The Sorting Challenge

I started a challenge to some javascript folks last month, and here is the write-up. Challenge I gave them this array [5,23,87,3,58,7,2,1,9], and asked them to sort it increasingly. It’s... Read more »

Hello World Post

Welcome all :) In this new blog I will write about my findings, thoughts, tools, programming, and much more! This blog had been made using Jekyll which is a great... Read more »

Leak Private Videos [Vimeo Bug Bounty]

Today, I’ll talk about one of my worst experiences in bug bounty programs with Vimeo’s security team. First, if you don’t know Vimeo: Vimeo (/ˈvɪmioʊ/[3]) is a video-sharing website in... Read more »

Hack.me XSS Challenge | Solution

Back in June 10, 2016, I published an XSS challenge on hack.me platform I called Small Youtube XSS . If you are here just for solution and not interested in write-up, here’s a... Read more »

Vine Re-auth Bypass [Twitter Bug Bounty]

Today I’d like to share an old bug that I found in 2014 at vine.co.  Introduction I was exploring Twitter when I saw @0xSobky’s tweet saying that he found an XSS by... Read more »

Cloudflare WAF XSS

Long time ago, I found a bug in http://securityundefined.com of XSS vuln in the path: http://securityundefined.com/cdn-cgi/pe/bag2?r[]= I reported it, and it were fixed after a while. The vulnerable parameter was “r[]” ,... Read more »

One Payload to XSS Them All!

Today I want to share with you one of my findings in 2013, which is an XSS in a flash file that was used by many famous websites, the flash... Read more »

Blind SQL Inejction [Hootsuite]

From now on, I’m going to publish some of my findings. In 2014 I found Blind SQL injection at hootsuite subdomain https://learn.hootsuite.com. Blind SQL Injection : Is a type of... Read more »