| 5128 | Exploiting CORS misconfigurations for Bitcoins and bounties |
CORS misconfiguration |
NA |
James Kettle (@albinowax) |
Bug Bounty | 2016-10-12 | 2023-06-13 |
| 5124 | Backslash Powered Scanning: hunting unknown vulnerability classes |
- |
NA |
James Kettle (@albinowax) |
Bug Bounty | 2016-11-04 | 2023-06-13 |
| 5016 | Cracking the lens: targeting HTTP%27s hidden attack-surface |
Reflected XSS
SSRF |
Yahoo! / Verizon Media
BT
New Relic |
James Kettle (@albinowax) |
Bug Bounty | 2017-07-27 | 2023-06-13 |
| 4644 | Practical Web Cache Poisoning |
Web cache poisoning |
Mozilla
HubSpot
Cloudflare
Binary.com
Amazon (CloudFront) |
James Kettle (@albinowax) |
Bug Bounty | 2018-08-09 | 2023-06-13 |
| 4545 | Bypassing Web Cache Poisoning Countermeasures |
Web cache poisoning |
Cloudflare |
James Kettle (@albinowax) |
Bug Bounty | 2018-10-05 | 2023-06-13 |
| 3866 | Responsible denial of service with web cache poisoning |
DoS
Web cache poisoning |
Tesla
HackerOne
Deliveroo
Bitbucket
Paypal
Meta / Facebook
Twitter |
James Kettle (@albinowax) |
Bug Bounty | 2019-10-24 | 2023-06-13 |
| 3819 | Cracking reCAPTCHA, Turbo Intruder style |
Captcha bypass
Race condition |
Google |
James Kettle (@albinowax) |
Bug Bounty | 2019-11-20 | 2023-06-13 |
| 1254 | Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling |
HTTP Request Smuggling
Desync attack |
AWS
Amazon
Akamai
Cisco
Verisign
Pulse Secure
Varnish |
James Kettle (@albinowax) |
Bug Bounty | 2022-08-10 | 2023-06-13 |
| 1121 | How to turn security research into profit: a CL.0 case study |
HTTP request smuggling
Desync attack |
NA |
James Kettle (@albinowax) |
Bug Bounty | 2022-09-08 | 2023-06-13 |
| 1048 | Making HTTP header injection critical via response queue poisoning |
HTTP header injection
HTTP request smuggling |
NA |
James Kettle (@albinowax) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
| 932 | HTTP/3 connection contamination: an upcoming threat? |
HTTP connection contamination |
NA |
James Kettle (@albinowax) |
Bug Bounty | 2022-10-19 | 2023-06-13 |
