Chaining Bugs to Steal Yahoo Contacts!
👨🏻💻 Introduction & Background:This is a write-up of how I chained two vulnerabilities (an XSS and a CORS misconfiguration) that allowed me to steal contacts from a victim's contact book. This data included: names, phone numbers, addresses, etc. ✗ Cross-Origin-Resource SharingCross-Origin Res…