Found this vulnerability when auditing other client. With this RFD you don’t need to create a page to force the download. The request for this Google […]
Bing Reflected File Download
When using Bing online translator I noticed a XHR request on my browser that caught my attention: [code lang=”html”]http://www.bing.com/translator/LandingPage/GetDefinition?oncomplete=jQuery111207287312552798539_1444907172498&market=en&word=test&_=1444907172499[/code] On which reflected on the screen: […]
201 event handlers supported by modern browsers
https://twitter.com/0x6D6172696F/status/680727929094041600
Wikiloc XXE vulnerability
For those who still don’t know Wikiloc: Wikiloc is a place to discover and share the best outdoor trails for hiking, cycling and many other […]
Companies that I’ve helped improve their security
Google, Yahoo!, eBay, Microsoft, Etsy, Nexmo, Weebly, Edmodo, HackerOne, Desk, Adobe, ArubaNetworks, Condé Nast, Linkedin, Acunetix, SendGrid, Rocky Bytes, DepositFiles, Workable, MailChimp, Prestashop, HP, Kaspersky, […]
Why some vendors ignore RFD attacks?
Since I published my Reflected File Download Cheat Sheet I’m getting lot’s of private messages and emails from security researchers and bounty hunters telling that […]