bug-bounty450
google358
microsoft315
facebook265
xss239
apple181
malware172
rce149
exploit130
bragging-post101
cve99
account-takeover93
phishing82
csrf79
privilege-escalation77
supply-chain64
stored-xss64
authentication-bypass62
dos60
reflected-xss57
browser56
react50
cloudflare49
reverse-engineering48
input-validation48
cross-site-scripting48
access-control47
docker46
node45
aws45
smart-contract45
web344
ethereum43
defi42
sql-injection42
web-security40
ssrf40
web-application40
burp-suite35
info-disclosure34
vulnerability-disclosure34
idor34
html-injection33
race-condition33
buffer-overflow33
cloud33
smart-contract-vulnerability32
oauth32
writeup32
information-disclosure30
0
5/10
A bug bounty hunter demonstrates chaining self-XSS to blind XSS in an admin panel via HTML entity encoding bypass, then discovers a reflected XSS on an undiscovered subdomain using KNOXSS payload analysis, earning $700 total. The writeup focuses on practical payload techniques and methodology rather than detailed technical analysis.
xss
blind-xss
reflected-xss
self-xss
html-entities
payload-crafting
waf-bypass
cookie-theft
admin-panel
bug-bounty
bragging-post
KNOXSS
Sublist3r
Skeletorkeys
Friendly