| SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction |
|
|
|
| Chaining multiple vulnerabilities for credential stealing |
|
|
|
| Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1 |
|
|
|
| How I Got $10,000 From GitHub For Bypassing Filtration of HTML tags |
|
|
|
| $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty |
|
|
|
| XSS through DHCP: How Attackers Use Standards |
|
|
|
| Escalating SSTI to Reflected XSS using curly braces {} |
|
|
|
| My First XSS |
|
|
|
| Parameters in Lambda Functions that lead to XSS and Injection |
|
|
|
| Bug Bounty - Cross-site request forgery is a thing |
|
|
|
| How I found 3 RXSS on the Lululemon bug bounty program |
|
|
|
| How I found Moodle Cross site scripting |
|
|
|
| Turning cookie based XSS into account takeover |
|
|
|
| Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique) |
|
|
|
| How reading robots.txt file got me 4 XSS reports ? |
|
|
|
| HTMLI/XSS - Crafting a better PoC |
|
|
|
| Bypassing Amazon WAF to pop an alert() |
|
|
|
| How I bypassed Reflected XSS in well-known platform |
|
|
|
| My Hall of Fame at United Nations Success Story |
|
|
|
| Amazon Quickly Fixed A Vulnerability In Ring Android App That Could Expose Users’ Camera Recordings |
|
|
|
| XSS by Javascript Overriding |
|
|
|
| You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications |
|
|
|
| RCE on Spip and Root-Me, v2! |
|
|
|
| The forgotten API and XSS filter bypass |
|
|
|
| Escalating Open Redirect to XSS |
|
|
|
writeups.xyz
/
XSS