When I report a vulnerability, I like to be able to see all the vulnerabilities accepted by the platform in a simply way to identify the category… Leer más “Zerocopter: vulnerability listing”
Categoría: BugBounty
Help me, i’m Blind (XSS) !!!
Have you ever heard about Blind XSS?. What is it about?. Where does it happen?. After looking for vulnerabilities in a subdomain for some days and failed,… Leer más “Help me, i’m Blind (XSS) !!!”
Javascript, i love you !!!
The art of bug bounty comprises a lot of things to check and sometimes no all of them are check, but you should have in mind one… Leer más “Javascript, i love you !!!”
Dot Dot Semicolon RCE
The world of bug bounty is somewhat complex since you have to know numerous tools as well as techniques to identify vulnerabilities. Many times, the urge to… Leer más “Dot Dot Semicolon RCE”
To: eventListener # From: postMessage
In this post, we are going to see what is window.postMessage and how we can send data accross domains in a safe way. WHAT IS POSTMESSAGE? window,postMessage… Leer más “To: eventListener # From: postMessage”
Your DNS, my DNS
In this humble article, we are going to talk about what is known as DNS Takeover, a technique used in Bug Bounty and similar to Subdomain Takeover,… Leer más “Your DNS, my DNS”