I’m getting a few emails asking some tips on how to get some bounties. Because I like to help others and I’m a share knowledge […]
A tip for bug hunters – Sell your service
As a bug hunter at Cobalt, HackerOne and BugCrowd I always try do my best to give programs the best information needed to understand the […]
Reflected File Download Cheat Sheet
This article is focused on providing infosec people how to test and exploit a Reflected File Download vulnerability – discovered by Oren Hafif of Trustwave. […]
Komento Joomla! component Persistent XSS
CVE Reference: CVE-2015-7324 Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento I found out […]
Bug Hunter Appreciation Programs
Interesting reading about security bug bounty written by Eduardo Vela – http://sirdarckcat.blogspot.pt/2015/09/not-about-money.html You got to love this part: It is my view, that we shouldn’t call […]
Shopify open to a RFD attack
Before Shopify having a bounty program on HackerOne I already sent [on 19 march] a security report about a Reflected Filename Download I found on […]
Another donation to APAFF
I’m always happy when I donate food to a local animal shelter. This time was: 50kg of senior dog food 60kg of cat food It’s […]
Yahoo! and other sites vulnerable to Open Redirect
A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to […]
Acunetix got RFDed!
After publishing a report on a security software – OWASP ZAP – I found another vulnerability on a security company – Acunetix. Reminds the proverbial […]
OWASP ZAP XXE vulnerability
I just noticed that this is my first full disclosure of a XXE vulnerability. I already found others but they were inside private bounty programs. […]