Analysis of an Atlassian Crowd RCE - CVE-2019-11580
👋🏼 introduction:
Recently I came across an Atlassian Crowd application while I was doing recon. If you’re not familiar with Crowd, it is a centralized identity management application that...
“CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter
XSS to XXE in Prince v10 and below (CVE-2018-19858)
Introduction:
This is a vulnerability I found while participating in a bug-bounty program earlier this year. It affects Prince, a software that converts “HTML, XHTML, or one of the...
Advanced CORS Exploitation Techniques
preface:
I’ve seen some fantastic research done by Linus Särud and by Bo0oM on how Safari’s handling of special characters could be abused.
Chaining Bugs to Steal Yahoo Contacts!
👨🏻💻 Introduction & Background:
This is a write-up of how I chained two vulnerabilities (an XSS and a CORS misconfiguration) that allowed me to steal contacts from a victim’s contact book. This data included: names,...
Hacking the Hackers: Leveraging an SSRF in HackerTarget
💻 Introduction:
This is a write-up of an SSRF I accidentally found in HackerTarget and leveraged to get access to internal services! Please note that they don’t have an active bug bounty program.
🤔...
SQL Injection in rog.asus.com
🔎 Introduction & Background
To get started, I’ll give a bit of backstory behind this. I found this bug back in January of 2017 and was one of the first reports I made to...
Tricky CORS Bypass in Yahoo! View
Recently, HackerOne hosted their second Hack The World competition. During this time I decided to take a look at Yahoo’s bug bounty program because I have heard good things about them and also due to...