R29k Blog

Cybersecurity Writeups & Insights

Account Takeover

Account Takeover via IDORs

Privilege Escalation via XSS

S3 Bucket Exposure

Self-XSS to Stored XSS

Wayback Machine to ATO

CVE-2020-28722, CVE-2021-36696 and CVE-2021-36695

SSTI to LFI

CSRF + Open Redirect to Account Takeover

IDOR: Access to Support Tickets

Twitter Bugcrowd GitHub LinkedIn
Home