| How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools |
|
|
|
| Abusing Data Protection Laws For D0xing & Account Takeovers |
|
|
|
| Stealing user passwords through a VPN’s SSO |
|
|
|
| SSTI in Google Maps |
|
|
|
| SSTI to Local File Read |
|
|
|
| RCE via Server-Side Template Injection |
|
|
|
| Limited freemarker ssti to arbitrary liql query and manage lithium cms |
|
|
|
| How I hacked 50+ Companies in 6 hrs |
|
|
|
| Fuzzing {{7*7}} Till {{P1}} |
|
|
|
| RCE with Flask Jinja Template Injection |
|
|
|
| Super Glamorous Recon with Intended Functionalities |
|
|
|
| Injecting {{6*200}} to $1200 |
|
|
|
| Handlebars template injection and RCE in a Shopify app |
|
|
|
| Frappé Technologies ERPNext Server Side Template Injection |
|
|
|
| Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716] |
|
|
|
| Remote Code Execution in AT&T |
|
|
|
writeups.xyz
/
SSTI