It’s been a long period of silence here. I don’t blogging much nowadays, mostly because I can’t spend much time online due to health conditions and there was nothing special in my findings which could be worth a blogpost. I decided to write if there will be some unique or less documented behavior in my findings.
This finding was a part of Hack the World 2017 event. TL;DR: it was possible to leak Facebook access_token to the external domain, and authorize on the site on behalf of the user using this token.
The big count of the bug bounty hunters usually does not care about their report quality. I was no exception. …
Hello. This finding was closely related to the https://hackerone.com/reports/214620 , but used the flaw in the URL parsing on the CloudFlare error page. …
Hello. Since it is my first blog post, I’ll start my stories from the beginning – from the first bug, which made me seriously think about infosec career. …
