clover | AHB | ~root@clover:

Oliver Buchannon

clover

account takeover

+3

🔗 Chaining Open Redirect & Self-XSS for High One-Click Account Takeover

Dec 10, 2025

•

6 min read

🔗 Chaining Open Redirect & Self-XSS for High One-Click Account Takeover

A Hacker's Blog | ~root@clover:

clover

Chaining Open Redirect to XSS: A $XXX Phishing Nightmare

Apr 29, 2025

•

6 min read

Chaining Open Redirect to XSS: A $XXX Phishing Nightmare

A Hacker's Blog | ~root@clover:

Popping Alerts in a Login Flow: $$$ for a Reflected XSS

Apr 25, 2025

•

5 min read

Popping Alerts in a Login Flow: $$$ for a Reflected XSS

A Hacker's Blog | ~root@clover:

Cross-Origin Jackpot: $1,500 for a CORS Misconfiguration

Oct 30, 2024

•

9 min read

Cross-Origin Jackpot: $1,500 for a CORS Misconfiguration

A Hacker's Blog | ~root@clover:

Breaking the Bug Bounty Burnout: Finding Balance Outside the Screen

Oct 2, 2024

•

10 min read

Breaking the Bug Bounty Burnout: Finding Balance Outside the Screen

A Hacker's Blog | ~root@clover:

My First Duplicate on a Bug Bounty Program! (Ring) | ~root@clover:

Sep 16, 2024

•

7 min read

My First Duplicate on a Bug Bounty Program! (Ring) | ~root@clover:

A Hacker's Blog | ~root@clover:

My first ever paid bug report! | $50 for a critical?!

Sep 9, 2024

•

10 min read

My first ever paid bug report! | $50 for a critical?!

A Hacker's Blog | ~root@clover:

the-journey-begins.md | ~root@clover:

Sep 2, 2024

•

6 min read

the-journey-begins.md | ~root@clover:

A Hacker's Blog | ~root@clover: