| Self-XSS to ATO via Site Features |
|
|
|
| Self XSS + Login CSRF + OAuth = Account Takeover |
|
|
|
| How I Got $5,000 for Out-of-Scope XSS |
|
|
|
| This is arguably the dumbest bug I’ve ever found. |
|
|
|
| The power of Client-Side Path Traversal: How I found and escalated 2 bugs through “../” |
|
|
|
| Duplicate CSRF… Leads to |
|
|
|
| $500 Bounty by Escalating DOM XSS to Stored XSS |
|
|
|
| Self-XSS to Stored XSS |
|
|
|
| Playing Dominos with Moodle's Security (2/2) |
|
|
|
| Recon only bugs are sweet! |
|
|
|
| Chaining Self Blind XSS with Broken Access Control To Make it Non Self Blind XSS |
|
|
|
| How I Hacked Scopely and Got $$$ |
|
|
|
| How I was able to get account takeover via IDOR form JWT |
|
|
|
| Turning a 50$ Tab-Nabbing vulnerability into a 1000$ Account takeover |
|
|
|
| Unveiling the Secrets: My Journey of Hacking Google’s OSS |
|
|
|
| [Netflix][Smart TV] — Chaining Self-XSS with Session poisoning. |
|
|
|
| Account Takeover: An Epic Bug Bounty Story |
|
|
|
| Self XSS To Stored Through IDOR/ |
|
|
|
| SSO Gadgets: Escalate (Self-)XSS to ATO |
|
|
|
| Hacking Hackers for fun and profit |
|
|
|
| I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS |
|
|
|
| Chaining multiple vulnerabilities for credential stealing |
|
|
|
| Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to stored |
|
|
|
| The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… |
|
|
|
| Small bugs are more dangerous than you think |
|
|
|
writeups.xyz
/
Self-XSS