Bug Hunting

Cross Site Scripting (xss)

• writeups

  • From P5 to P2 to 100 BXSS

  • multiplexss vulnerabilities using unknown techniques

  • https://pentest-tools.com/blog/xss-attacks-practical-scenarios#xss-attack-1-hijacking-the-users-session

  • Google Acquisition XSS (Apigee)

  • XSS on Microsoft.com via Angular Js template injection

  • Researching Polymorphic Images for XSS on Google Scholar

  • Netflix Party Simple XSS

  • Stored XSS in google nest

  • Self XSS to persistent XSS on login portal

  • Universal XSS affecting Firefox

  • XSS WAF Character limitation bypass like a boss

  • Self XSS to Account Takeover

  • Reflected XSS on Microsoft subdomains

  • The tricky XSS

  • Reflected XSS in AT&T

  • XSS on Google using Acunetix

  • Exploiting websocket application wide XSS

  • Reflected XSS with HTTP Smuggling

  • XSS on Facebook instagram CDN server bypassing signature protection

  • XSS on Facebook's Acquisition Oculus

  • XSS on sony Subdomain

  • Exploiting Self XSS

  • Effortlessly Finding Cross Site Scripting inclusion XSSI

  • Bugbounty a DOM XSS

  • Blind XSShttps://medium.com/@dirtycoder0124/blind-xss-a-mind-game-to-win-the-battle-4fc67c524678?)

  • FireFox IOS QR code reader XSS(CVE-2019-17003)

  • HTML injection to XSS

  • CVE-2020-13487 | Authenticated Stored Cross-site Scripting in bbPress

  • XSS at error page of repository code

  • XSS like a Pro

  • How I turned self XSS to stored XSS via CSRF

  • XSS Stored on Outlook web

  • XSS Bug 20 Chars Blind XSS Payload

  • XSS in AMP4EMAIL(DOM clobbering)

  • DOM Based XSS bug bounty writeup

  • XSS will never die

  • 5000 USD XSS issue at avast desktop antivirus

  • XSS to account takeover

  • How Paypal helped me to generate XSS

  • Bypass Uppercase filters like a PRO(XSS advanced methods)

  • Stealing login credentials with reflected XSS

  • bughunting xss on cookie popup warning

  • XSS is love

  • Oneplus XSS vulnerability in customer support portal

  • Exploiting cookie based XSS by finding RCE

  • Stored XSS on zendesk via macros

  • XSS in ZOHO main

  • DOM based XSS in private program

  • Bugbounty writeup : Take Attention and get stored XSSS

  • How I xssed admin account

  • Clickjacking XSS on google

  • Stored XSS on laporbugid

  • Leveraging angularjs based XSS to privilege escalation

  • How I found XSS by searching in shodan

  • Chaining caache poisining to stored XSS

  • XSS to RCE

  • XSS on twitter worth 1120

  • Reflected XSS in ebay.com

  • Cookie based XSS exolpoitation 2300 bug bounty

  • What do netcat -SMTP-self XSS have in common

  • XSS on google custom search engine

  • Story of a Full Account Takeover vulnerability N/A to Accepted

  • Yeah I got p2 in 1 minute stored XSS via markdown editor

  • Stored XSS on indeed

  • Self XSS to evil XSS

  • How a classical XSS can lead to persistent ATO vulnerability

  • Reflected XSS in tokopedia train ticket

  • Bypassing XSS filter and stealing user credit card data

  • Googleplex.com blind XSS

  • Reflected XSS on error page

  • How I was able to get private ticket response panel and fortigate web panel via blind XSS

  • Unicode vs WAF

  • Story of URI based XSS with some simple google dorking

  • Stored XSS on edmodo

  • XSSed my way to 1000

  • Try harder for XSS

  • From parameter pollution to XSS

  • MIME sniffing XSS

  • Stored XSS on techprofile Microsoft

  • Tale of a wormable Twitter XSS

  • XSS attacks google bot index manipulation

  • From Reflected XSS to Account takeover

  • Stealing local storage data through XSS

  • CSRF attack can lead to stored XSS

  • XSS Reflected (filter bypass)

  • XSS protection bypass on hackerone private program

  • Just 5 minutes to get my 2nd Stored XSS on edmodo.com

  • Multiple XSS in skype.com

  • Obtaining XSS using moodle featured and minor bugs

  • XSS on 403 forbidden bypass akamai WAF

  • How I was turn self XSS into reflected XSS

  • A Tale of 3 XSS

  • Stored XSS on Google.com

  • Stored XSS in the Guides gameplaersion (www.dota2.com)

