About Me
YoKo has spent more than 9 years (from total of more than 12 years) in information security field, focused in risk from security testing point of...
July 25, 2014
Tagged: About Me
Search
Recent Posts
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)
- IDOR (at Private Bug Bounty Program) that could Leads to Personal Data Leaks
- Ribose – IDOR with Simple CSRF Bypass – Unrestricted Changes and Deletion to other Photo Profile
- Bypassing the Current Password Protection at PayPal Tech-Support
- Information Disclosure at PayPal and Xoom (PayPal Acquisition) via Simple Google Dork – 1,000 USD
Categories
- About Me (3)
- Achievements (2)
- Bug Report (11)
- Desktop Apps (2)
- Mobile Apps (1)
- Web Apps (8)
- Write-Up (11)
Latest Tweets
#XSSI Write-ups
Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty
https://link.medium.com/g3MwS6YVK2
The Bug That Exposed Your PayPal Password
https://link.medium.com/fxCdDmwl52
Yahoo — Two XSSi vulnerabilities https://link.medium.com/jFkPeGsUv3
#bugbounty,#bugbountytips
The 27th HTB box I solve in preparation for the OSCP.
Initial Foothold - vsftpd 2.3.4 backdoor
Privilege Escalation - Loose permissions and insecure storage of Certificate Authority (CA) key + LFI + security misconfiguration of scheduled task.
https://medium.com/@ranakhalil101/hack-the-box-lacasadepapel-writeup-w-o-metasploit-214ce13e5ed?source=friends_link&sk=6e3fba215d1495deacb1b7236eb33333
<details+o%26%23112;en+o%26%23110;toggle%253dconfirm`heyo`
Tags
About Me
Achievements
Amazon S3
Authorization Issue
Avast Bug Bounty
AVG Bug Bounty
Awards
AWS
Base64 Encoding
Content Injection
CSRF
CVE-ID
Data Leakage
Extension Bypass
Fortinet Responsible Disclosure Program
Google Dork
Hackerone
Hardcoded Passcode
Honors
IDOR
Information Disclosure
Insecure Data Storage
iOS Application
Password Bypass
Paypal Bug Bounty
PHP Shell
Race Condition
RCE
Reflected XSS
Ribose Bug Bounty
SEH Overflow
Stored XSS
Tokopedia Bug Bounty
Unrestricted Files Upload
Xoom Bug Bounty
XSS
XSS via SSID