Все публикации

XSS on Home

XSS on Home page olx.com.ar via auto save search text | POC

Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) | POC -1

Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) | POC

CSV Injection |

CSV Injection | POC

Bypass CSV Injection

Bypass CSV Injection at Camptix Event Ticketing | POC | $100

HOST HEADER INJECTION

HOST HEADER INJECTION in rpm.newrelic.com | POC

Creating Post on

Creating Post on a restricted channel - 2 | POC | $500

Creating Post on

Creating Post on a restricted channel - 1 | POC | $500

target='_blank' Vulnerability Resulting

target='_blank' Vulnerability Resulting in Critical Phishing Vector | POC

Stored XSS on

Stored XSS on team.slack.com | POC | $1000

Legal | Application

Legal | Application is Missing CSP(Content Security Policy) Header | POC | N/A

Reflected Self-XSS Vulnerability

Reflected Self-XSS Vulnerability in the Comment section of Files Information | POC | $100

Link reset problem

Link reset problem - 2016 H1 report - N/A

XSS ATO (via

XSS ATO (via login keylogger, link Google account) | POC - 1

/vc/blog/info.php script is

/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak | POC | $100

Too much resource

Too much resource consumption of the server due to incorrect datarange control via reports?dateFrom=

wp-embed XSS on

wp-embed XSS on Safari | POC | $300

XSS on Brave

XSS on Brave Today through custom RSS feed | POC | $500

Basic auth header

Basic auth header on WebDAV requests is not bruteforce protected | POC | $750

Stored XSS via

Stored XSS via Kroki diagram | POC | $13950

Open redirect due

Open redirect due to scanning QR code via brave browser | POC | $500

Reflected HTML/CSS injection

Reflected HTML/CSS injection and Cookie leak | POC | $100

Reflected XSS Via

Reflected XSS Via origCity Parameter (UPPER Case + WAF Protection Bypass) | POC | $300

Unauthenticated Cache Purging

Unauthenticated Cache Purging | POC