Jan 9Member-onlyHacking Hackers for fun and profitThis story will be in several parts. In each of the situations, I had to face unexpected results. By and large, these are stories that have arisen from the exploitation of the XSS vulnerability in wildlife. I hope you find something useful in these stories. Self XSS as a Critical Vulnerability Many of you know that…Hacking6 min readHacking6 min read
Nov 19, 2021Member-onlyHow I accidentally hacked many companies using N/A vulnerability in Atlassian CloudBelow you will learn in detail about the discovered vulnerability that allowed me to get about 15000$ in bounty with all secrets from the Atlassian cloud. This story happened about a year ago. And I did not publish it immediately for ethical reasons. It all started the day my friend…Hacker11 min readHacker11 min read
Jul 13, 2021Member-onlyCredential stuffing in Bug bounty huntingBug hunting is not always about looking for classic vulnerabilities (XSS, SQLi, SSRF, RCE, etc). Sometimes it is a search for a new problem domain. In this article, I will tell you how this not-so-standard approach to vulnerability searching helped me to find many critical problems. One evening I came…Hacking6 min readHacking6 min read
Jan 7, 2021Member-only$10,000 for a vulnerability that doesn’t existA couple of months ago, an interesting story happened to me. At that time I was working in a field not strongly connected with application security. And every month it became more and more obvious that something had to change. During the COVID-19 period, it was not very smart to…Security8 min readSecurity8 min read
Jun 3, 2020Member-onlyFrom CRLF to Account TakeoverMany people don’t like client-side vulnerabilities. I’m not a fan of such vulnerabilities as well. And I try to spend less time searching for them. You can’t surprise anyone with endless alert-boxes on the pages. But sometimes these alerts boxes can be worth their weight in gold. Especially if the…Hacking7 min readHacking7 min read
Published in InfoSec Write-ups·Mar 9, 2020Member-onlyBroke limited scope with a chain of bugs (tips for every rider CORS)One morning, I was asked to participate in a private bug bounty program. In general, my experience in security is based on such private projects. This is good on the one hand, as there is almost no rush to find the most dangerous bug before the others. On the other…Vulnerability7 min readVulnerability7 min read
Sep 2, 2019Member-onlyCritical vulnerabilities in Pulse Secure and Fortinet SSL VPNs in the Wild InternetAn SSL VPN is a type of virtual private network that uses the Secure Sockets Layer protocol — or, more often, its successor, the Transport Layer Security (TLS) protocol — in standard web browsers to provide secure, remote-access VPN capability. SSL VPNs protect corporate assets from Internet exposure, but what…VPN5 min readVPN5 min read
Aug 19, 2019Jenkins RCE PoC or simple pre-auth remote code execution on the Server.Once upon a time, a friend of mine asked me a question — "Do you know any fresh RCE for the Jenkins environment ?". I was informed already about some old RCE PoC's but that was not what we need at that time. It was a fresh Jenkins environment. With…Security4 min readSecurity4 min read
Aug 9, 2019Two Easy RCE in Atlassian ProductsIt was a long time from my last article. It was so many interesting results in my work. Seems that it's right time to share my knowledge and experience with you. But first, I wanna inform that two issues in that article well known. And both of that have CVE…Security4 min readSecurity4 min read
May 27, 2019SSRF Vulnerability due to Sentry misconfigurationThat story happened when I saw that disclosed report. And funny thing is that I remembered that saw some Sentry requests in my BuprSuit Proxy in my current project. From that point of view, I highly recommend to not filtering Proxy history. …Sentry2 min readSentry2 min read
