| Lessons Learned From Exposing Unusual XSS Vulnerabilities |
|
|
|
| How I found DOM XSS via postMessage on Bing.com - Microsoft Bug Bounty |
|
|
|
| Exfiltrating Data from Sandboxed Documents |
|
|
|
| How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 1 |
|
|
|
| URL Redirection To DOM XSS on Hackerone Programs — Bug Bounty Tuesday |
|
|
|
| $500 Bounty by Escalating DOM XSS to Stored XSS |
|
|
|
| Interesting case of a DOM XSS in www.figma.com |
|
|
|
| Exploits Explained: Persisting Through a Client-Side Prototype Pollution |
|
|
|
| Full Disclosure - DOM-based XSS And Failures In Bug Bounty Hunting |
|
|
|
| A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF… |
|
|
|
| A successful prototype pollution chained to a DOM XSS |
|
|
|
| My Journey to Nokia Hall of Fame in just 10 minutes |
|
|
|
| Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer |
|
|
|
| How I found DOM-Based XSS on Microsoft MSRC and How they fixed it |
|
|
|
| postMessage DOM XSS vulnerability in Gartner Peer Insights widget |
|
|
|
| DOM-XSS in Instant Games due to improper verification of supplied URLs |
|
|
|
| DOM-Based XSS for fun and profit $$$! | Bug Bounty POC |
|
|
|
| Fetch Diversion |
|
|
|
| $350 XSS in 15 minutes |
|
|
|
| How I was able to steal users credentials via Swagger UI DOM-XSS |
|
|
|
| A $$$ worth of cookies! | Reflected DOM-Based XSS | Bug Bounty POC |
|
|
|
| Winning QR with DOM-Based XSS | Bug Bounty POC |
|
|
|
| How I Get 5x Swag From Sony |
|
|
|
| DOM XSS On A Gov Domain Bypassing WAF |
|
|
|
| DOM Cross-Site Scripting Via postMessage in AnnounceKit |
|
|
|
writeups.xyz
/
DOM XSS