Dear Readers, once in a while I enjoy blogging about things unrelated to bug bounties. And so, as it happens, on a quiet Thursday night as I was about to go to bed, I received the following e-mail: Hmmm unwanted login from a location near Berlin? My younger brother lives in Berlin, I wondered if […]
[Research] Phishermans Friend – Getting control over a phishing backend Read More »
Dear Readers, Today I want to share a short write-up about a stored cross-site scripting (XSS) issue I found on the Google Cloud Console. I consider it a lucky find. Some of you may remember the tweet I sent to Frans Rosén after he discovered a vulnerability on Google Payments: As it turned out, among
[BugBounty] Sleeping stored Google XSS Awakens a $5000 Bounty Read More »
There is no excerpt because this is a protected post.
Protected: Digging into the Shopify POS Firmware (Part 1) Read More »
Hey dear readers it’s been awhile, tldr; How to avoid apple from yelling out your location to their servers I personally like to use the Searchlight function of OSX, it provides me a fast way to access my files – but this it also sends my geolocation to apple everytime i do a search. This blogpost will
[Research] – Stop OSX Spotlight from sending your location Read More »
Greetings readers, today i want to share with you one of my latest findings on Paypal.com.When creating an invoice Paypal allows the users to upload attachements for the invoices one attachement that they allow is a XML file. What the developer may missed here is that you can actually insert HTML into XML files, the namespace
[BugBounty] Papyal XML Upload Cross Site Scripting Vulnerability Read More »
Dear followers, i found a reflected Cross Site Scripting issue on the new Paypal Directory service (https://www.paypal.com/directory/merchants), with the following Payload: &q=509%22%20src=%22http://www.example.com/exploit509.js%20%3C script %3E alert %281%29%3C/ script %3E The vulnerable Parameter was the q? Parameter, i was able to break the script contex of the page, i think it was because of the &q Parameteter,
[BugBounty] Reflected Cross Site Scripting at Paypal.com Read More »
Dear readers, today i want to share a short story of a bug i found on one of prezi’s subdomains called mailroom.prezi.com.The Webserver at http://mailroom.prezi.com is configured to redirect the Users to the Login Page of Prezi, so far so good, i found out that if you add a Domain lets say http://mailroom.prezi.com/.anydomain.com to the end
[BugBounty] malicious redirect on mailroom.prezi.com Read More »
Dear followers, i recently found a reflected Cross Site Scripting issue on a Subdomain of BillMeLater (Paypal acquisition) it was possible to break the style attribute and add malicious Javascript Code into the Application. “–></style></ script >< script > alert (“XSS “)</ script > When ending the previous style and script element it was possible
[BugBounty] Reflected Cross Site Scripting BillMeLater Read More »
Dear followers, I’ve recently set up a honeypot tool called Kippo, Kippo runs a virtual SSH environment and tracks all the SSH bruteforce attemps on our Server. We started the test on third of November and got about 4000 bruteforce attempts on our Server, what is remarkable here is that almost all of the logins
[Research] SSH Honeypot (honey.it-securityguard.com) Read More »
Dear followers, i recently discovered a stored cross site scripting vulnerability on Paypal’s core site. The scenario is a bit weird, but i hope to explain everything as good as possible. During my testings i often create accounts with malicious Javascript contet as the Name, Organization etc etc. While testing on Paypal i did the
[BugBounty] Paypal stored XSS + Security bypass Read More »
English 
German