| A web security story from 2008: silently securing JSON.parse |
|
|
|
| Let’s Hack Citizens Bank |
|
|
|
| Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) |
|
|
|
| BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained |
|
|
|
| Bypassing Character Limit - XSS Using Spanned Payload |
|
|
|
| CCAI |
|
|
|
| CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE |
|
|
|
| GitHub Security Lab audited DataHub: Here’s what they found |
|
|
|
| Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability |
|
|
|
| Exfiltrating AWS Credentials via PDF Rendering of Unsanitized Input |
|
|
|
| Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header |
|
|
|
| Escaping misconfigured VSCode extensions |
|
|
|
| Hacking the Search Bar: The Story of Discovering and Reporting an XSS Vulnerability on Bing.com |
|
|
|
| XSS on The MOST Popular Movie Ticket website. |
|
|
|
| A zero day for the government’s “demo servers” and internal networks |
|
|
|
| How we made $120k bug bounty in a year with good automation |
|
|
|
| Play with Google, Twitter, Apple, Dell |
|
|
|
| RCE in Avaya Aura Device Services |
|
|
|
| How I was able to find 4 Cross-site scripting (XSS) on vulnerability disclosure program ? |
|
|
|
| OpenEMR - Remote Code Execution in your Healthcare System |
|
|
|
| XSS using postMessage in Google Cloud Theia notebooks [Google VRP] |
|
|
|
| An amazing way to turn a xss into an ATO |
|
|
|
| Exploiting thousands of Domains for XSS |
|
|
|
| Web-Cache Poisoning $$$? Worth it? |
|
|
|
| Exploring the World of ESI Injection |
|
|
|
writeups.xyz
/
XSS