Quick XSS write-up transformed into a 1-click account takeover despite a HttpOnly protected session cookie, on a HackerOne bug bounty program. The original XSS The XSS was found quickly, via an installation path and an injection directly into the URI… Continuer la lecture →

Image credit: DALL-E Recon It all started during a recon phase on a YesWeHack program, when I came across a rather curious 404 not found page that I’d never seen before :     The source code of the page… Continuer la lecture →

This is a vulnerability that I found on one of Bug Bounty CH’s customers, explained by their team in a blog post.

Hi everyone ! My blog has been unpublished for almost a year now, so I needed a new post … Here is an write-up from a recent P1 found and exploited on an external bug bounty program which led to… Continuer la lecture →