A researcher discovered an SSRF vulnerability in a Jira instance and escalated it to local file read by chaining it with an internal GlassFish server exploit using double-URL encoding to bypass path traversal protections and read /etc/passwd.
Security researcher discovered a $12,000 intersection of three vulnerabilities in a bitcoin gambling website's chat system: a denial-of-service flaw via malformed URLs that crash the JavaScript client ($2,000), combined with XSS through an unvalidated external redirect endpoint and clickjacking via iframe embedding that enables session hijacking ($10,000). The researcher exploited URL encoding edge cases and double-slash bypass techniques to achieve code execution within application context.
A reflected XSS vulnerability on Amazon's masclient endpoint (/gp/masclient/dp/) allows attackers to inject arbitrary HTML/JavaScript by exploiting insufficient input validation and capitalization of product IDs. The author demonstrates cookie theft and session hijacking via SVG onload attributes with HTML entity encoding to bypass browser XSS protections.
Security researcher reverse-engineered Google Maps' custom text-based Protobuf URL encoding scheme (the exclamation-point separated parameters) to discover an XSS vulnerability, earning a $5,000 bug bounty by analyzing minified JavaScript and reconstructing the serialization protocol.
A Medium-severity XSS vulnerability in an article embedding feature that exploits the Referer header value being reflected in the response body without proper sanitization. The attack succeeds only in Internet Explorer due to its lack of URL encoding in the Referer header, allowing script injection via a malicious referrer URL.