Chaining a self XSS to Account Takeover

Self-XSS to ATO via Site Features

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

Self XSS + Login CSRF + OAuth = Account Takeover

Interesting Story of an Account Takeover Vulnerability

How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack