infosec write-ups and ramblings



Chaining Bugs to Steal Yahoo Contacts!

👨🏻‍💻 Introduction & Background:This is a write-up of how I chained two vulnerabilities (an XSS and a CORS misconfiguration) that allowed me to steal contacts from a victim's contact book. This data included: names, phone numbers, addresses, etc. ✗ Cross-Origin-Resource SharingCross-Origin Res…

Corben Leo Corben Leo