  • Admin google.com reflected XSS

  • Paypal Stored security bypass

  • Paypal DOM XSS main domain

  • Bugbounty : The 5k$ Google XSS

  • Facebook stored XSS

  • Ebay mobile reflected XSS

  • Magix bugbounty XSS writeup

  • Abusing CORS for an XSS on flickr

  • XSS on google groups

  • Oracle XSS

  • Content types and XSS Facebook Studio

  • Admob Creative image XSS

  • Amazon Packaging feedback XSS

  • PaypalTech XSS

  • Persistent XSS on my world

  • Google VRP XSS in device management

  • Google VRP XSS

  • Google VRP Blind XSS

  • WAZE XSS

  • Referer Based XSS

  • How we invented the Tesla DOM XSS

  • Stored XSS on rockstar game

  • How I was able to bypass strong XSS protection in well known website imgur.com

  • Self XSS to Good XSS

  • That escalated quickly : from partial CSRF to reflected XSS to complete CSRF to Stored XSS

  • XSS using dynamically generated js file

  • Bypassing XSS filtering at anchor Tags

  • XSS by tossing cookies

  • Coinbase angularjs dom XSS via kiteworks

  • Medium Content spoofing and XSS

  • Managed Apps and music a tale of two XSSes in Google play

  • Making an XSS triggered by CSP bypass on twitter

  • Escalating XSS in phantomjs image rendering to SSRF

  • Reflected XSS in Simplerisk

  • Stored XSS in the heart of the russian email provider

  • How I built an XSS worm on atmail

  • XSS on bugcrowd and so many other websites main domain

  • Godaddy XSS affects parked domains redirector Processor

  • Stored XSS in Google image search

  • A pair of plotly bugs stored XSS abd AWS metadata

  • Near universal XSS in mcafee web gateway

  • Penetrating Pornhub XSS vulns

  • How I found a 5000 Google maps XSS by fiddling with protobuf

  • Airbnb when bypassing json encoding XSS filter WAF CSP and auditior turns into eight vulnerabilities

