CVE Reference: CVE-2015-7324 Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento I found out […]
Bug Hunter Appreciation Programs
Interesting reading about security bug bounty written by Eduardo Vela – http://sirdarckcat.blogspot.pt/2015/09/not-about-money.html You got to love this part: It is my view, that we shouldn’t call […]
Shopify open to a RFD attack
Before Shopify having a bounty program on HackerOne I already sent [on 19 march] a security report about a Reflected Filename Download I found on […]
Another donation to APAFF
I’m always happy when I donate food to a local animal shelter. This time was: 50kg of senior dog food 60kg of cat food It’s […]
Yahoo! and other sites vulnerable to Open Redirect
A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to […]
Acunetix got RFDed!
After publishing a report on a security software – OWASP ZAP – I found another vulnerability on a security company – Acunetix. Reminds the proverbial […]
OWASP ZAP XXE vulnerability
I just noticed that this is my first full disclosure of a XXE vulnerability. I already found others but they were inside private bounty programs. […]
Linkedin Reflected Filename Download
When researching another website I discovered a XHR request on my Google Inspector on Linkedin that seemed interesting: https://www.linkedin.com/countserv/count/share?url=http://www.site_i_was_in.pt Basically it was the request made […]
DOM XSS in all Condé Nast sites network
For those who don’t know Condé Nast: Condé Nast, a division of Advance Publications, is a mass media company headquartered at One World Trade Center […]
Google Reflected Filename Download
I found a critical issue on Google that can be used by malicious users to hijack victims computer using Google domain as platform and trust […]