing browser tracking protection for CORS misconfiguration abuse |
|
|
|
| CORS Misconfiguration -> PII Leak |
|
|
|
| $9240 Bounty in 30 days Hunt Challenge |
|
|
|
| A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… |
|
|
|
| Bypassing CORS configurations to produce an Account Takeover for Fun and Profit |
|
|
|
| How i Hacked Scopely with “Sign in with Google” |
|
|
|
| EmojiDeploy: Smile! Your Azure web service just got RCE’d ._. |
|
|
|
| Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability |
|
|
|
| Vue JS Reflected XSS |
|
|
|
| Bypass firewalls with of-CORs and typo-squatting |
|
|
|
| Simple CORS misconfig leads to disclose the sensitive token worth of $$$ |
|
|
|
| CORS Misconfig on Out of scope domain Bug Bounty Writeup (300 USD Reward ) |
|
|
|
| Exploiting CORS Misconfigurations |
|
|
|
| Compromising Plesk Via Its REST API |
|
|
|
| The forgotten IPFS vulnerabilities |
|
|
|
| Fun With CORS |
|
|
|
| Cross-Origin Resource Sharing (CORS) Misconfiguration leads to User’s PII leaks. |
|
|
|
| CORS misconfig that worths USD200 |
|
|
|
| Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure |
|
|
|
| Stealing Chat session ID with CORS and execute CSRF attack |
|
|
|
| Chaining CORS by Reflected xss to Account takeover #My first Blog |
|
|
|
| EN | Account Takeover and Sensitive Data Leakage via CORS Misconfiguration |
|
|
|
| Cors Blimey: The power of chaining CORS |
|
|
|
writeups.xyz
/
CORS Misconfiguration