Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Uber Bug Bounty: Turning Self-XSS into Good-XSS: https://whitton.io/articles/uber-turning-self-xss-into-good-xss/
- An XSS on Facebook via PNGs & Wonky Content Types: https://whitton.io/articles/xss-on-facebook-via-png-content-types/
- Bypassing Google Authentication on Periscope's Administration Panel: https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/
- How I got access to millions of [redacted] accounts: https://bitquark.co.uk/blog/2016/02/09/how_i_got_access_to_millions_of_redacted_accounts
- Popping a shell on the Oculus developer portal: https://bitquark.co.uk/blog/2014/08/31/popping_a_shell_on_the_oculus_developer_portal
- Multiple vulnerabilities in D-Link and TRENDnet 'ncc2' service: http://www.kernelpicnic.net/2015/02/26/D-Link-and-TRENDnet-ncc2-service.html
- NetGear SOAPWNDR Authentication Bypass: http://www.kernelpicnic.net/2015/02/11/NetGear-SOAPWNDR-Authentication-Bypass.html
- Bypassing SOP and shouting hello before you cross the pond: https://labs.detectify.com/2016/03/17/bypassing-sop-and-shouting-hello-before-you-cross-the-pond/
- Slack bot token leakage exposing business critical information: https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/
- Using a Braun Shaver to Bypass XSS Audit and WAF by Frans Rosen, Detectify: https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-audit-and-waf-by-frans-rosen-detectify
- Papyal XML Upload Cross Site Scripting Vulnerability: https://blog.it-securityguard.com/bugbounty-papyal-xml-upload-cross-site-scripting-vulnerability/
- Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS: https://thehackerblog.com/poisoning-the-well-compromising-godaddy-customer-support-with-blind-xss/index.html
- Drag Drop XSS in Google: http://c0rni3sm.blogspot.com.eg/2016/04/drag-drop-xss-in-google.html
- A Quite Rare MSSQL Injection: http://c0rni3sm.blogspot.com.eg/2016/02/a-quite-rare-mssql-injection.html
- Paypal XXE Doc: https://seanmelia.files.wordpress.com/2015/12/paypal-xxe-doc.pdf
- How I Could Compromise 4% (Locked) Instagram Accounts: https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/
- Seagate NAS Remote Code Execution Vulnerability: https://beyondbinary.io/articles/seagate-nas-rce/
- Sleeping stored Google XSS Awakens a $5000 Bounty: https://blog.it-securityguard.com/bugbounty-sleeping-stored-google-xss-awakens-a-5000-bounty/
- Finding XSS vulnerabilities in flash files: https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/
- Reversing Aruba Instant Firmware: https://www.serializing.me/2015/10/21/reversing-aruba-instant-firmware/
- https://www.reddit.com/r/netsec/
Add Comment
Please, Sign In to add comment