url-parameter-injection

3 articles
sort: new top best
clear filter
bug-bounty480 google303 xss278 microsoft254 facebook214 rce162 apple151 exploit137 bragging-post102 account-takeover99 malware97 csrf83 cve82 privilege-escalation76 authentication-bypass66 stored-xss65 writeup61 reflected-xss57 react54 browser54 phishing53 ssrf51 dos51 access-control50 input-validation49 cloudflare49 cross-site-scripting48 docker46 aws46 node46 smart-contract45 sql-injection45 ethereum44 defi43 web-application43 web-security43 supply-chain43 oauth41 web339 reverse-engineering37 burp-suite36 lfi35 vulnerability-disclosure35 idor35 html-injection33 race-condition32 smart-contract-vulnerability32 csp-bypass31 clickjacking31 information-disclosure30
0 6/10
Microsoft follow feature XSS (CVE-2017-8514)
vulnerability

Microsoft SharePoint's Follow feature contained a reflected XSS vulnerability (CVE-2017-8514) where the SiteName GET parameter was unsafely reflected into a JavaScript function call without proper encoding, allowing attackers to break out of the single-quoted context and inject arbitrary JavaScript via payloads like '-confirm("XSS")-'.

xss reflected-xss sharepoint microsoft url-parameter-injection javascript-context-escape cve-2017-8514
CVE-2017-8514 Microsoft SharePoint Adesh Kolte Microsoft
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details
0 5/10
Non persistent XSS at microsoft
vulnerability

Reflected XSS vulnerability found in Microsoft's research search functionality (q parameter) that bypassed client-side validation by directly injecting payloads via URL, enabling account takeover through cookie theft.

xss reflected-xss non-persistent-xss input-validation url-parameter-injection microsoft account-takeover cookie-theft
Microsoft Adesh Kolte
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details
0 8/10
How a classical XSS can lead to persistent ATO vulnerability
vulnerability

A reflected XSS vulnerability in a URL parameter was chained with multiple design flaws (tokens stored in localStorage, lack of token revocation across devices, authorization via headers instead of cookies) to achieve persistent account takeover by stealing and replaying Cognito refresh tokens. The attacker could silently exfiltrate authentication tokens while clearing localStorage to make the victim believe they were logged out.

xss reflected-xss account-takeover ato session-hijacking token-theft local-storage authorization-header amazon-cognito javascript-injection url-parameter-injection multi-device-session-management bug-bounty vulnerability-chaining
Amazon Cognito Milind Purswani Yash Sodha Angular
hackademic.co.in · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details