One of the things that keeps me on the security path is the opportunity to learn new things each day. After seing the new update […]
Checkmarx Security Research Team latest work
CSRT latest work and news: Evenbrite Security Wall of Fame Go programming SCP Remotely Exploitable Flaws Found in Popular IP Cameras Trump Website Hacked: Subdomain […]
OLX and Adobe full-disclosures on HackerOne
OLX Stored XSS https://hackerone.com/reports/152069 Adobe Reflected XSS https://hackerone.com/reports/50389 I asked for full-disclosure of this reports so other users can learn something from it. The OLX […]
Latest work done
Just to give a small update on my work… I’ve been more active on my Twitter account so follow me to get the latest updates […]
Hey vendors, researchers are here to help
Yesterday I was exchanging some messages on Twitter – specially with Kymberlee Price (from BugCrowd) – about the relationship between vendors and security researchers when […]
Google Finance Reflected File Download
Found this vulnerability when auditing other client. With this RFD you don’t need to create a page to force the download. The request for this Google […]
Bing Reflected File Download
When using Bing online translator I noticed a XHR request on my browser that caught my attention: [code lang=”html”]http://www.bing.com/translator/LandingPage/GetDefinition?oncomplete=jQuery111207287312552798539_1444907172498&market=en&word=test&_=1444907172499[/code] On which reflected on the screen: […]
Wikiloc XXE vulnerability
For those who still don’t know Wikiloc: Wikiloc is a place to discover and share the best outdoor trails for hiking, cycling and many other […]
MailChimp Reflected File Download
When auditing a MailChimp client for Cobalt.io I noticed that this company suffers from a Reflected File Download vulnerability that could be exploited only by […]
Multiple vulns on mTouch Quiz WordPress plugin
Plugin link: https://wordpress.org/plugins/mtouch-quiz/ Active Installs: 5,000+ Version tested: 3.1.2 CVE Reference: Waiting mTouch Quiz lets you add quizzes to your site. This plugin was designed […]