I started a challenge to some javascript folks last month, and here is the write-up. Challenge I gave them this array [5,23,87,3,58,7,2,1,9], and asked them to sort it increasingly. It’s... Read more »
Welcome all :) In this new blog I will write about my findings, thoughts, tools, programming, and much more! This blog had been made using Jekyll which is a great... Read more »
Today, I’ll talk about one of my worst experiences in bug bounty programs with Vimeo’s security team. First, if you don’t know Vimeo: Vimeo (/ˈvɪmioʊ/[3]) is a video-sharing website in... Read more »
Back in June 10, 2016, I published an XSS challenge on hack.me platform I called Small Youtube XSS . If you are here just for solution and not interested in write-up, here’s a... Read more »
Today I’d like to share an old bug that I found in 2014 at vine.co. Introduction I was exploring Twitter when I saw @0xSobky’s tweet saying that he found an XSS by... Read more »
Two days ago, I found a simple, limited XSS, so, I developed it to be a One-click full account takeover. How did it start ? I was searching on google... Read more »
Early 2015, when I was looking for a BB I learned that Oculus is under scope of Facebook BB So, when a product is in scope, a BB hunter should look... Read more »
Long time ago, I found a bug in http://securityundefined.com of XSS vuln in the path: http://securityundefined.com/cdn-cgi/pe/bag2?r[]= I reported it, and it were fixed after a while. The vulnerable parameter was “r[]” ,... Read more »
Today I want to share with you one of my findings in 2013, which is an XSS in a flash file that was used by many famous websites, the flash... Read more »
From now on, I’m going to publish some of my findings. In 2014 I found Blind SQL injection at hootsuite subdomain https://learn.hootsuite.com. Blind SQL Injection : Is a type of... Read more »