bug-bounty448
google356
microsoft314
facebook263
xss238
apple180
malware174
rce149
exploit127
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
stored-xss65
supply-chain65
authentication-bypass63
dos60
reflected-xss57
browser57
react50
cloudflare49
input-validation48
cross-site-scripting48
reverse-engineering48
access-control47
aws45
docker45
smart-contract45
node44
web343
ethereum43
sql-injection43
web-security42
defi42
web-application41
ssrf38
burp-suite35
vulnerability-disclosure34
idor34
race-condition33
info-disclosure33
buffer-overflow33
html-injection33
oauth32
writeup32
cloud32
smart-contract-vulnerability32
information-disclosure30
0
8/10
Security researchers discovered an SSRF vulnerability on Airbnb's chat endpoint by chaining a third-party open redirect in LivePerson's API with path traversal via encoded backslashes, enabling arbitrary requests from the Airbnb server. The attack exploited LivePerson's visitorWantsToChat redirect parameter and path parameter traversal to bypass intended API boundaries.
ssrf
open-redirect
chaining
path-traversal
api-security
liveperson
airbnb
javascript-analysis
endpoint-discovery
Airbnb
LivePerson
Ben Sadeghipour
Brett Buerhaus
0
8/10
Airbnb when bypassing json encoding XSS filter WAF CSP and auditior turns into eight vulnerabilities
vulnerability
A detailed technical writeup on chaining eight XSS vulnerabilities at Airbnb by sequentially bypassing JSON encoding, XSS filters, WAF protection using null-byte injection, CSP rules, and Chrome's XSS auditor through the listing_frame embeddable endpoint. The exploitation leverages semicolon injection, null-byte WAF evasion, JSON encoder quirks, and CSP weaknesses.
xss
csp-bypass
waf-bypass
json-encoding-bypass
null-byte-injection
chrome-xss-auditor
content-security-policy
web-application-firewall
airbnb
embeddable-endpoint
multi-layer-bypass
Airbnb
Ben Sadeghipour
Brett Buerhaus
HackerOne
Chrome XSS Auditor