Dear followers, i recently discovered a DOM Cross Site Scripting issue while testing on Paypal, the process here was pretty straight forward, if you inserted the payload in : #“><img src="/" onerror="alert(2)"> In the URL, the DOM executed the Javascript. This vulnerability would have affected all registered Paypal users and could have been used to […]
[BugBounty] Paypal DOM XSS main domain Read More »
Dear followers, i recently searched for vulnerabilities on a Google service called tagmanager, this service is used for SEO operations. My main research was to look for any field that could be vulnerable to Cross Site Scripting, but every field was protected against special characters as you can see in the image below. So pretty
[BugBounty] The 5000$ Google XSS Read More »
Dear readers, during my research of yahoo i found a phpinfo.php file information disclosure vulnerability, on one of their servers. The server on which i found that particular file was : http://nc10.n9323.mail.ne1.yahoo.com/phpinfo.php you might ask yourself how on earth i found this server. Let me explain what i did: Since the scope for the vulnerability program of
[BugBounty] Yahoo phpinfo.php disclosure Read More »
Dear followers, during an installation for one of our customers, we had to install a suitable chat plugin for WordPress. There are a lot of them but we decided to choose the first one that comes in the row. Due to the fact that we like security we of course tested the plugins against some
[WordPress] 3x vulnerable Chat Plugins Read More »
Today i reported a strange bug to the devs of the Chromium Project, look at the following lines of code : <html> <script src="http:\\\\\\\\\\\\monitor.it-securityguard.com\\\\\\\\\\\\\test.js"> </script> </html> You see those leading slashes ? Do you think that this is an valid URL a Browser would process ? In fact it does not look like a valid
Dear Readers, short story, i discovered a Path Traversal Issue on one of Prezi’s domains, Timeline : Mail recieved 05/18/2014 21:01:00 : fixed 05/20/2014 Hi Patrik, Thanks again for your submission, you were the first to report this issue and we deployed our fix, therefore you are eligible for a $1000 reward. Congrats! We would
[Bug Bounty] Prezi (map.prezi.com) Path Traversal Read More »
Dear Readers, today i want to share my story on how i want to buy my new Laptop (Macbook Pro would be cool) so the notebook costs round about 1700$ with the help of BugBounty Money i want to buy it $$$. So what i’ve done first is to look at a list of bug
A Tale of 7 Vulnerabilities Read More »
German 
English