A CORS misconfiguration in Twitter's niche platform allowed attackers to bypass origin validation by leveraging subdomain prefix matching (niche.co.evil.net) to steal private user data including images, emails, and CSRF tokens synced from Facebook, Instagram, and Twitter. The vulnerability was exploited via a simple JavaScript POC that exfiltrated sensitive information when visited by logged-in users.
A bug bounty hunter discovered a stored XSS vulnerability on m.uber.com that could be chained with an arbitrary cookie installation vulnerability on business.uber.com to steal oauth2 tokens and compromise any logged-in Uber user's account. The exploit involved injecting malicious cookies via unsanitized server responses and using the XSS payload to extract sensitive authentication cookies from victims.