Articles in the Bugs category

Every time I try a bug bounty program on HackerOne, I first check for flash files on the domains which are in scope. Flash files are always a good target as far as I am concerned. Approximately three months back, I came across bug bounty. So, when I …

Phacilitating phew bugs ;) [Bugs]

I am not a huge fan of bug bounties since I am more of a tool developer. But as the title suggests, to keep myself fresh & bounties from IBB are special. So enter Phabricator.

Phabricator is :
  • the best piece of software for collaboration
  • originally written at Facebook
  • now maintained by …

The following is writeup of how I dealt with a specific circumstance. I was up against a wordpress installation in one of my tests and luckily I already had editor level credentials. So I have to somehow obtain a shell. Remember that editor's do not have the ability to edit …

Changing Gravatar of Others!! [Bugs]

So, yeah the title is true. I found some vulnerabilities which can be chained to change the gravatar of any logged-in user. The one draw back for this attack is the knowledge of the email address of the victim. I walked through the process of changing gravatar and found a …

XSS in Google 500 Error page [Bugs]

Due to highly poor internet conditions in my university, we often encounter google error pages. But this happened during my winter break when googling some stuff, I was redirected to a Google 500 error page. What caught my attention was that arguments were present there but the page was a …

Page 1 / 2 »