Introduction When I’m on a bug bounty program, I prefer « big » applications that offer a wide range of features, different rendering interfaces and different roles. Here, after spending a good amount of time browsing the application and noting what it… Continuer la lecture →

Quick XSS write-up transformed into a 1-click account takeover despite a HttpOnly protected session cookie, on a HackerOne bug bounty program. The original XSS The XSS was found quickly, via an installation path and an injection directly into the URI… Continuer la lecture →

Image credit: DALL-E Recon It all started during a recon phase on a YesWeHack program, when I came across a rather curious 404 not found page that I’d never seen before :     The source code of the page… Continuer la lecture →

This is a vulnerability that I found on one of Bug Bounty CH’s customers, explained by their team in a blog post.