PinnedLSStored XSS via Javascript URI SchemeXSS is an attack vector where an attacker finds a way to inject javascript into a page that can execute in another users context. There…Sep 27, 2023Sep 27, 2023
LSSelf XSS + Login CSRF + OAuth = Account TakeoverI recently submitted a report to a private program where I successfully chained the relatively the innocuous vulnerabilities of a Login…Jul 21Jul 21
LSBypassing a login page and getting full admin access on an internal training platformIn this write up i’ll go over how I went from a login page of a training platform which I didn’t have credentials for to getting full…Feb 281Feb 281
LSStored XSS via SVG File UploadThis report will be exploring a vulnerability I found by uploading a malicious SVG file containing an XSS payload.Sep 27, 2023Sep 27, 2023