Remediation Archeology — Finding and Decoding an Ancient XSSOne of my favorite pastimes in Bug Bounty is reviewing my ancient (read: 2 or 3 years old) vulnerability reports. I feel like I’ve come a…Nov 18, 2022Nov 18, 2022
Finding and Exploiting Unintended Functionality in Main Web App APIsWhile hunting for bugs on Main Web Apps, I encounter tons of interesting APIs. Some are well secured, obscurely documented, and keep you in…May 21, 20211May 21, 20211
Journeys in Quoteless and Multi Reflection XSSCross Site Scripting is a tricky bug to fix, and bypasses for these fixes can be even trickier. While there are several ways to remediate…Apr 4, 20211Apr 4, 20211