Protected: Tricky out-of-band RCE via Java EL injection

This content is password protected. To view it please enter your password below:

 

Protected: OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect

There is no excerpt because this is a protected post.

 

Improving your success as security researcher and bug bounty hunter

The big count of the bug bounty hunters usually does not care about their report quality. I was no exception. … 

 

How the bug on the CloudFlare «Always Online» page could lead to Unvalidated Redirect on the any site including hacker.one

Hello. This finding was closely related to the https://hackerone.com/reports/214620 , but used the flaw in the URL parsing on the CloudFlare error page. … 

 

One more way to exploit a Stored Self-XSS

Self-XSS is better than no XSS. ©Captain Obvious.

Hello. In this blog post, I will describe one more way to exploit the Self-XSS. Usually, this type of XSS is underestimated because of self-exploitation only.
However, there are a lot of ways to convert it to the good XSS. Things which can be useful in chains: … 

 

How Access Control issue in the Facebook game turned me from the dev to the security researcher

Hello. Since it is my first blog post, I’ll start my stories from the beginning – from the first bug, which made me seriously think about infosec career. …