GLITCH
Search...
Ctrl
K
SUMMARIEs
Bug Hunting
Previous
Kerberos_AD
Next
MITRE
Last updated
6 months ago
Cross Site Scripting (xss)
writeups
Blind XSS
Cross Site Request Forgery (CSRF)
writeups
Local File Inclusion (LFI)
writeups
Subdomain Takeover
writeups
SQL Injection(SQLI)
writeups
Insecure Direct Object Reference (IDOR)
writeups
CORS
writeups
Server Side Request Forgery (SSRF)
writeups
Race Condition
writeups
Remote Code Execution (RCE)
writeups
From P5 to P2 to 100 BXSS
multiplexss vulnerabilities using unknown techniques
https://pentest-tools.com/blog/xss-attacks-practical-scenarios#xss-attack-1-hijacking-the-users-session
Google Acquisition XSS (Apigee)
XSS on Microsoft.com via Angular Js template injection
Researching Polymorphic Images for XSS on Google Scholar
Netflix Party Simple XSS
Stored XSS in google nest
Self XSS to persistent XSS on login portal
Universal XSS affecting Firefox
XSS WAF Character limitation bypass like a boss
Self XSS to Account Takeover
Reflected XSS on Microsoft subdomains
The tricky XSS
Reflected XSS in AT&T
XSS on Google using Acunetix
Exploiting websocket application wide XSS
Reflected XSS with HTTP Smuggling
XSS on Facebook instagram CDN server bypassing signature protection
XSS on Facebook's Acquisition Oculus
XSS on sony Subdomain
Exploiting Self XSS
Effortlessly Finding Cross Site Scripting inclusion XSSI
Bugbounty a DOM XSS
https://medium.com/@dirtycoder0124/blind-xss-a-mind-game-to-win-the-battle-4fc67c524678?)
FireFox IOS QR code reader XSS(CVE-2019-17003)
HTML injection to XSS
CVE-2020-13487 | Authenticated Stored Cross-site Scripting in bbPress
XSS at error page of repository code
XSS like a Pro
How I turned self XSS to stored XSS via CSRF
XSS Stored on Outlook web
XSS Bug 20 Chars Blind XSS Payload
XSS in AMP4EMAIL(DOM clobbering)
DOM Based XSS bug bounty writeup
XSS will never die
5000 USD XSS issue at avast desktop antivirus
XSS to account takeover
How Paypal helped me to generate XSS
Bypass Uppercase filters like a PRO(XSS advanced methods)
Stealing login credentials with reflected XSS
bughunting xss on cookie popup warning
XSS is love
Oneplus XSS vulnerability in customer support portal
Exploiting cookie based XSS by finding RCE
Stored XSS on zendesk via macros
XSS in ZOHO main
DOM based XSS in private program
Bugbounty writeup : Take Attention and get stored XSSS
How I xssed admin account
Clickjacking XSS on google
Stored XSS on laporbugid
Leveraging angularjs based XSS to privilege escalation
How I found XSS by searching in shodan
Chaining caache poisining to stored XSS
XSS to RCE
XSS on twitter worth 1120
Reflected XSS in ebay.com
Cookie based XSS exolpoitation 2300 bug bounty
What do netcat -SMTP-self XSS have in common
XSS on google custom search engine
Story of a Full Account Takeover vulnerability N/A to Accepted
Yeah I got p2 in 1 minute stored XSS via markdown editor
Stored XSS on indeed
Self XSS to evil XSS
How a classical XSS can lead to persistent ATO vulnerability
Reflected XSS in tokopedia train ticket
Bypassing XSS filter and stealing user credit card data
Googleplex.com blind XSS
Reflected XSS on error page
How I was able to get private ticket response panel and fortigate web panel via blind XSS
Unicode vs WAF
Story of URI based XSS with some simple google dorking
Stored XSS on edmodo
XSSed my way to 1000
Try harder for XSS
From parameter pollution to XSS
MIME sniffing XSS
Stored XSS on techprofile Microsoft
Tale of a wormable Twitter XSS
XSS attacks google bot index manipulation
From Reflected XSS to Account takeover
Stealing local storage data through XSS
