Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5092Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities XSS CSP bypass Airbnb Brett Buerhaus (@bbuerhaus) Bug Bounty2017-03-082023-06-13
5044Making an XSS triggered by CSP bypass on Twitter. XSS CSP bypass Twitter tbmnull Bug Bounty2017-07-062023-06-13
4804Bypass CSP by Abusing XSS Filter in Edge CSP bypass Microsoft Xiaoyin Liu (@general_nfs) Bug Bounty2018-04-152023-06-13
4716XSS in Google Colaboratory + CSP bypass XSS CSP bypass Google Michał Bentkowski (@SecurityMB) Bug Bounty2018-06-212023-06-13
4555Applying a small bypass to steal Facebook Session tokens in Uber XSS CSP bypass OAuth Uber Samuel (@saamux) Bug Bounty2018-10-022023-06-13
4544My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY Reflected XSS CSP bypass NA Ali Tütüncü(@alicanact60) Bug Bounty2018-10-072023-06-13
4361Bypass Content Security Policy framing restriction rule - OLX CSP bypass OLX Taha Ibrahim Draidia Bug Bounty2019-01-172023-06-13
4277How I alert(1) in Azure DevOps XSS CSP bypass Microsoft SpyD3r (@TarunkantG) Bug Bounty2019-02-262023-06-13
4121Bypassing CSP with policy injection CSP bypass Paypal Gareth Heyes (@garethheyes) Bug Bounty2019-06-052023-06-13
3687Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access Stored XSS CSP bypass Open redirect RCE Meta / Facebook Gal Weizman (@WeizmanGal) Bug Bounty2020-02-042023-06-13
3668CVE-2019-18426 - WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE RCE Stored XSS CSP bypass Arbitrary file read Open redirect Security code review Meta / Facebook (WhatsApp) Gal Weizman (@WeizmanGal) Bug Bounty2020-02-142023-06-13
3579Executing scripts in Safari Reader Mode to CSP Bypass XSS CSP bypass Apple Nikhil Mittal (@c0d3G33k) Bug Bounty2020-03-282023-06-13
3232CSP Bypass Vulnerability in Google Chrome Discovered - Almost Every Website In The World Was At Risk CSP bypass Google Gal Weizman (@WeizmanGal) Bug Bounty2020-08-102023-06-13
3186My Hacking Adventures With Safari Reader Mode CSP bypass SOP bypass Apple Nikhil Mittal (@c0d3G33k) Bug Bounty2020-08-272023-06-13
3178CVE-2020-6519 - Chromium 83 Zero Day Full CSP Bypass Cross Platforms CSP bypass Google (Chrome & Chromium) Gal Weizman (@WeizmanGal) Bug Bounty2022-09-022023-06-13
3132Chains on Chains: Chaining multiple low-level vulns into a Critical. Blind XSS CSP bypass Lack of rate limiting Exposed JWT generation endpoint JWT NA Daniel Marte (@Masonhck3571) Bug Bounty2020-09-262023-06-13
2981"Important, Spoofing" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams RCE Stored XSS CSP bypass CSTI Microsoft Oskars Vegeris Bug Bounty2020-12-072023-06-13
2976Content-Security-Policy Bypass to perform XSS using MIME sniffing XSS CSP bypass NA Kleiton Kurti (@kleiton0x7e) Bug Bounty2020-12-102023-06-13
2623Playing With iframes: Bypassing Content-Security-Policy CSP bypass Open redirect HTML injection NA JM Sanchez / 0xEchidonut (@jmrcsnchz) Bug Bounty2021-04-202023-06-13
2519The beauty of chaining client-side bugs CRLF injection XSS CSP bypass DoS CSTI NA Master SEC (@MasterSEC_AR) Bug Bounty2021-05-292023-06-13
2507XSS in the AWS Console XSS CSP bypass CSTI AWS Nick Frichette (@frichette_n) Bug Bounty2021-06-022023-06-13
2436Finding DOM Polyglot XSS in PayPal the Easy Way DOM XSS CSP bypass Paypal Gareth Heyes (@garethheyes) Bug Bounty2021-06-302023-06-13
2362Bug Bounty Stories #1: Tale of CSP bypass in an electron app! CSP bypass NA SecurityGOAT (@RuntimeSecurity) Bug Bounty2021-07-312023-06-13
2070The tale of CVE-2021–34479 (VSCode XSS) XSS CSP bypass Microsoft Daniel Santos (@bananabr) Bug Bounty2021-11-172023-06-13
1509Bypass CSP Using WordPress By Abusing Same Origin Method Execution CSP bypass Same Origin Method Execution WordPress Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-05-292023-06-13