bug-bounty484
google314
xss279
microsoft259
facebook219
rce172
apple153
exploit142
malware107
bragging-post102
account-takeover100
cve89
csrf84
privilege-escalation80
authentication-bypass66
stored-xss65
writeup62
phishing57
reflected-xss57
browser55
react54
dos53
ssrf52
access-control50
input-validation49
cloudflare49
cross-site-scripting48
supply-chain47
node47
aws46
docker46
sql-injection45
smart-contract45
ethereum44
web-security43
oauth43
web-application43
defi43
web340
reverse-engineering39
lfi37
burp-suite36
idor36
vulnerability-disclosure35
html-injection33
race-condition33
csp-bypass32
smart-contract-vulnerability32
clickjacking31
information-disclosure30
0
7/10
bug-bounty
A bug bounty hunter discovered a stored XSS vulnerability in a Drupal application by chaining cache poisoning with an unreflected HTTP header (style) discovered via Param Miner brute-forcing, allowing arbitrary XSS payloads to be cached and served to all users visiting a poisoned URL.
cache-poisoning
stored-xss
drupal
http-header-injection
bug-bounty
web-vulnerability
cache-exploitation
parameter-discovery
burp-suite
Rohan Aggarwal
Drupal
Rails
Param Miner
Burp Suite
HackerOne
Zend
X-Original-URL
X-Rewrite-URL