CSRF attack can lead to stored XSS
XSS Reflected (filter bypass)
XSS protection bypass on hackerone private program
Just 5 minutes to get my 2nd Stored XSS on edmodo.com
Multiple XSS in skype.com
Obtaining XSS using moodle featured and minor bugs
XSS on 403 forbidden bypass akamai WAF
How I was turn self XSS into reflected XSS
A Tale of 3 XSS
Stored XSS on Google.com
Stored XSS in the Guides gameplaersion (www.dota2.com)
Admin google.com reflected XSS
Paypal Stored security bypass
Paypal DOM XSS main domain
Bugbounty : The 5k$ Google XSS
Facebook stored XSS
Ebay mobile reflected XSS
Magix bugbounty XSS writeup
Abusing CORS for an XSS on flickr
XSS on google groups
Oracle XSS
Content types and XSS Facebook Studio
Admob Creative image XSS
Amazon Packaging feedback XSS
PaypalTech XSS
Persistent XSS on my world
Google VRP XSS in device management
Google VRP XSS
Google VRP Blind XSS
WAZE XSS
Referer Based XSS
How we invented the Tesla DOM XSS
Stored XSS on rockstar game
How I was able to bypass strong XSS protection in well known website imgur.com
Self XSS to Good XSS
That escalated quickly : from partial CSRF to reflected XSS to complete CSRF to Stored XSS
XSS using dynamically generated js file
Bypassing XSS filtering at anchor Tags
XSS by tossing cookies
Coinbase angularjs dom XSS via kiteworks
Medium Content spoofing and XSS
Managed Apps and music a tale of two XSSes in Google play
Making an XSS triggered by CSP bypass on twitter
Escalating XSS in phantomjs image rendering to SSRF
Reflected XSS in Simplerisk
Stored XSS in the heart of the russian email provider
How I built an XSS worm on atmail
XSS on bugcrowd and so many other websites main domain
Godaddy XSS affects parked domains redirector Processor
Stored XSS in Google image search
A pair of plotly bugs stored XSS abd AWS metadata
Near universal XSS in mcafee web gateway
Penetrating Pornhub XSS vulns
How I found a 5000 Google maps XSS by fiddling with protobuf
Airbnb when bypassing json encoding XSS filter WAF CSP and auditior turns into eight vulnerabilities
Lightwight markup a trio of persistent XSS in gitlab
XSS ONE BAY
SVG XSS in unifi
Stored XSS in unifi V4.8.12 controller
Turning self XSS into good XSS v2
SWF XSS DOM Based XSS
XSS filter bypass in Yahoo Dev flurry
XSS on Flickr
Two vulnerabilities makes an exploit XSS and csrf in bing
Runkeeper stored XSS
Google sleeping XSS awakens 5k bounty
Poisoning the well compromising godaddy customer support with blind XSS
UBER turning self XSS to good XSS
XSS on facebook via png content types
Cloudflare XSS
How I found XSS Vulnerability in Google
XSS to RCE
One payload to XSS them all
Self XSS on komunitas
Reclected XSS on alibabacloud
Self XSS on komunitas bukalapak
A real XSS in OLX
Self XSS using IE adobes
Stealing local storage through XSS
1000 USD in 5mins Stored XSS in Outlook
OLX reflected XSS
My first stored XSS on edmodo.com
Hack your form new vector for BXSS
How I found Blind XSS vulnerability in redacted.com
3 XSS in protonmail for iOS
XSS in edmodo wihinin 5 mins
Stil work redirect Yahoo subdomain XSS
XSS in azure devOps
Shopify reflected XSS
Muliple Stored XSS on tokopedia
Stored XSS on edmodo
A unique XSS scenario 1000 Bounty
Protonmail XSS Stored
Chaining tricky ouath exploitation to stored XSS
Antihack XSS to php uplaod
Reflected XSS in zomato
XSS through SWF file
Hackyourform BXSS
Reflected XSS on ASUS
Stored XSS via Alternate text at zendesk support
How I stumbled upon a stored XSS : my first bug bounty story
Cookie based Self XSS to Good XSS
Reflected XSS on amazon
