About Me
YoKo has spent more than 9 years (from total of more than 12 years) in information security field, focused in risk from security testing point of...
July 25, 2014
Tagged: About Me
Search
Recent Posts
- Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data
- From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration
- From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
Categories
- About Me (3)
- Achievements (2)
- Bug Report (27)
- Desktop Apps (4)
- Mobile Apps (5)
- Random Things (8)
- Terms of Use (1)
- Web Apps (18)
- Write-Up (17)
- Write-Up in Bahasa (4)
Latest Tweets
Since it's 2021 I'd like to go ahead and disclose some bugs I wasn't able to talk about in 2020. These were issues that either got NDA'd or had long remediation timelines.
The following are quick summaries and proof of concepts for some of the simpler bugs:
@nnwakelam @Rhynorater @thedawgyg @marcioalm Struts, JBoss, UDDIExplorer (WebLogic), Redis, Memcache: https://blog.safebuff.com/2016/07/03/SSRF-Tips/