Back to directory
WRITEUP #6328

Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities

XSSCSP bypass
by@bbuerhaus(Brett Buerhaus)
Program
Airbnb
Published
Mar 8, 2017
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/
RELATED WRITEUPS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass
Type confusion attacks in ProseMirror editors
XSSType confusion
Self-XSS to ATO via Site Features
XSSSelf-XSS
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS

Built with ❤️ by Shubham Rawat