A blind time-based SQL injection vulnerability was discovered in a file upload feature where the application stored the filename parameter in a database without proper sanitization. The vulnerability was confirmed by bypassing a Cloudflare WAF configuration issue and using SQL sleep payloads to measure response time differences.
A bug bounty hunter describes finding 5 stored XSS vulnerabilities on a private program worth $1,016.66 each, including techniques for bypassing input filters through payload placement, encoding variations (<), file upload abuse (.xhtml), and filter evasion by targeting unsanitized HTML in notifications.
A researcher discovered a stored XSS vulnerability in Twitter that could be weaponized as a self-propagating worm by exploiting flawed HTML tag stripping in the Welcome Message deeplink feature, combined with a JSONP endpoint vulnerability on a whitelisted subdomain to bypass the CSP policy. The attack chained multiple input validation bypasses and DOM manipulation techniques to achieve arbitrary JavaScript execution.
A security researcher discovered a stored XSS vulnerability in an online store's address field, bypassing a 20-character input length restriction using a short Punycode domain (<script src=//ł.rip>) and crafting a custom cookie-stealing payload. Although the XSS was confirmed to work, the vendor rejected it as 'self-XSS' and marked it as won't fix.