XSS worm : a creative use of web application vulnerability
Google code in XSS
Self XSS on indeed.com
How I accidentally found XSS in Protonmail for iOS app
XML XSS in yandex.ru by accident
Critical Stored XSS vulnerability
XSS bypass using META tag in realestate.postnl.nl
Edmodo XSS bug
XSS in hiden input fields
How I discovered XSS that affected over 20 uber subdomains
DOM based XSS or why you should not rely on cloudflare too much
XSS in dynamics 365
XSS deface with html and how to convert the html into charcode
Cookie based injection XSS making explitable with exploiting other vulns
XSS with put in ghost blog
XSS using a Bug in safari and why blacklists are stupid
Magic XSS with two parameters
DOM XSS bug affecting tinder shopify Yelp
Persistent XSS unvalidated open graph embed at linkedin.com
My first 0day exploit CSP Bypass Reflected XSS
Google Stored XSS in payments
XSS on dropbox
Weaponizing XSS attacking internal domains
How I XSSed UBER and bypassed CSP
RXSS and CSRF bypass to Account takeover
Another XSS in google collaboratory
How I bypassed AKAMAI waf in overstock.com
Reflected XSS at philips.com
XSS vulnerabilities in multiple iframe busters affecting top tier sites
Reflected DOM XSS and clickjacking silvergoldbull
Stored XSS vulnerability in h1 private
Authbypass SQLi and XSS
Stored XSS vulnerability in tumblr
XSS in google code jam
Mapbox XSS
My first valid XSS
Stored XSS in webcomponents.org
3 minutes XSS
icloud.com DOM based XSS
XSS at hubspot and in email areas
Self XSS leads to blind XSS and Reflected XSS
Refltected XSS primagames.com
Stored XSS in gameskinny
Blind XSS in Chrome experments Google
Yahoo two XSSI vulnerabilities chained to steal user information (750$)
How I found XSS on amazon
A blind XSS in messengers twins
XSS in microsoft Subdomain
Persistent XSS at ah.nl
The 12000 intersection betwenn clickjaking , XSS and DOS
XSS in google collaboratory CSP bypass
How I found blind XSS in apple
Reflected XSS on amazon.com
How I found XSS in 360totalsecurity
The 2.5 BTC Stored XSS
XSS Vulnerability in Netflix
A story of a UXSS via DOM XSS clickjacking in steam inventory helper
How I found XSS via SSRF vulnerability
Searching for XSS found ldap injection
how I converted SSRF to XSS in a SSRF vulnerable JIRA
Reflected XSS in Yahoo subdomain
Account takeover and blind XSS
How I found 5 stored XSS on a private program
Persistent XSS to steal passwords(Paypal)
Self XSS + CSRF to stored XSS
Stored XSS in yahoo and subdomains
XSS in microsoft
Blind XSS at customer support panel
Reflected XSS on stackoverflow
Stored XSS in Yahoo
XSS 403 forbidden Bypass
Turning self XSS into non self XSS via authorization issue at paypal
A story of stored XSS bypass
Mangobaaz hacked XSS to credentials
How I got stored XSS using file upload
Bypassing CSP to abusing XSS filter in edge
XSS to session Hijacking
Reflected XSS on www.zomato.com
XSS in subdomain of yahoo
XSS in yahoo.net subdomain
Reflected XSS moongaloop swf version 62x
Google adwords 3133.7 Stored XSS
How I found a surprising XSS vulnerability on oracle netsuite
Stored XSS on snapchat
How I was able to bypass XSS protection on h1 private program
Reflected XSS possible
XSS via angularjs template injection hostinger
Microsoft follow feature XSS (CVE-2017-8514)
XSS protection bypass made my quickest bounty ever
Taking note XSS to RCE in the simplenote electron client
VMWARE official vcdx reflected XSS
How I pwned a company using IDOR and Blind XSS
From Recon to DOM based XSS
Local file read via XSS
Non persistent XSS at microsoft
A Stored XSS in google (double kill)
