Back to directory

WRITEUP #1940

Stealing passwords from infosec Mastodon - without bypassing CSP

OtherHTML injection

by@garethheyes(Gareth Heyes)

Program

Mastodoninfosec.exchange

Published

Nov 15, 2022

Added to HackDex

Nov 17, 2022

Read Full Writeuphttps://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

▸ RELATED WRITEUPS

500$ From Meta by reporting a HTMLi(Accidental Bug)

OtherHTML injection

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Built with ❤️ by Shubham Rawat