  • Lightwight markup a trio of persistent XSS in gitlab

  • XSS ONE BAY

  • SVG XSS in unifi

  • Stored XSS in unifi V4.8.12 controller

  • Turning self XSS into good XSS v2

  • SWF XSS DOM Based XSS

  • XSS filter bypass in Yahoo Dev flurry

  • XSS on Flickr

  • Two vulnerabilities makes an exploit XSS and csrf in bing

  • Runkeeper stored XSS

  • Google sleeping XSS awakens 5k bounty

  • Poisoning the well compromising godaddy customer support with blind XSS

  • UBER turning self XSS to good XSS

  • XSS on facebook via png content types

  • Cloudflare XSS

  • How I found XSS Vulnerability in Google

  • XSS to RCE

  • One payload to XSS them all

  • Self XSS on komunitas

  • Reclected XSS on alibabacloud

  • Self XSS on komunitas bukalapak

  • A real XSS in OLX

  • Self XSS using IE adobes

  • Stealing local storage through XSS

  • 1000 USD in 5mins Stored XSS in Outlook

  • OLX reflected XSS

  • My first stored XSS on edmodo.com

  • Hack your form new vector for BXSS

  • How I found Blind XSS vulnerability in redacted.com

  • 3 XSS in protonmail for iOS

  • XSS in edmodo wihinin 5 mins

  • Stil work redirect Yahoo subdomain XSS

  • XSS in azure devOps

  • Shopify reflected XSS

  • Muliple Stored XSS on tokopedia

  • Stored XSS on edmodo

  • A unique XSS scenario 1000 Bounty

  • Protonmail XSS Stored

  • Chaining tricky ouath exploitation to stored XSS

  • Antihack XSS to php uplaod

  • Reflected XSS in zomato

  • XSS through SWF file

  • Hackyourform BXSS

  • Reflected XSS on ASUS

  • Stored XSS via Alternate text at zendesk support

  • How I stumbled upon a stored XSS : my first bug bounty story

  • Cookie based Self XSS to Good XSS

  • Reflected XSS on amazon

  • XSS worm : a creative use of web application vulnerability

  • Google code in XSS

  • Self XSS on indeed.com

  • How I accidentally found XSS in Protonmail for iOS app

  • XML XSS in yandex.ru by accident

  • Critical Stored XSS vulnerability

  • XSS bypass using META tag in realestate.postnl.nl

  • Edmodo XSS bug

  • XSS in hiden input fields

  • How I discovered XSS that affected over 20 uber subdomains

  • DOM based XSS or why you should not rely on cloudflare too much

  • XSS in dynamics 365

  • XSS deface with html and how to convert the html into charcode

  • Cookie based injection XSS making explitable with exploiting other vulns

  • XSS with put in ghost blog

  • XSS using a Bug in safari and why blacklists are stupid

  • Magic XSS with two parameters

  • DOM XSS bug affecting tinder shopify Yelp

  • Persistent XSS unvalidated open graph embed at linkedin.com

  • My first 0day exploit CSP Bypass Reflected XSS

  • Google Stored XSS in payments

  • XSS on dropbox

  • Weaponizing XSS attacking internal domains

  • How I XSSed UBER and bypassed CSP

  • RXSS and CSRF bypass to Account takeover

  • Another XSS in google collaboratory

  • How I bypassed AKAMAI waf in overstock.com

  • Reflected XSS at philips.com

  • XSS vulnerabilities in multiple iframe busters affecting top tier sites

  • Reflected DOM XSS and clickjacking silvergoldbull

  • Stored XSS vulnerability in h1 private

  • Authbypass SQLi and XSS

  • Stored XSS vulnerability in tumblr

  • XSS in google code jam

  • Mapbox XSS

  • My first valid XSS

  • Stored XSS in webcomponents.org

  • 3 minutes XSS

  • icloud.com DOM based XSS

  • XSS at hubspot and in email areas

  • Self XSS leads to blind XSS and Reflected XSS

  • Refltected XSS primagames.com

  • Stored XSS in gameskinny

  • Blind XSS in Chrome experments Google

  • Yahoo two XSSI vulnerabilities chained to steal user information (750$)

  • How I found XSS on amazon

  • A blind XSS in messengers twins

  • XSS in microsoft Subdomain

  • Persistent XSS at ah.nl

  • The 12000 intersection betwenn clickjaking , XSS and DOS

  • XSS in google collaboratory CSP bypass

  • How I found blind XSS in apple

  • Reflected XSS on amazon.com

  • How I found XSS in 360totalsecurity

  • The 2.5 BTC Stored XSS

  • XSS Vulnerability in Netflix

  • A story of a UXSS via DOM XSS clickjacking in steam inventory helper

  • How I found XSS via SSRF vulnerability

  • Searching for XSS found ldap injection

  • how I converted SSRF to XSS in a SSRF vulnerable JIRA

  • Reflected XSS in Yahoo subdomain

  • Account takeover and blind XSS

  • How I found 5 stored XSS on a private program

  • Persistent XSS to steal passwords(Paypal)

  • Self XSS + CSRF to stored XSS

  • Stored XSS in yahoo and subdomains

  • XSS in microsoft

  • Blind XSS at customer support panel

  • Reflected XSS on stackoverflow

  • Stored XSS in Yahoo

  • XSS 403 forbidden Bypass

  • Turning self XSS into non self XSS via authorization issue at paypal

  • A story of stored XSS bypass

  • Mangobaaz hacked XSS to credentials

  • How I got stored XSS using file upload

  • Bypassing CSP to abusing XSS filter in edge

  • XSS to session Hijacking

  • Reflected XSS on www.zomato.com

  • XSS in subdomain of yahoo

  • XSS in yahoo.net subdomain

  • Reflected XSS moongaloop swf version 62x

  • Google adwords 3133.7 Stored XSS

  • How I found a surprising XSS vulnerability on oracle netsuite

  • Stored XSS on snapchat

  • How I was able to bypass XSS protection on h1 private program

  • Reflected XSS possible

  • XSS via angularjs template injection hostinger

  • Microsoft follow feature XSS (CVE-2017-8514)

  • XSS protection bypass made my quickest bounty ever

  • Taking note XSS to RCE in the simplenote electron client

  • VMWARE official vcdx reflected XSS

  • How I pwned a company using IDOR and Blind XSS

  • From Recon to DOM based XSS

  • Local file read via XSS

  • Non persistent XSS at microsoft

  • A Stored XSS in google (double kill)

  • Filter bypass to Reflected XSS on finance.yahoo.com (mobile version)

