I am ᴿᴱᴺᵂᴬ, I like web
Writings
- Stored XSS in My Flow To RCE in Opera Browser #2
- Reflected XSS In Main Search, WAF+Sanitizer Bypass Using 2 Reflections
- Client Side Path Traversal (CSPT) Bug Bounty Reports and Techniques
- Arc Browser UXSS, Local File Read, Arbitrary File Creation and Path Traversal to RCE
- XSS to OAuth access token leak in office online which can be used to account takeover
- You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities
- Chatwoot postMessage XSS
- Opera Browser VPN Bypass
- Asana Electron desktop app open redirect to local file read
- The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…
- XSS to RCE in Opera Browser
- Opera Browser Local File Read and UXSS via Stored-XSS
- Facebook Messenger Desktop App Arbitrary File Read
- Copy Drag — Paste Drop
- Bypass SameSite Cookies Default to Lax and get CSRF
- Facebook Messenger exposing deleted messages using [Remove for Everyone]
- Security Fest 2019 CTF, entropian [web] write-up
- New technique to find Blind-XSS
- Self-XSS + CSRF to Stored XSS