R29k
Blog
Account Takeover
Account Takeover by Chaining Two IDORs
Privilege Escalation via Stored XSS
From Finding AWS S3 Bucket to Sensitive Data Exposure
Escalating Self-XSS To Stored XSS via Image Injection + IDOR
Wayback Machine To Account Takeover
CVE-2020-28722, CVE-2021-36696 and CVE-2021-36695
SSTI to LFI
CSRF + Open Redirect to Account Takeover