Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO)

Self-XSS to ATO via Site Features

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

CSRF Bypass Using Domain Confusion Leads To ATO

How Almost Sacrificing a University Group Project led to a Microsoft Bug Bounty

Interesting Story of an Account Takeover Vulnerability