Cache Poisoning via SelfXSS + Path Parameter
in this write up i will explain to you how i was able to turn self xss To stored xss In JSP Application While searching on webarchive for JSP files of the target i found a file named common.jsp which return the ip of visitor and as everyone else might do i tried to see if i can control it via some headers such x-forwarded-for , fortunately i was able to do that but it's just self-xss so i need t..
Bypassing the Redirect filters with 7 ways
Hello Bug Bounty Hunters, In this writeup I will be explaining various scenarios on how to bypass Open Redirect Filters that will lead to Open Redirect> ATO [0x01] Bypass the OAUTH Protection Via Path-URI Open redirect: I already reported a report about simple OAUTH-Token that can lead the attacker to steal the victim’s token without any special trick, It was just like /oauth?redirect=httpx://ma..
Hunting on ASPX Application For P1's [Unauthenticated SOAP,RCE, Info Disclosure]
Hi, I wanna share with you how i found a P1 Vulnerabilities in a private program. At first i grabbed subdomains and titles via assetfinder and, then resolved them using httprobe and extracted the the title of the responsive ones with get-title. I started looking at the titles and i saw that there is a title that had "LOGIN" in it, i opened that page in my browser and i found that the website is ..
XSS Stored On Messages In [ Outlook Web - Outlook Android App ]
Hello Everyone this is my first write up and in this writeup i will share with you my findings in Outlook Bug 1 : XSS Stored on outlook.live[.]com Some services, such as Gmail, Outlook, Yahoo etc, allow sending messages to A e-mail in those services with HTML content [ Content-Type: text/html ], but they filter the message content and only allow some Tags such as , , ... But when I was trying to..