Posts

• Feb 10, 2025

  Leak HTTP Requests through Service Worker and XSS

• Jul 3, 2020

  AVideo < 8.9 Privilege Escalation and File Inclusion that led to RCE

• Jun 1, 2020

  Hijacking an Abandoned Careem S3 Bucket

• May 25, 2020

  Moodle From DOM Stored XSS to Remote Code Execution

• Apr 19, 2020

  Intigriti Easter XSS Challenge Write-up

• Jan 13, 2020

  myClock XSS Challenge Solution Write-Up

• Jun 26, 2018

  Hacking In-Scope Targets via Out-of-Scope Domains

• Feb 10, 2018

  Obtaining WordPress CSRF Tokens for Fun, $1337 bounty, and CVE-2017-5489

• Oct 11, 2017

  Leaking Amazon.com CSRF Tokens Using Service Worker API

• Nov 11, 2016

  How I Hijacked Private Vimeo Videos via Flash

• Oct 23, 2016

  XSS Challenge on Hack.me: The Solution Explained

• Sep 21, 2016

  Vine Re-authentication Bypass: A Twitter Bug Bounty Report

• Jun 23, 2016

  Medium Account Takeover via XSS and CSRF Exploitation

• Feb 12, 2016

  Exploiting OAuth Vulnerabilities in Oculus

• Nov 16, 2015

  Uncovering an XSS Vulnerability in Cloudflare Services

• Aug 3, 2015

  One Payload to XSS Them All!

• Aug 1, 2015

  Blind SQL Injection in Hootsuite Learning Platform

• Aug 6, 2014

  Exploiting XSRF on Flickr to Change Photo Details

subscribe via RSS