bug-bounty498
google351
xss301
microsoft293
facebook262
rce211
exploit199
malware170
apple162
cve136
account-takeover115
bragging-post102
privilege-escalation95
csrf90
phishing86
browser75
writeup74
authentication-bypass69
supply-chain67
dos66
stored-xss65
reflected-xss57
ssrf56
reverse-engineering55
access-control52
react52
input-validation49
cross-site-scripting48
cloudflare47
aws47
web-security46
docker46
lfi46
smart-contract45
sql-injection45
ethereum44
web-application44
node43
ctf43
defi43
oauth43
web343
pentest40
race-condition39
open-source38
cloud37
idor37
burp-suite36
info-disclosure36
vulnerability-disclosure35
0
5/10
bug-bounty
A reflected XSS vulnerability on Twitter's dev.twitter.com was discovered by exploiting inconsistent URL parsing between Location headers and href attributes in 302 redirects, combined with port manipulation and clickjacking to trigger execution. The payload leveraged a trailing slash and special characters to bypass Twitter's XSS filters, earning a $1,120 bounty.
xss
cross-site-scripting
url-parsing
http-redirect
302-redirect
location-header
clickjacking
payload-bypass
bug-bounty
bragging-post
Twitter
dev.twitter.com
Bywalks
bobrov