R29k

Blog

Account Takeover

Account Takeover by Chaining Two IDORs

Privilege Escalation via Stored XSS

From Finding AWS S3 Bucket to Sensitive Data Exposure

Escalating Self-XSS To Stored XSS via Image Injection + IDOR

Wayback Machine To Account Takeover

CVE-2020-28722, CVE-2021-36696 and CVE-2021-36695

SSTI to LFI

CSRF + Open Redirect to Account Takeover