| 500$ From Meta by reporting a HTMLi(Accidental Bug) |
|
|
|
| The PDF Trojan Horse: Leveraging HTML Injection for SSRF and Internal Resource Access |
|
|
|
| The Dark Side of Contact Forms: How I Identified 7 CVEs in WordPress Plugins |
|
|
|
| How I Found a Vulnerability in Paytm and Received a Bounty |
|
|
|
| The story of exposed service, SSRF, CSP bypass and credentials stealing via XSS |
|
|
|
| weird bug using fake id via photoshop worth $*** |
|
|
|
| Misconfiguration lead to company identity theft via bypass email verification. |
|
|
|
| CVE-2024–22720 / HTML Injection Vulnerability in Kanboard Group Management |
|
|
|
| $9240 Bounty in 30 days Hunt Challenge |
|
|
|
| CVE-2023-33733 RCE via HTMLi in reportlab |
|
|
|
| BBP Writeup Series #1 – Turning “useless” HTMLi on [REDACTED] into a P1 |
|
|
|
| Opinions are like Bugs - Every Spec has one. |
|
|
|
| Chaining for Critical: Unauthorized to Cloud Administrator |
|
|
|
| XSS in GMAIL Dynamic Email (AMP for Email) |
|
|
|
| Stored Iframe Injection & Permanent Open Redirection - Zero Day |
|
|
|
| Exfiltrating AWS Credentials via PDF Rendering of Unsanitized Input |
|
|
|
| Escaping misconfigured VSCode extensions |
|
|
|
| Exploiting an HTML injection with dangling markup |
|
|
|
| I Got United Nation’s Hall Of Fame With This Simple Technique! |
|
|
|
| Play with Google, Twitter, Apple, Dell |
|
|
|
| Param Hunting to Injections |
|
|
|
| Able to Mass-change profile section leads to my first $BOUNTY$ |
|
|
|
| Stealing passwords from infosec Mastodon - without bypassing CSP |
|
|
|
| Improper Access Control — My Third Finding on Hackerone! |
|
|
|
| Story about Escalation of HTML Injection to EC2 Instance credentials leak |
|
|
|
writeups.xyz
/
HTML Injection