Patrik Fehrenbach

[BugBounty] Yahoo phpinfo.php disclosure

Dear readers, during my research of yahoo i found a phpinfo.php file information disclosure vulnerability, on one of their servers. The server on which i found that particular file was : http://nc10.n9323.mail.ne1.yahoo.com/phpinfo.php you might ask yourself how on earth i found this server. Let me explain what i did: Since the scope for the vulnerability program of

[BugBounty] Yahoo phpinfo.php disclosure Read More »

Google Chrome Security: Multiple leading slashes in URLs may confuse some server-side XSS filters

Today i  reported a strange bug to the devs of the Chromium Project, look at the following lines of code : <html> <script src=http:\\\\\\\\\\\\monitor.it-securityguard.com\\\\\\\\\\\\\test.js> </script> </html>   You see those leading slashes ? Do you think that this is an valid URL a Browser would process ? In fact it does not look like a valid

Google Chrome Security: Multiple leading slashes in URLs may confuse some server-side XSS filters Read More »

en_USEnglish