xss 45

• 👩‍💻IW Weekly #132: Account Takeover on Palo Alto Networks, SQLi Cheat Sheet, Pre-Auth SQL Injection in WhatsUp Gold, SSRF Automation, Bypassing Sanitizers using MXSS, and many more… Oct 14, 2024
• 👩‍💻IW Weekly #126: Bypassing Airport Security, XSS on Netlify’s Image CDN, Frans Rosén’s X-Correlation Research, Prompt Injection on Microsoft Copilot, Type Confusion Flaw in Chrome, and many more… Sep 2, 2024
• 👩‍💻IW Weekly #124: XSS WAF Bypass, Google and Github Dorks, XSS via CSPT, Bug Hunting Methodology, and many more… Aug 19, 2024
• 👩‍💻IW Weekly #122: SSRF, Password Reset Vulnerability, XSS in Hotjar, Single-Packet Attack, WhatsApp Desktop Code Execution, Business Logic Errors and many more… Aug 5, 2024
• 👩‍💻IW Weekly #119: Universal Code Execution, Evernote RCE, Multiple ServiceNow CVEs, Escalating XSS Using Password Managers, DOMPurify Bug, CSS Injections and many more… Jul 15, 2024
• onwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet Jun 11, 2024
• 👩‍💻IW Weekly #113: Subdomain Takeovers to Credential Leaks, Stored XSS to RCE, VSCode SFTP File Exposure, $203K Bounties for Bugs in Azure Health Bot and many more… Jun 3, 2024
• 👩‍💻IW Weekly #108: PostMessage for XSS, Smart Contract Security, Admin Panel Takeover, DOM-XSS to ATO, Process Injection With C, Privilege Escalation and many more … Apr 29, 2024
• 👩‍💻IW Weekly #106: Hacking ICON Blockchain, BatBadBut Vulnerability, DOM XSS to ATO, Starbucks Hack, Bypassing Phone Number Verification and many more… Apr 15, 2024
• 👩‍💻IW Weekly #100🎉Server-Side Prototype Pollution, Zero-Click ATO Exploit, SSRF Bugs, GRX Interface address using TCP, GraphQL API Schemas, XSS for ATO, IDOR, Unicode Normalization and many more… Mar 4, 2024
• 👩‍💻IW Weekly #99: Top 10 hacking techniques of 2023, CSP Bypass, Multiple XSS on Joomla, XSS on ChatGPT, Meteor subdomain takeover, Length filter bypass to SQL Injection, Nomulus pentest and many more… Feb 26, 2024
• 👩‍💻IW Weekly #97: XSS on Microsoft Whiteboard and Excalidraw, ChatGPT Account Takeover, reverse engineered ESP32-based air purifier, advanced HTTP header exploitation techniques, PikaBot Malware Analysis and many more… Feb 12, 2024
• 👩‍💻IW Weekly #95: From Rook to XSS, CVE-2023-5480, Response Manipulation to Privilege Escalation, Top 10 Web Hacking Techniques for 2023, Unicode Escape Handling in Java and many more… Jan 29, 2024
• 👩‍💻IW Weekly #92: Cloudflare Pages Vulnerabilities Analysis, CORS Cache Exploitation Automating RTFM with ChatGPT, Shrewdeye Bash, XSS to ATO, Bypassing Door Passwords and many more… Jan 8, 2024
• 👩‍💻IW Weekly #92: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more… Dec 25, 2023
• 👩‍💻IW Weekly #91: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more… Dec 25, 2023
• 👩‍💻IW Weekly #90: Django Debug Mode, Attacking The Rsync Service, DOM XSS to Stored XSS, CVE-2022-2216, Hacking AWS & Kubernetes, Twitter’s XSS + CSRF Leads to Account Takeover and many more… Dec 18, 2023
• 👩‍💻IW Weekly #89: Business Logic Vulnerability, DNS Poisoning, XSS Exploitation to Steal Credentials, Payment Processor Hacking, Second Order SQL Injections, Blind CSS Exfiltration, Symfony Exploits and many more… Dec 11, 2023
