API tools faq
paste
Drvirus1911

Bug Bounty write-ups and POCs

Drvirus1911
Sep 4th, 2017
2,221
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.69 KB | None | 0 0
raw download clone embed print report
  1. Uber Bug Bounty: Turning Self-XSS into Good-XSS: https://whitton.io/articles/uber-turning-self-xss-into-good-xss/
  2.  
  3. An XSS on Facebook via PNGs & Wonky Content Types: https://whitton.io/articles/xss-on-facebook-via-png-content-types/
  4.  
  5. Bypassing Google Authentication on Periscope's Administration Panel: https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/
  6.  
  7. How I got access to millions of [redacted] accounts: https://bitquark.co.uk/blog/2016/02/09/how_i_got_access_to_millions_of_redacted_accounts
  8.  
  9. Popping a shell on the Oculus developer portal: https://bitquark.co.uk/blog/2014/08/31/popping_a_shell_on_the_oculus_developer_portal
  10.  
  11. Multiple vulnerabilities in D-Link and TRENDnet 'ncc2' service: http://www.kernelpicnic.net/2015/02/26/D-Link-and-TRENDnet-ncc2-service.html
  12.  
  13. NetGear SOAPWNDR Authentication Bypass: http://www.kernelpicnic.net/2015/02/11/NetGear-SOAPWNDR-Authentication-Bypass.html
  14.  
  15. Bypassing SOP and shouting hello before you cross the pond: https://labs.detectify.com/2016/03/17/bypassing-sop-and-shouting-hello-before-you-cross-the-pond/
  16.  
  17. Slack bot token leakage exposing business critical information: https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/
  18.  
  19. Using a Braun Shaver to Bypass XSS Audit and WAF by Frans Rosen, Detectify: https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-audit-and-waf-by-frans-rosen-detectify
  20.  
  21. Papyal XML Upload Cross Site Scripting Vulnerability: https://blog.it-securityguard.com/bugbounty-papyal-xml-upload-cross-site-scripting-vulnerability/
  22.  
  23. Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS: https://thehackerblog.com/poisoning-the-well-compromising-godaddy-customer-support-with-blind-xss/index.html
  24.  
  25. Drag Drop XSS in Google: http://c0rni3sm.blogspot.com.eg/2016/04/drag-drop-xss-in-google.html
  26.  
  27. A Quite Rare MSSQL Injection: http://c0rni3sm.blogspot.com.eg/2016/02/a-quite-rare-mssql-injection.html
  28.  
  29. Paypal XXE Doc: https://seanmelia.files.wordpress.com/2015/12/paypal-xxe-doc.pdf
  30.  
  31. How I Could Compromise 4% (Locked) Instagram Accounts: https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/
  32.  
  33. Seagate NAS Remote Code Execution Vulnerability: https://beyondbinary.io/articles/seagate-nas-rce/
  34.  
  35. Sleeping stored Google XSS Awakens a $5000 Bounty: https://blog.it-securityguard.com/bugbounty-sleeping-stored-google-xss-awakens-a-5000-bounty/
  36.  
  37. Finding XSS vulnerabilities in flash files: https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/
  38.  
  39. Reversing Aruba Instant Firmware: https://www.serializing.me/2015/10/21/reversing-aruba-instant-firmware/
  40.  
  41. https://www.reddit.com/r/netsec/
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!