bug-bounty448
google356
microsoft314
facebook264
xss238
apple180
malware175
rce149
exploit127
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
stored-xss65
supply-chain65
authentication-bypass63
dos60
reflected-xss57
browser57
react50
cloudflare49
input-validation48
cross-site-scripting48
reverse-engineering48
access-control47
docker46
aws45
smart-contract45
node44
ethereum43
web343
defi42
web-security42
sql-injection42
web-application41
ssrf38
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure34
race-condition33
html-injection33
buffer-overflow33
writeup32
cloud32
oauth32
smart-contract-vulnerability32
information-disclosure30
0
8/10
A creative XSS exploitation technique that transforms a reflected/stored XSS vulnerability in Swisscom's Bluewin webmail into a self-propagating worm via malicious attachment filenames. The worm leverages unescaped angle brackets in attachment metadata to inject JavaScript that can automatically enumerate and send itself to other users' contacts.
xss
worm
web-application-vulnerability
bug-bounty
webmail
self-propagating
attachment-injection
dom-based-xss
email-exploitation
proof-of-concept
Swisscom
Bluewin
webmail.bluewin.ch
rich-v01.bluewin.ch
Nicolas Heiniger
Alexandre
Florian
BlackAlps