  • 900$ XSS in yahoo : recon wins

  • How I bypassed practos firewall and triggered an XSS vulnerability

  • Stored XSS to full information disclosure

  • Story of parameter specific XSS

  • Chaining self XSS with UI redressing leading to session hijacking

  • Stored XSS with arbitrary cookie installation

  • Reflective XSS and Open redirect on indeed.com subdomain

  • How I found reflected XSS on Yahoo subdomain

  • Dont just alert(1) because XSS is more fun

  • UBER XSS by helpe of KNOXSS

  • Reflected XSS in Yahoo

  • Reflected XSS on ww.yahoo.com

  • XSS because of wrong content type header

Cross Site Request Forgery (CSRF)

• writeups

  • How a simple CSRF attack turned into a P1

  • How I exploited the json csrf with method override technique

  • How I found CSRF(my first bounty)

  • Exploiting websocket application wide XSS and CSRF

  • Site wide CSRF on popular program

  • Using CSRF I got weird account takeover

  • CSRF CSRF CSRF

  • Google Bugbounty CSRF in learndigital.withgoogle.com

  • CSRF token bypass [a tale of 2k bug]

  • 2FA bypass via CSRF attack

  • Stored iframe injection CSRF account takeover

  • Instagram delete media CSRF

  • An inconsistent CSRF

  • Bypass CSRF with clickjacking worth 1250

  • Sitewide CSRF graphql

  • Account takeover using CSRF json based

  • CORS to CSRF attack

  • My first CSRF to account takeover

  • 4x chained CSRFs chained for account takeover

  • CSRF can lead to stored XSS

  • Yet other examples of abusing CSRF in logout

  • Wordpress CSRF to RCE

  • Bruteforce user IDs via CSRF to delete all the users with CSRF attack

  • CSRF Bypass using cross frame scripting

  • Account takeover via CSRF

  • A very useful technique to bypass the CSRF protection

  • CSRF account takeover exlpained automated manual bugbounty

  • CSRF to account takeover

  • How I got 500USD from microsoft for CSRF vulnerability

  • Critical Bypass CSRF protection

  • RXSS CSRF bypass to full account takeover

  • Youtube CSRF

  • Self XSS + CSRF = Stored XSS

  • Ribose IDOR with simple CSRF bypass unrestrcited changes and deletion to other photo profile

  • JSON CSRF attack on a social networking site

  • Hacking facebook oculus integration CSRF

  • Amazon leaking CSRF token using service worker

  • Facebook graphql CSRF

  • Chain the vulnerabilities and take your report impact on the moon csrf to html injection

  • Partial CSRF to Full CSRF

  • Stealing access token of one drive integration by chain csrf vulnerability

  • Metasploit web project kill all running taks CSRF CVE-2017-5244

  • Messenger site wide CSRF

  • Hacking Facebook CSRF device login flow

  • Two vulnerabilities makes an exploit XSS and CSRF in bing

  • How I bypassed Facebook in 2016

  • Ubiquiti bugbounty unifi generic CSRF protection Bypass

  • Bypass Facebook CSRF

  • Facebook CSRF full account takeover

---

Local File Inclusion (LFI)

• writeups

  • RFI LFI Writeup

  • My first LFI

  • Bug bounty LFI at Google.com

  • Google LFI on production servers in redacted.google.com

  • LFI to 10 server pwn

  • LFI in apigee portals

  • Chain the bugs to pwn an organisation LFI unrestricted file upload to RCE

  • How we got LFI in apache drill recom like a boss

  • Bugbounty journey from LFI to RCE

  • LFI to RCE on deutche telekom bugbounty

  • From LFI to RCE via PHP sessions

  • magix bugbounty magix.com XSS RCE SQLI and LFI

  • LFI in nokia maps

---

Subdomain Takeover

• writeups

  • How I bought my way to subdomain takeover on tokopedia

  • Subdomain Takeover via pantheon

  • Subdomain takeover : a unique way

  • Escalating subdomain takeover to steal sensitive stuff

  • Subdomain takeover awarded 200

  • Subdomain takeover via wufoo service

  • Subdomain takeover via Hubspot

  • Souq.com subdomain takeover

  • Subdomain takeover : new level

  • Subdomain takeover due to misconfigured project settings for custom domain

  • Subdomain takeover via shopify vendor

  • Subdomain takeover via unsecured s3 bucket

  • Subdomain takeover worth 200

  • Subdomain takeover via campaignmonitor

  • How to do 55000 subdomain takeover in a blink of an eye

  • Subdomain takeover Starbucks (Part 2)

