DoS via GraphQL Batching
Application-level denial of service vulnerability via GraphQL batching and resource exhaustion (72x amplification).
Bug Bounties & Reports
Bug Bounty writeups and real-world pentest reports.
Bug Bounty Programs
Real Pentests
Reflected XSS & HPP
Reflected XSS and HTTP Parameter Pollution in a real e-commerce site, leading to session hijacking and cookie exfiltration.
XSS with Account Takeover
XSS vulnerability in outdated Bootstrap framework leading to complete account compromise via session hijacking.