Skip to content

David Sopas – Security Researcher

I hack and I love it!

  • Home
  • About
  • Advisories
  • Contacts

Month: September 2015

  • Home
  • 2015
  • September

Komento Joomla! component Persistent XSS

  • Advisories
Posted on September 30, 2015

CVE Reference: CVE-2015-7324 Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento I found out […]

Read More

Bug Hunter Appreciation Programs

  • Interesting Readings
Posted on September 29, 2015

Interesting reading about security bug bounty written by Eduardo Vela – http://sirdarckcat.blogspot.pt/2015/09/not-about-money.html You got to love this part: It is my view, that we shouldn’t call […]

Read More

Shopify open to a RFD attack

  • Advisories
Posted on September 29, 2015September 29, 2015

Before Shopify having a bounty program on HackerOne I already sent [on 19 march] a security report about a Reflected Filename Download I found on […]

Read More

Another donation to APAFF

  • Donations
Posted on September 28, 2015

I’m always happy when I donate food to a local animal shelter. This time was: 50kg of senior dog food 60kg of cat food It’s […]

Read More

Yahoo! and other sites vulnerable to Open Redirect

  • Interesting Readings
  • Tips and Tricks
Posted on September 25, 2015

A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to […]

Read More

Acunetix got RFDed!

  • Advisories
Posted on September 23, 2015September 23, 2015

After publishing a report on a security software – OWASP ZAP – I found another vulnerability on a security company – Acunetix. Reminds the proverbial […]

Read More

OWASP ZAP XXE vulnerability

  • Advisories
Posted on September 22, 2015

I just noticed that this is my first full disclosure of a XXE vulnerability. I already found others but they were inside private bounty programs. […]

Read More

Linkedin Reflected Filename Download

  • Advisories
Posted on September 18, 2015September 18, 2015

When researching another website I discovered a XHR request on my Google Inspector on Linkedin that seemed interesting: https://www.linkedin.com/countserv/count/share?url=http://www.site_i_was_in.pt Basically it was the request made […]

Read More

DOM XSS in all Condé Nast sites network

  • Advisories
Posted on September 16, 2015March 1, 2023

For those who don’t know Condé Nast: Condé Nast, a division of Advance Publications, is a mass media company headquartered at One World Trade Center […]

Read More

Google Reflected Filename Download

  • Advisories
Posted on September 10, 2015September 10, 2015

I found a critical issue on Google that can be used by malicious users to hijack victims computer using Google domain as platform and trust […]

Read More

Recent Posts

  • I printed a 3D box for my bettercap arsenal and I liked it
  • Our DEF CON 28 day was a blast
  • DEF CON 28 here I go
  • A small gesture on this pandemic times
  • Checkmarx Security Research Team latest work

Recent Comments

  • David Sopas on BLE Driving 101
  • JIm K on BLE Driving 101
  • David Sopas on XSS on a input hidden field
  • shi on XSS on a input hidden field
  • David Sopas on Free online tools to help your #bugbounty

Archives

  • August 2020
  • July 2020
  • June 2020
  • March 2020
  • December 2019
  • August 2019
  • March 2019
  • February 2019
  • December 2018
  • November 2018
  • October 2018
  • August 2018
  • April 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • June 2017
  • April 2017
  • January 2017
  • November 2016
  • October 2016
  • August 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015

Categories

  • Advisories
  • Bug Bounty
  • Challenge
  • Donations
  • Hardware
  • Inspiration
  • Interesting Readings
  • IoT
  • Life Style
  • Meetings
  • My Events
  • News
  • Papers
  • Swag
  • Tips and Tricks
  • Tools
  • Travel
  • Warning
Copyright © 2022 Biographyn by Theme Palace | Privacy Policy