bug-bounty530
xss252
rce151
google132
bragging-post120
account-takeover100
microsoft97
malware96
facebook93
open-source91
privilege-escalation81
csrf77
exploit75
authentication-bypass75
cve73
stored-xss72
access-control65
ai-agents63
reflected-xss61
phishing60
web-security53
input-validation53
sql-injection49
cross-site-scripting48
apple47
smart-contract46
tool46
defi45
ethereum45
ssrf45
privacy44
web-application43
reverse-engineering43
dos42
supply-chain41
information-disclosure39
web338
llm37
responsible-disclosure37
cloudflare36
burp-suite35
api-security35
opinion35
vulnerability-disclosure34
automation34
writeup34
idor33
machine-learning32
code-generation31
denial-of-service31
0
5/10
A bug bounty writeup demonstrating methodology for finding Cross-Site Script Inclusion (XSSI) and JSONP vulnerabilities by filtering JavaScript files in Burp Suite for sensitive data exposure, with specific examples of exploiting PII leakage through script inclusion without CORS protection. The author shares practical techniques for identifying JSONP callbacks and bypassing Content-Type protections.
xssi
jsonp
cross-site-script-inclusion
web-security
bug-bounty
methodology
pii-leakage
sensitive-data-exposure
cors
content-type-sniffing
bragging-post
Omkar Bhagwat
th3_hidd3n_mist
InfoSec Write-ups
Burp Suite