Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript January 16, 2024February 25, 2024
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More January 3, 2023June 30, 2025
Airbnb – Web to App Phone Notification IDOR to view Everyone’s Airbnb Messages March 31, 2017February 25, 2024
Airbnb – Ruby on Rails String Interpolation led to Remote Code Execution March 13, 2017February 25, 2024
Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat March 9, 2017February 25, 2024
Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities March 8, 2017February 25, 2024
