Sending an XML payload to achieve XSS. This will only work if the site doesn't verify the Content-Type.
An old post of mine detailing how to use open url redirects to grab a users' Facebook OAuth token, to then achieve potential account takeover. I've also written a tutorial on this.
A cool find that let us inject stored XSS into a cookie value which was reflected on every page. This was essentially a "domain takeover" since we could inject into every page, redirecting them to our site, changing content persisently etc.
I saw xvideos had some CSRF protection in place for commenting which just looked for the Referer: header. An old post of mine showing how I bypassed that.
An old post written in February 2017 detailing my recent success on a Bugcrowd program. One key take-away is how IDOR is so overlooked yet it can have devasting impacts (such as being able to reveal ~millions of users' personal data)