A month ago i made an XSS challenge called Sh*t it’s a WAF. The idea of the challenge was to bypass the WAF filters and inject an XSS payload that execute alert(1337) . The challenge was a bit tricky but not hard. So let’s first explain how the WAF was working and how it could be bypassed.
During my research on a well known bug bounty program i came across a tricky XSS vulnerability that had some type of WAF filtering. i always like to play with WAFs so i tried to test the WAF and understand how it works. After doing few tests i found a weakness in the WAF and i’ve managed to bypass it and execute a cool alert box, however my payload had a mild user interaction. so i made this challenge out of it exactly as it was on the bug bounty website.
today i’m going to write about an interesting vulnerability i’ve found in Square’s Acquisition website bookfresh.com that was escalated to remote code execution.
the story started when i saw that Bookfresh became a part of Square bug bounty program at Hackerone.
i decided to take a look at and start finding some vulnerabilities . i’ve found that the website is vulnerable to many XSS but i was looking for something bigger like Sql Injection or RCE.
today i will write about a serious vulnerability i’ve found recently in Twitter.
so let me share the story with you .
the story started when i saw Twitter introducing their new bug bounty program and starts paying monetary rewards , i decided to look for new bugs in Twitter and get paid.
today i’m going to write about a strange and critical vulnerability that affected 90% of Yahoo’s Services such as:
Yahoo News , Yahoo Sports , Yahoo TV , Yahoo Music , Yahoo Weather, Yahoo Celebrity , Yahoo Voices and more .
the vulnerability allowed me to delete any user comments in all these Yahoo sites.
the impact of the vulnerability is high because it could delete millions of comments .
This is my first writeup and i would like to start it with the 0day vulnerability that i’ve found recently in osCommerce the well known open-source commerce web application .
it wasn’t a very easy task for me to find a vulnerability in the oscommerce as it’s an open source and being developed for many years but i always like accepting the tough challenges so i wanted to start playing with it.