July 27, 2019 by Sp1d3R on Writeups

Tricky out-of-band RCE via Java EL injection

It’s been a long period of silence here. I don’t blogging much nowadays, mostly because I can’t spend much time online due to health conditions and there was nothing special in my findings which could be worth a blogpost. I decided to write if there will be some unique or less documented behavior in my findings.

… →

July 10, 2019 by Sp1d3R on Writeups

OAuth authentication bypass on Airbnb acquisition using 1-char Open Redirect

This finding was a part of Hack the World 2017 event. TL;DR: it was possible to leak Facebook access_token to the external domain, and authorize on the site on behalf of the user using this token.

November 28, 2017 by Sp1d3R on Guides

Improving your success as bug bounty hunter

The big count of the bug bounty hunters usually does not care about their report quality. I was no exception. … →

November 23, 2017 by Sp1d3R on Writeups

How the bug on the CloudFlare «Always Online» page could lead to Unvalidated Redirect on the any site including hacker.one

Hello. This finding was closely related to the https://hackerone.com/reports/214620 , but used the flaw in the URL parsing on the CloudFlare error page. … →

November 14, 2017 by Sp1d3R on Writeups

One more way to exploit a Stored Self-XSS

Self-XSS is better than no XSS. ©Captain Obvious.

Hello. In this blog post, I will describe one more way to exploit the Self-XSS. Usually, this type of XSS is underestimated because of self-exploitation only.
However, there are a lot of ways to convert it to the good XSS. Things which can be useful in chains: … →

November 11, 2017 by Sp1d3R on Writeups

How Access Control issue in the Facebook game turned me from the dev to the security researcher

Hello. Since it is my first blog post, I’ll start my stories from the beginning – from the first bug, which made me seriously think about infosec career. … →

Sp1d3R's security blog

"I accidentally broke it."

Author: Sp1d3R