In the name of Allah, the Most Gracious, the Most Merciful. I. ABSTRACT In our daily life, many people are often finding some difficulties to manage...
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)
- IDOR (at Private Bug Bounty Program) that could Leads to Personal Data Leaks
- Ribose – IDOR with Simple CSRF Bypass – Unrestricted Changes and Deletion to other Photo Profile
- Bypassing the Current Password Protection at PayPal Tech-Support
- Information Disclosure at PayPal and Xoom (PayPal Acquisition) via Simple Google Dork – 1,000 USD
Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting
Twitter disclosed a bug submitted by zlz: https://hackerone.com/reports/712979 - Bounty: $560 #hackerone #bugbounty
Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty
The Bug That Exposed Your PayPal Password
Yahoo — Two XSSi vulnerabilities https://link.medium.com/jFkPeGsUv3
The 27th HTB box I solve in preparation for the OSCP.
Initial Foothold - vsftpd 2.3.4 backdoor
Privilege Escalation - Loose permissions and insecure storage of Certificate Authority (CA) key + LFI + security misconfiguration of scheduled task.