Posts

• Jul 3, 2020

  AVideo < 8.9 Privilege Escalation and File Inclusion that led to RCE

• Jun 1, 2020

  Careem AWS S3 Bucket Takeover

• May 25, 2020

  Moodle DOM Stored XSS to RCE

• Apr 19, 2020

  Intigriti Easter XSS Challenge Write-up

• Jan 13, 2020

  myClock XSS Challenge Solution Write-Up

• Jun 26, 2018

  Take Advantage of Out-of-Scope Domains in Bug Bounty Programs

• Feb 10, 2018

  Obtaining WordPress CSRF Tokens for Fun, $1337 bounty, and CVE-2017-5489

• Oct 11, 2017

  Leaking Amazon.com CSRF Tokens Using Service Worker API

• Nov 11, 2016

  Hijack Vimeo Private Videos using Flash

• Oct 23, 2016

  Hack.me XSS Challenge | Solution

• Sep 21, 2016

  Vine Re-auth Bypass [Twitter Bug Bounty]

• Jun 23, 2016

  Medium 1-Click Full Account Takeover

• Feb 12, 2016

  How I Hacked Oculus, eBay, and IBM OAuth

• Nov 16, 2015

  Cloudflare WAF XSS

• Aug 3, 2015

  One Payload to XSS Them All!

• Aug 1, 2015

  Blind SQL Injection in Hootsuite Learning Platform

• Aug 6, 2014

  Flickr XSRF to Change Photo Details

subscribe via RSS