| Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing |
|
|
|
| Client-Side SSRF to Google Cloud Project Takeover [Google VRP] |
|
|
|
| Bypass Apple’s redirection process with the dot (“.”) character |
|
|
|
| Till REcollapse - Fuzzing the web for mysterious bugs |
|
|
|
| Practical Client Side Path Traversal Attacks |
|
|
|
| My First XSS |
|
|
|
| Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library |
|
|
|
| Never underestimate the power of open redirect, a story of a full account takeover |
|
|
|
| Open Redirect at Nvidia |
|
|
|
| Escalating Open Redirect to XSS |
|
|
|
| My Experience on Hacking the Dutch Government |
|
|
|
| Security Implications of URL Parsing Differentials |
|
|
|
| Simple Open Redirect Bypass. |
|
|
|
| Multiple Open URL Redirection Vulnerability on Facebook worth $1500 |
|
|
|
| Zero-day XSS |
|
|
|
| How i was able to bypass Open Redirect 3 times on same program. |
|
|
|
| From Open Redirect to Reflected XSS manually |
|
|
|
| How I find open redirect in Facebook |
|
|
|
| How I found Open redirect on Bug crowd public program in 2 day |
|
|
|
| A swag for a Open Redirect — Google Dork — Bug Bounty |
|
|
|
| From open redirect to RCE in one week |
|
|
|
| How an Open Redirection Leads to an Account Takeover? |
|
|
|
| Smashing the Modern Web Tech Stack — Part 1: The Evolving Threat Landscape in 2022 and DOM-based XSS in Cloud-Native React Apps. |
|
|
|
| Adobe Acrobat hollowing out same-origin policy |
|
|
|
| Full Account Takeover via Open Redirection |
|
|
|
writeups.xyz
/
Open Redirect