Back to directory
WRITEUP #3858

Breaking GitHub Private Pages for $35k

XSSCRLF injectionWeb cache poisoning
by@NotDeGhost(Robert Chen)
Bounty
35,000
Program
GitHub
Published
Apr 4, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://robertchen.cc/blog/2021/04/03/github-pages-xss
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass
A Story About How I Found XSS in ASUS
XSS

Built with ❤️ by Shubham Rawat