Elber Andre discovered SSRF vulnerabilities in Slack's slash commands and event subscriptions features by bypassing IPv6 protections using HTTP redirects with the [::] notation, earning $1,000 in total bounties ($500 per vulnerability).
A detailed writeup presenting five real-world XSS vulnerabilities across different web applications, showcasing evasion techniques including mobile DOM-events not covered by blacklists, hidden input attribute injection, WAF bypass through incomplete tag closure with script src attributes, and the importance of testing overlooked functionality.
A persistent XSS vulnerability on eBay's My World profile section exploited a blacklist-based HTML filter that failed to block deprecated tags like <plaintext>, <fn>, and <credit>. The attacker chained this with event handlers, String.fromCharCode/eval to bypass character limits, missing CSRF protection, and unHTTPOnly cookies to create a self-propagating worm that could steal session tokens.