0xbadb00da – Medium

Jun 23, 2021

Information disclosure and why understanding the logic is crucial

All the actions described in the article were performed with the permission of the site owner as the part of vulnerability tests. In the previous blog post I covered the findings related to temporary file upload, but let’s further and check if we can do something with the final file…

Writeup

3 min read

Information disclosure and why understanding the logic is crucial

Writeup

3 min read

Jun 17, 2021

Account takeover via stored XSS with arbitrary file upload

All the actions described in the article were performed with the permission of the site owner as the part of vulnerability tests. Requests text was modified with respect to the test subject privacy. Prehistory Some time ago I found a suspicious behavior on the file upload to the site. Spoiler: I…

Bug Bounty

5 min read

Account takeover via stored XSS with arbitrary file upload

Bug Bounty

5 min read