  • Subdomain takeover Starbucks

  • Uber wildcard subdomain takeover

  • Bugcrowd domain subdomain takeover vulnerability

  • Subdomain takeover vulnerability (Lamborghini Hacked)

  • Authentication bypass on uber's SSO via subdomain takeover

  • Authentication bypass on SSO ubnt.com via Subdomain takeover of ping.ubnt.com

---

SQL Injection(SQLI)

• writeups

  • Tricky oracle SQLI situation

  • Exploiting “Google BigQuery” SQLI

  • SQLI via stopping the redirection to a login page

  • Finding SQLI with white box analysis a recent bug example

  • Bypassing a crappy WAF to exploit a blind SQLI

  • SQL Injection in private-site.com/login.php

  • Exploiting tricky blind SQLI

  • SQLI in forget password fucntion

  • SQLI Bug Bounty

  • File Upload blind SQLI

  • SQL Injection

  • SQLI through User Agent

  • SQLI in insert update query without comma

  • SQLI for 50 bounty

  • Abusing MYSQL CLients

  • SQLI Authentication Bypass AutoTrader Webmail

  • ZOL Zimbabwe Authentication Bypass to XSS & SQLi

  • SQLI bootcamp.nutanix.com

  • SQLI in University of Cambridge

  • Making a blind SQLI a little less Blind SQLI

  • SQLI amd silly WAF

  • Attacking Postgresql Database

  • Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection

  • A 5 minute SQLI

  • Union based SQLI writeup

  • SQLI with load file and into outfile

  • SQLI is Everywhere

  • SQLI in Update Query Bug

  • Blind SQLI Hootsuite

  • Yahoo – Root Access SQLI – tw.yahoo.com

  • Step by Step Exploiting SQLI in Oculus

  • Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)

  • Tesla Motors blind SQLI

  • SQLI in Nokia Sites

---

Insecure Direct Object Reference (IDOR)

• writeups

  • Disclose Private Dashboard Chart's name and data in Facebook Analytics

  • Disclosing privately shared gaming clips of any user

  • Adding anyone including non-friend and blocked people as co-host in personal event!

  • Page analyst could view job application details

  • Deleting Anyone's Video Poll

---

CORS

• writeups

  • CORS bug on google's 404 page (rewarded)

  • CORS misconfiguration leading to private information disclosure

  • CORS misconfiguration account takeover out of scope to grab items in scope

  • Chrome CORS

  • Bypassing CORS

  • CORS to CSRF attack

  • An unexploited CORS misconfiguration reflecting further issues

  • Think outside the scope advanced cors exploitation techniques

  • A simple CORS misconfiguration leaked private post of twitter facebook instagram

  • Explpoiting CORS misconfiguration

  • Full account takeover through CORS with connection sockets

  • Exploiting insecure CORS API api.artsy.net

  • Pre domain wildcard CORS exploitation

  • Exploiting misconfigured CORS on popular BTC site

  • Abusing CORS for an XSS on flickr

---

Server Side Request Forgery (SSRF)

• writeups

  • Exploiting an SSRF trials and tribulations

  • https://hariharanchellamuthu.medium.com/ssrf-server-side-request-forgery-when-converting-the-html-file-or-url-to-pdf-e7e1d55684cd

  • https://faizannehal.medium.com/how-you-can-escalate-a-simple-html-injection-into-a-critical-ssrf-8cd754e1a114

  • SSRF on PDF generator

  • Google VRP SSRF in Google cloud platform stackdriver

  • Vimeo upload function SSRF

  • SSRF via ffmeg processing

  • My first SSRF using DNS rebinding

  • Bugbounty simple SSRF

  • SSRF reading local files from downnotifier server

  • SSRF vulnerability

  • Gain adfly SMTP access with SSRF via gopher protocol

  • Blind SSRF in stripe.com due to senntry misconfiguration

  • SSRF port issue hidden approch

  • The jorney of web cache firewall bypass to SSRF to AWS credentials compromise

  • SSRF to local file read and abusing aws metadata

  • pdfreactor SSRF to root level local files read which lead to RCE

  • SSRF trick : SSRF XSPA in micosoft's bing webwaster

  • Downnotifeer SSRF

  • Escalating SSRF to RCE

  • Vimeo SSRF with code execution potential

  • SSRF in slack

  • Exploiting SSRF like a boss

  • AWS takeover SSRF javascript

  • Into the borg of SSRF inside google production network

  • SSRF to local file disclosure

  • How I found an SSRF in yahoo guesthouse (recon wins)

