bug-bounty481
google307
xss278
microsoft260
facebook216
rce162
apple155
exploit141
bragging-post102
malware99
account-takeover98
csrf84
cve82
privilege-escalation75
stored-xss65
authentication-bypass65
writeup61
browser58
reflected-xss57
react54
phishing53
cloudflare52
ssrf51
dos51
input-validation49
access-control49
cross-site-scripting48
node48
aws46
docker46
smart-contract45
sql-injection45
ethereum44
defi43
supply-chain43
web-security43
web-application42
oauth41
web339
reverse-engineering37
burp-suite36
lfi35
idor35
vulnerability-disclosure34
html-injection33
race-condition32
smart-contract-vulnerability32
clickjacking31
information-disclosure30
csp-bypass30
0
7/10
bug-bounty
A reflected XSS vulnerability in an OAuth2 redirect_uri parameter was escalated from simple alert injection to account takeover by extracting CSRF tokens from meta tags and automating admin user creation without authentication. The writeup demonstrates a practical methodology for showing XSS impact through functional exploitation rather than simple proof-of-concept.
reflected-xss
account-takeover
csrf-token-extraction
privilege-escalation
oauth2
javascript-protocol
admin-creation
impact-escalation
hackerone
bug-bounty-methodology
HackerOne
XMLHttpRequest
FormData