I would like describe a step-by-step of my latest “appreciation program” reward on a security issue in a WordPress plugin. First things first – check […]
Free online proxy using Bing Translator
This method is already known on many other servers like Google Translator and other online services. I don’t know if I might consider this to […]
Free online tools to help your #bugbounty
I’m getting a few emails asking some tips on how to get some bounties. Because I like to help others and I’m a share knowledge […]
A tip for bug hunters – Sell your service
As a bug hunter at Cobalt, HackerOne and BugCrowd I always try do my best to give programs the best information needed to understand the […]
Yahoo! and other sites vulnerable to Open Redirect
A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to […]
No parenteses allowed? location.hash is here
I come across a web application in a bounty private program that reflected my var – xss – with the following code: [code lang=”js”] var […]
Tiny XSS vector
I needed a small XSS vector that could fit in a 10 char limit variable in a limit 10 char on a private client to […]