Write-ups of my findings -: HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites HTTP Desync Attack (Request Smuggling) - Mass Session Hijacking at Foxycart Web Cache Poisoning - Capability to disable/deface the app.vulnerable.com (A tale of poisoning through the layers of caching) XSSI (Cross Site Script Inclusion) to Steal AccessToken and More Account Takeover at https://trello.com