Filter bypass to Reflected XSS on finance.yahoo.com (mobile version)
900$ XSS in yahoo : recon wins
How I bypassed practos firewall and triggered an XSS vulnerability
Stored XSS to full information disclosure
Story of parameter specific XSS
Chaining self XSS with UI redressing leading to session hijacking
Stored XSS with arbitrary cookie installation
Reflective XSS and Open redirect on indeed.com subdomain
How I found reflected XSS on Yahoo subdomain
Dont just alert(1) because XSS is more fun
UBER XSS by helpe of KNOXSS
Reflected XSS in Yahoo
Reflected XSS on ww.yahoo.com
XSS because of wrong content type header
How a simple CSRF attack turned into a P1
How I exploited the json csrf with method override technique
How I found CSRF(my first bounty)
Exploiting websocket application wide XSS and CSRF
Site wide CSRF on popular program
Using CSRF I got weird account takeover
CSRF CSRF CSRF
Google Bugbounty CSRF in learndigital.withgoogle.com
CSRF token bypass [a tale of 2k bug]
2FA bypass via CSRF attack
Stored iframe injection CSRF account takeover
Instagram delete media CSRF
An inconsistent CSRF
Bypass CSRF with clickjacking worth 1250
Sitewide CSRF graphql
Account takeover using CSRF json based
CORS to CSRF attack
My first CSRF to account takeover
4x chained CSRFs chained for account takeover
CSRF can lead to stored XSS
Yet other examples of abusing CSRF in logout
Wordpress CSRF to RCE
Bruteforce user IDs via CSRF to delete all the users with CSRF attack
CSRF Bypass using cross frame scripting
Account takeover via CSRF
A very useful technique to bypass the CSRF protection
CSRF account takeover exlpained automated manual bugbounty
CSRF to account takeover
How I got 500USD from microsoft for CSRF vulnerability
Critical Bypass CSRF protection
RXSS CSRF bypass to full account takeover
Youtube CSRF
Self XSS + CSRF = Stored XSS
Ribose IDOR with simple CSRF bypass unrestrcited changes and deletion to other photo profile
JSON CSRF attack on a social networking site
Hacking facebook oculus integration CSRF
Amazon leaking CSRF token using service worker
Facebook graphql CSRF
Chain the vulnerabilities and take your report impact on the moon csrf to html injection
Partial CSRF to Full CSRF
Stealing access token of one drive integration by chain csrf vulnerability
Metasploit web project kill all running taks CSRF CVE-2017-5244
Messenger site wide CSRF
Hacking Facebook CSRF device login flow
Two vulnerabilities makes an exploit XSS and CSRF in bing
How I bypassed Facebook in 2016
Ubiquiti bugbounty unifi generic CSRF protection Bypass
Bypass Facebook CSRF
Facebook CSRF full account takeover
RFI LFI Writeup
My first LFI
Bug bounty LFI at Google.com
Google LFI on production servers in redacted.google.com
LFI to 10 server pwn
LFI in apigee portals
Chain the bugs to pwn an organisation LFI unrestricted file upload to RCE
How we got LFI in apache drill recom like a boss
Bugbounty journey from LFI to RCE
LFI to RCE on deutche telekom bugbounty
From LFI to RCE via PHP sessions
magix bugbounty magix.com XSS RCE SQLI and LFI
LFI in nokia maps
How I bought my way to subdomain takeover on tokopedia
Subdomain Takeover via pantheon
Subdomain takeover : a unique way
Escalating subdomain takeover to steal sensitive stuff
Subdomain takeover awarded 200
Subdomain takeover via wufoo service
Subdomain takeover via Hubspot
Souq.com subdomain takeover
Subdomain takeover : new level
Subdomain takeover due to misconfigured project settings for custom domain
Subdomain takeover via shopify vendor
Subdomain takeover via unsecured s3 bucket
