HackerOne Vulnerability: Common Response Title Leak through Triggers · October 15, 2014 · Bug Bounty Elevation of Privilege HackerONe ·

Facebook FriendFeed Stored XSS · August 8, 2014 · Bug Bounty XSS Facebook API FriendFeed

Facebook MailChimp Application OAuth 2.0 Misconfiguration · August 8, 2014 · Bug Bounty Facebook OAuth MailChimp

Flipkart.com - Elevation of Privilege · March 27, 2014 · Elevation of Privilege Flipkart In-direct object reference

SSRF/XSPA in MailChimp · February 18, 2014 · OAuth MailChimp SSRF/XSPA

PayPal CSRF aids in account takeover! · September 21, 2013 · Bug Bounty CSRF PayPal

Triggering an unexploitable DOM-based XSS in Rediff Blogs automagically · June 28, 2013 · XSS Rediff DOM

Pwning Facebook accounts, taking a little help from Quora · June 13, 2013 · Open Redirect Facebook Quora OAuth

Flash-based XSS Mayhem: Most Security Solution Vendors Vulnerable · June 6, 2013 · XSS Anti-Virus Flash

Dropbox for Business Mailing List Unsubscribe Users (Permission Issue) · May 21, 2013 · Bug Bounty Dropbox Elevation of Privilege