| How I got a Bug At Apple that lead’s to takeover accounts of any user who view my profile |
|
|
|
| How I found multiple critical bugs in Red Bull |
|
|
|
| Uncovering a Bug I Found in Outlook: How Could an Account Has Been Compromised? |
|
|
|
| Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022) |
|
|
|
| Zero Click To Account Takeover (IDOR + XSS) |
|
|
|
| How I found my first XSS on a Bug Bounty Program |
|
|
|
| Better Make Sure Your Password Manager Is Secure |
|
|
|
| Param Hunting to Injections |
|
|
|
| FlowscreenComponents Basepack, Version 3.0.7 Advisory |
|
|
|
| Missing Bricks: Finding Security Holes in LEGO APIs |
|
|
|
| Not usual CSP bypass case |
|
|
|
| How “I hacked the Dutch government and got the lousy t-shirt” |
|
|
|
| Automate Cross-Site Scripting (XSS) exploitation with unusal events and Burp Intruder |
|
|
|
| Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway |
|
|
|
| XSS on account.leagueoflegends.com via easyXDM [2016] |
|
|
|
| Multiple Vulnerabilities found in Airtel Android Application |
|
|
|
| A Real World Example Of Classic Remote Command Execution (RCE) |
|
|
|
| How I get +10 SQLi and +30 XSS via Automation Tool |
|
|
|
| Bypassing XSS filters using Double Encoding |
|
|
|
| Remediation Archeology — Finding and Decoding an Ancient XSS |
|
|
|
| Got Another XSS using Double Encoding |
|
|
|
| Finding Reflected XSS In A Strange Way |
|
|
|
| Safari is hot-linking images to semi-random websites |
|
|
|
| Exploiting Static Site Generators: When Static Is Not Actually Static |
|
|
|
| Visual Studio Code Jupyter Notebook RCE |
|
|
|
writeups.xyz
/
XSS