• 👩‍💻IW Weekly #88: Process Injection, Race Condition, CLRF to XSS in Snapchat, Active Directory Guide, Main App Hacking Methodology, CSP Research, CORS Misconfigurations and many more… Dec 4, 2023
• 👩‍💻IW Weekly #86: CVE-2023-46729, Hacked Google’s Bug Tracking System, Outsmarting AI Models, Sandbox Escaping, Self-Redirect to XSS, Critical 0-day XXE to SSRF and many more… Nov 20, 2023
• 👩‍💻IW Weekly #85: LFI to RCE, DoS Bugs, RXSS on Microsoft, Race Conditions, Finding Leaked Tokens, Bypassing URL Parsers and many more… Nov 13, 2023
• Bug Bytes #216 – SQL injections, Android XSS and Writing Quality Reports Nov 2, 2023
• 👩‍💻IW Weekly #82: Single Packet Attack, Nuclei v3, DOM XSS, IDOR Insights, Bypassing CSP, AI & Hacking, Android App Hacking and many more… Oct 23, 2023
• 👩‍💻IW Weekly #80: Broken Access Control, XSS Basics, GraphQL Introspection Query, RCE Vulnerabilities, XSS Challenge, Scanners for Web Security Research and many more … Oct 9, 2023
• Bug Bytes #213 – Hacking a Prison, XSS on steroids, CAIDO free for students and Bogus CVEs Oct 4, 2023
• Bug Bytes #212 – XSS Payloads, IDOR prediction and Cloud Security Sep 27, 2023
• 👩‍💻IW Weekly #75: Privilege Escalation by request manipulation, PII Disclosure by manipulating parameters, PII leak using misconfigured API, CRLF to XSS, Blind SSRF with Out-of-band Detection and many more.. Sep 4, 2023
• 👩‍💻IW Weekly #71: Introduction to AD pentesting, XSS via exported activity, using HOTW to leak CSRF token, full access to airline points, SSRFs and many more.. Aug 7, 2023
• 👩‍💻IW Weekly #69: OpenSSH RCE, Xamarin Applications Reverse Engineering, Puzzled XSS, CVE-2023-3519 analysis, XSS and CORS bypass and many more.. Jul 24, 2023
• 👩‍💻IW Weekly #68: Account Takeover using Custom OTP, CVE-2023-36934, Investigating EC2 , XSS in hidden inputs , macOS user's real name brute-forced with mDNS and many more.. Jul 17, 2023
• Exploiting XSS in hidden inputs and meta tags Jul 11, 2023
• 👩‍💻IW Weekly #67: Joining Google as Red Teamer, Finding 100 vulnerabilities, Tale of DOM-XSS, Impactful SSRF, Busting fake Privacy Policy and many more.. Jul 10, 2023
• 👩‍💻IW Weekly #66: Citrix Gateaway-XSS, Web cache Deception, DNS Analyzer, ATO to XSS in GarphQL API, AWS S3 Bucket Leaks, $250K Coinbase API Hack and many more… Jul 3, 2023
• Reversing Citrix Gateway for XSS Jun 29, 2023
• A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF... May 5, 2023
• DOM-XSS in Instant Games due to improper verification of supplied URLs Jan 29, 2023
• I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS Dec 17, 2022
• Our favourite community contributions to the XSS cheat sheet Oct 3, 2022
• Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library Sep 21, 2022
• New XSS vectors Apr 20, 2022
• Solving DOM XSS Puzzles Feb 3, 2022
• Dalfox – Hacker Tools: XSS Scanning Made Easy 👩‍💻 Sep 14, 2021
• Finding DOM Polyglot XSS in PayPal the Easy Way Jun 30, 2021
• The $12,000 Intersection between Clickjacking, XSS, and Denial of Service Jul 4, 2018
• Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144) Feb 7, 2015