Subdomain takeover worth 200
Subdomain takeover via campaignmonitor
How to do 55000 subdomain takeover in a blink of an eye
Subdomain takeover Starbucks (Part 2)
Subdomain takeover Starbucks
Uber wildcard subdomain takeover
Bugcrowd domain subdomain takeover vulnerability
Subdomain takeover vulnerability (Lamborghini Hacked)
Authentication bypass on uber's SSO via subdomain takeover
Authentication bypass on SSO ubnt.com via Subdomain takeover of ping.ubnt.com
Tricky oracle SQLI situation
Exploiting “Google BigQuery” SQLI
SQLI via stopping the redirection to a login page
Finding SQLI with white box analysis a recent bug example
Bypassing a crappy WAF to exploit a blind SQLI
SQL Injection in private-site.com/login.php
Exploiting tricky blind SQLI
SQLI in forget password fucntion
SQLI Bug Bounty
File Upload blind SQLI
SQL Injection
SQLI through User Agent
SQLI in insert update query without comma
SQLI for 50 bounty
Abusing MYSQL CLients
SQLI Authentication Bypass AutoTrader Webmail
ZOL Zimbabwe Authentication Bypass to XSS & SQLi
SQLI bootcamp.nutanix.com
SQLI in University of Cambridge
Making a blind SQLI a little less Blind SQLI
SQLI amd silly WAF
Attacking Postgresql Database
Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection
A 5 minute SQLI
Union based SQLI writeup
SQLI with load file and into outfile
SQLI is Everywhere
SQLI in Update Query Bug
Blind SQLI Hootsuite
Yahoo – Root Access SQLI – tw.yahoo.com
Step by Step Exploiting SQLI in Oculus
Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)
Tesla Motors blind SQLI
SQLI in Nokia Sites
Disclose Private Dashboard Chart's name and data in Facebook Analytics
Disclosing privately shared gaming clips of any user
Adding anyone including non-friend and blocked people as co-host in personal event!
Page analyst could view job application details
Deleting Anyone's Video Poll
CORS bug on google's 404 page (rewarded)
CORS misconfiguration leading to private information disclosure
CORS misconfiguration account takeover out of scope to grab items in scope
Chrome CORS
Bypassing CORS
CORS to CSRF attack
An unexploited CORS misconfiguration reflecting further issues
Think outside the scope advanced cors exploitation techniques
A simple CORS misconfiguration leaked private post of twitter facebook instagram
Explpoiting CORS misconfiguration
Full account takeover through CORS with connection sockets
Exploiting insecure CORS API api.artsy.net
Pre domain wildcard CORS exploitation
Exploiting misconfigured CORS on popular BTC site
Abusing CORS for an XSS on flickr
Exploiting an SSRF trials and tribulations
https://hariharanchellamuthu.medium.com/ssrf-server-side-request-forgery-when-converting-the-html-file-or-url-to-pdf-e7e1d55684cd
https://faizannehal.medium.com/how-you-can-escalate-a-simple-html-injection-into-a-critical-ssrf-8cd754e1a114
SSRF on PDF generator
Google VRP SSRF in Google cloud platform stackdriver
Vimeo upload function SSRF
SSRF via ffmeg processing
My first SSRF using DNS rebinding
Bugbounty simple SSRF
SSRF reading local files from downnotifier server
SSRF vulnerability
Gain adfly SMTP access with SSRF via gopher protocol
Blind SSRF in stripe.com due to senntry misconfiguration
SSRF port issue hidden approch
The jorney of web cache firewall bypass to SSRF to AWS credentials compromise
SSRF to local file read and abusing aws metadata
pdfreactor SSRF to root level local files read which lead to RCE
SSRF trick : SSRF XSPA in micosoft's bing webwaster
Downnotifeer SSRF
Escalating SSRF to RCE
Vimeo SSRF with code execution potential
SSRF in slack
