Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5197XSS without HTML: Client-Side Template Injection with AngularJS CSTI XSS Google Gareth Heyes (@garethheyes) Bug Bounty2016-01-272023-06-13
4469XSS in hidden input fields XSS NA Gareth Heyes (@garethheyes) Bug Bounty2018-11-162023-06-13
4121Bypassing CSP with policy injection CSP bypass Paypal Gareth Heyes (@garethheyes) Bug Bounty2019-06-052023-06-13
2436Finding DOM Polyglot XSS in PayPal the Easy Way DOM XSS CSP bypass Paypal Gareth Heyes (@garethheyes) Bug Bounty2021-06-302023-06-13
1471Bypassing CSP with dangling iframes CSP bypass Google Mozilla Gareth Heyes (@garethheyes) Bug Bounty2022-06-142023-06-13
1443Widespread prototype pollution gadgets Prototype pollution NA Gareth Heyes (@garethheyes) Bug Bounty2022-06-212023-06-13
1410Bypassing Firefox%27s HTML Sanitizer API XSS Mozilla Gareth Heyes (@garethheyes) Bug Bounty2022-06-292023-06-13
1144Using Hackability to uncover a Chrome infoleak SOP bypass Google Gareth Heyes (@garethheyes) Bug Bounty2022-09-012023-06-13
881Safari is hot-linking images to semi-random websites Browser hacking XSS Apple Gareth Heyes (@garethheyes) Bug Bounty2022-10-312023-06-13
826Stealing passwords from infosec Mastodon - without bypassing CSP HTML injection Mastodon infosec.exchange Gareth Heyes (@garethheyes) Bug Bounty2022-11-152023-06-13
441Server-side prototype pollution: Black-box detection without the DoS Server-side prototype pollution RCE NA Gareth Heyes (@garethheyes) Bug Bounty2023-02-152023-06-13
269Exploiting prototype pollution in Node without the filesystem Server-side prototype pollution RCE NA Gareth Heyes (@garethheyes) Bug Bounty2023-03-232023-06-13
147Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO CSP bypass Piwik Gareth Heyes (@garethheyes) Bug Bounty2023-04-282023-06-13
27Bypassing CSP via DOM clobbering DOM Clobbering CSP bypass NA Gareth Heyes (@garethheyes) Bug Bounty2023-06-052023-06-13