Multiple Severe Vulnerabilities in MonkeyType.Com Chat Based XSS, Auth bypass, User Spoofing - Write-ups and Disclosures - @disclose_io Community Forum

I published the original article over at my independent research project obsrva.org Executive Overview In May 2021, independent security researcher Tyler Butler found several critical vulnerabilities in monkeytype.com, a popular open-source typing-test application with a booming community of over 100k daily unique visitors. The vulnerabilities included stored cross-site scripting and user impersonation in the tribe chat room feature, as well as an authentication bypass vulnerability enablin

Account Takeover Vulnerability in OpenAI ChatGPT

WebGoat Form-based Authentication - missing something!

USENIX Security '19 - Iframes/Popups Are Dangerous in Mobile WebView: Studying and

버그바운티(Bug Bounty) Write-up / DOM Based XSS ($500) — 보안과 개발을 다 하고싶은 욕심쟁이

Stored Cross-Site Scripting (XSS) via Tribe Chat · Issue #1476 · monkeytypegame/monkeytype · GitHub

CVE-2022-3415] WordPress Plugin Chat Bubble 2.2 – Unauthenticated Stored Cross-Site Scripting – INFAYER

Solving PortSwigger's '2FA bypass using a brute-force attack' Lab with OWASP ZAP, by cerulean

AWS S3 bucket writeable for authenticated aws users - Bug Bounty POC

Text Based Injection, Content Spoofing, Low Impact Common Web Vulnerability, by Rishu Ranjan

System.Net.WebException : The remote server returned an error: (400) Bad Request. Dot Net ShareFile API - ShareFile API - Discussions

Anti-Malware Security and Brute-Force Firewall – Wtyczka WordPress

Account Takeover Vulnerability in OpenAI ChatGPT

Multiple Severe Vulnerabilities in MonkeyType.Com Chat Based XSS, Auth bypass, User Spoofing - Write-ups and Disclosures - @disclose_io Community Forum

A short story about an XSS in chat.mozilla.org (CVE-2021-21320)

Zed Attack Proxy (OWASP - ZAP) - XML Connector – Kenna FAQ