Careem AWS S3 Bucket Takeover

Hi all, This story happened last year and I thought it is a good case study of taking advantage of broken links. additionally, it contains a funny story that shows... Read more »

Moodle DOM Stored XSS to RCE

This is part of Cube01 researches. Hi all, In this article we will cover a vulnerability that we found last month and reported it to the Moodle Security team and... Read more »

Intigriti Easter XSS Challenge Write-up

Hey all, On March 13th I was doing some boring college assignments then I opened Twitter to check what’s new, then I saw that Intigriti was hosting “Easter XSS Challenge”... Read more »

Medium Content Spoofing Leads to XSS

Last week, I found a content spoofing bug in Medium’s jobs site, which can lead to stroed XSS. Introduction I was not looking for bugs there neither a job, I... Read more »