SECURITY GEEK

Just another web application security blog

BookFresh Tricky File Upload Bypass to RCE

Hello all :)

today i’m going to write about an interesting vulnerability i’ve found in Square’s Acquisition website bookfresh.com that was escalated to remote code execution.

the story started when i saw that Bookfresh became a part of Square bug bounty program at Hackerone.
i decided to take a look at and start finding some vulnerabilities . i’ve found that the website is vulnerable to many XSS but i was looking for something bigger like Sql Injection or RCE.

Read More

One Vulnerability allowed deleting comments of any user in all Yahoo sites

Hello all hatj

today i’m going to write about a strange and critical vulnerability that affected 90% of Yahoo’s Services such as:

Yahoo News , Yahoo Sports , Yahoo TV , Yahoo Music , Yahoo Weather, Yahoo Celebrity , Yahoo Voices and more .

the vulnerability allowed me to delete any user comments in all these Yahoo sites.
the impact of the vulnerability is high because it could delete millions of comments .

Read More

osCommerce v2.x SQL Injection Vulnerability

Hello everyone hatj

This is my first writeup and i would like to start it with the 0day vulnerability that i’ve found recently in osCommerce the well known open-source commerce web application .

it wasn’t a very easy task for me to find a vulnerability in the oscommerce as it’s an open source and being developed for many years but i always like accepting the tough challenges so i wanted to start playing with it. Read More