Protected: Tricky out-of-band RCE via Java EL injection

This content is password protected. To view it please enter your password below:


OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect

This finding was a part of Hack the World 2017 event. TL;DR: it was possible to leak Facebook access_token to the external domain, and authorize on the site on behalf of the user using this token.


Improving your success as bug bounty hunter

The big count of the bug bounty hunters usually does not care about their report quality. I was no exception. … 


How the bug on the CloudFlare «Always Online» page could lead to Unvalidated Redirect on the any site including

Hello. This finding was closely related to the , but used the flaw in the URL parsing on the CloudFlare error page. … 


One more way to exploit a Stored Self-XSS

Self-XSS is better than no XSS. ©Captain Obvious.

Hello. In this blog post, I will describe one more way to exploit the Self-XSS. Usually, this type of XSS is underestimated because of self-exploitation only.
However, there are a lot of ways to convert it to the good XSS. Things which can be useful in chains: … 


How Access Control issue in the Facebook game turned me from the dev to the security researcher

Hello. Since it is my first blog post, I’ll start my stories from the beginning – from the first bug, which made me seriously think about infosec career. …