| How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack |
|
|
|
| A Story About How I Found XSS in ASUS |
|
|
|
| Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN |
|
|
|
| From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms |
|
|
|
| Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire |
|
|
|
| How I got my first $13500 bounty through Parameter Polluting (HPP) |
|
|
|
| Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! |
|
|
|
| Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail |
|
|
|
| Auditing Atlassian Plugins, 53 0-Days Later |
|
|
|
| Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS |
|
|
|
| Studying 0days: How we hacked Anki, the world's most popular flashcard app |
|
|
|
| How Almost Sacrificing a University Group Project led to a Microsoft Bug Bounty |
|
|
|
| Encoding Differentials: Why Charset Matters |
|
|
|
| Hacking a Secure Industrial Remote Access Gateway |
|
|
|
| Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution |
|
|
|
| 17 vulnerabilities in Sharp Multi-Function Printers |
|
|
|
| How I Found a Vulnerability in Paytm and Received a Bounty |
|
|
|
| Sign-in with World ID: XSS and ATO via OIDC Form Post Response Mode |
|
|
|
| Cross-Site Scripting via Web Cache Poisoning and WAF bypass |
|
|
|
| ExpressionEngine, Version 7.3.15 |
|
|
|
| Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages |
|
|
|
| Zoom Session Takeover - Cookie Tossing Payloads, OAuth Dirty Dancing, Browser Permissions Hijacking, and WAF abuse |
|
|
|
| A commonly overlooked XSS vector |
|
|
|
| CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js |
|
|
|
| POST to XSS: Leveraging Pseudo Protocols to Gain JavaScript Evaluation in SSO Flows |
|
|
|
writeups.xyz
/
XSS