  • Reading internal files using SSRF vulnerability

  • Airbnb chaining third party open redirect into SSRF via liveperson chat

---

Race Condition

• writeups

  • Exploiting a Race condition vulnerabililty

  • Race condition that could result to RCE a story with an app

  • Creating thinking is our everything : Race condition and business logic

  • Chaining improper authorization to Race condition to harvest credit card details

  • A Race condition bug in Facebook chat groups

  • Race condition bypassing team limit

  • Race condition on web

  • Race condition bugs on Facebook

  • Hacking Banks With Race Conditions

  • Race Condition Bug In Web App: A Use Case

  • RACE Condition vulnerability found in bug-bounty program

  • How to check Race Conditions in Web Applications

---

Remote Code Execution (RCE)

• writeups

  • Microsoft RCE bugbounty

  • OTP bruteforce account takeover

  • Attacking helpdesk RCE chain on deskpro with bitdefender

  • Remote image upload leads to RCE inject malicious code

  • Finding a p1 in one minute with shodan.io RCE

  • From recon to optimizing RCE results simple story with one of the biggest ICT company

  • Uploading backdoor for fun and profit RCE DB creds P1

  • Responsible Disclosure breaking out of a sandboxed editor to perform RCE

  • Wordpress design flaw leads to woocommerce RCE

  • Path traversal while uploading results in RCE

  • RCE jenkins instance

  • Traversing the path to RCE

  • How I chained 4 bugs features into RCE on amazon

  • RCE due to showexceptions

  • Yahoo luminate RCE

  • Latex to RCE private bug bounty program

  • How I got hall of fame in two fortune 500 companies an RCE story

  • RCE by uploading a web config

  • 36k Google app engine RCE

  • How I found 2.9 RCE at yahoo

  • Bypass firewall to get RCE

  • RCE vulnerabilite in yahoo subdomain

  • RCE in duolingos tinycards app from android

  • Unrestricted file upload to RCE

  • Getting a RCE (CTF WAY)

  • RCE starwars

  • How I got 5500 from yahoo for RCE

  • RCE in Addthis

  • Paypal RCE

  • My First RCE (Stressed Employee gets me 2x bounty)

  • Abusing ImageMagick to obtain RCE

  • How Snapdeal Kept their Users Data at Risk!

  • RCE via ImageTragick

  • How I Cracked 2FA with Simple Factor Brute-force!

  • Found RCE but got Duplicated

  • “Recon” helped Samsung protect their production repositories of SamsungTv, eCommerce eStores

  • IDOR to RCE

  • RCE on AEM instance without JAVA knowledge

  • RCE with Flask Jinja tempelate Injection

  • Race Condition that could result to RCE

  • Chaining Two 0-Days to Compromise An Uber Wordpress

  • Oculus Identity Verification bypass through Brute Force

  • Used RCE as Root on marathon Instance

  • Two easy RCE in Atlassian Products

  • RCE in Ruby using mustache templates

  • About a Sucuri RCE…and How Not to Handle Bug Bounty Reports

  • Source code disclosure vulnerability

  • Bypassing custom Token Authentication in a Mobile App

  • Facebook’s Burglary Shopping List

  • From SSRF To RCE in PDFReacter

  • Apache strust RCE

  • Dell KACE K1000 Remote Code Execution

  • Handlebars Tempelate Injection and RCE

  • Leaked Salesforce API access token at IKEA.com

  • Zero Day RCE on Mozilla's AWS Network

  • Escalating SSRF to RCE

  • Fixed : Brute-force Instagram account’s passwords

  • Bug Bounty 101 — Always Check The Source Code

  • ASUS RCE vulnerability on rma.asus-europe.eu

  • Magento – RCE & Local File Read with low privilege admin rights

  • RCE in Nokia.com

  • Two RCE in SharePoint

  • Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over

  • RCE in Hubspot with EL injection in HubL

  • Github Desktop RCE

  • eBay Source Code leak

  • Facebook source code disclosure in ads API

  • XS-Searching Google’s bug tracker to find out vulnerable source code

---