Exploiting SSRF like a boss
AWS takeover SSRF javascript
Into the borg of SSRF inside google production network
SSRF to local file disclosure
How I found an SSRF in yahoo guesthouse (recon wins)
Reading internal files using SSRF vulnerability
Airbnb chaining third party open redirect into SSRF via liveperson chat
Exploiting a Race condition vulnerabililty
Race condition that could result to RCE a story with an app
Creating thinking is our everything : Race condition and business logic
Chaining improper authorization to Race condition to harvest credit card details
A Race condition bug in Facebook chat groups
Race condition bypassing team limit
Race condition on web
Race condition bugs on Facebook
Hacking Banks With Race Conditions
Race Condition Bug In Web App: A Use Case
RACE Condition vulnerability found in bug-bounty program
How to check Race Conditions in Web Applications
Microsoft RCE bugbounty
OTP bruteforce account takeover
Attacking helpdesk RCE chain on deskpro with bitdefender
Remote image upload leads to RCE inject malicious code
Finding a p1 in one minute with shodan.io RCE
From recon to optimizing RCE results simple story with one of the biggest ICT company
Uploading backdoor for fun and profit RCE DB creds P1
Responsible Disclosure breaking out of a sandboxed editor to perform RCE
Wordpress design flaw leads to woocommerce RCE
Path traversal while uploading results in RCE
RCE jenkins instance
Traversing the path to RCE
How I chained 4 bugs features into RCE on amazon
RCE due to showexceptions
Yahoo luminate RCE
Latex to RCE private bug bounty program
How I got hall of fame in two fortune 500 companies an RCE story
RCE by uploading a web config
36k Google app engine RCE
How I found 2.9 RCE at yahoo
Bypass firewall to get RCE
RCE vulnerabilite in yahoo subdomain
RCE in duolingos tinycards app from android
Unrestricted file upload to RCE
Getting a RCE (CTF WAY)
RCE starwars
How I got 5500 from yahoo for RCE
RCE in Addthis
Paypal RCE
My First RCE (Stressed Employee gets me 2x bounty)
Abusing ImageMagick to obtain RCE
How Snapdeal Kept their Users Data at Risk!
RCE via ImageTragick
How I Cracked 2FA with Simple Factor Brute-force!
Found RCE but got Duplicated
“Recon” helped Samsung protect their production repositories of SamsungTv, eCommerce eStores
IDOR to RCE
RCE on AEM instance without JAVA knowledge
RCE with Flask Jinja tempelate Injection
Race Condition that could result to RCE
Chaining Two 0-Days to Compromise An Uber Wordpress
Oculus Identity Verification bypass through Brute Force
Used RCE as Root on marathon Instance
Two easy RCE in Atlassian Products
RCE in Ruby using mustache templates
About a Sucuri RCE…and How Not to Handle Bug Bounty Reports
Source code disclosure vulnerability
Bypassing custom Token Authentication in a Mobile App
Facebook’s Burglary Shopping List
From SSRF To RCE in PDFReacter
Apache strust RCE
Dell KACE K1000 Remote Code Execution
Handlebars Tempelate Injection and RCE
Leaked Salesforce API access token at IKEA.com
Zero Day RCE on Mozilla's AWS Network
Escalating SSRF to RCE
Fixed : Brute-force Instagram account’s passwords
Bug Bounty 101 — Always Check The Source Code
ASUS RCE vulnerability on rma.asus-europe.eu
Magento – RCE & Local File Read with low privilege admin rights
RCE in Nokia.com
Two RCE in SharePoint
Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over
RCE in Hubspot with EL injection in HubL
Github Desktop RCE
eBay Source Code leak
Facebook source code disclosure in ads API
XS-Searching Google’s bug tracker to find out vulnerable source code
