Researcher discovered SQL injection in Razer's admin panel by bypassing redirect-to-login protections using the Noredirect browser extension, allowing access to sensitive data including game keys and user credentials via the /source-data/view endpoint.
Researcher discovered a CSRF vulnerability in a user deletion module lacking CSRF tokens, combined with numeric user ID brute-forcing to delete all application users. The attack bypassed X-Frame-Options and origin validation by using iframe-targeted requests.
A bug bounty hunter demonstrates chaining self-XSS to blind XSS in an admin panel via HTML entity encoding bypass, then discovers a reflected XSS on an undiscovered subdomain using KNOXSS payload analysis, earning $700 total. The writeup focuses on practical payload techniques and methodology rather than detailed technical analysis.