Lyubomir TsirkovBypassing iCloud Web Access RestrictionToday, I am going to share a short story about discovering a vulnerability in www.icloud.com that allowed me to bypass a security…Jun 21Jun 21
Lyubomir TsirkovCross-Site Scripting via Web Cache Poisoning and WAF bypassA few months ago, I found Cross-Site Scripting vulnerability on a private bug bounty program that I’d like to write about.Jun 171Jun 171
Lyubomir Tsirkov[Netflix][Smart TV] — Chaining Self-XSS with Session poisoning.I’d like to share my experience of discovering an interesting vulnerability on Netflix while using their TV application. Mar 11, 20231Mar 11, 20231
Lyubomir TsirkovOSCP Preparation 2021 — Learning PathLike a lot of the people who passed the exam, I am also going to share some thoughts about it … I will be brief.Feb 12, 2021Feb 12, 2021
Lyubomir Tsirkov[GITLAB] — Denial of service via “Login Panel” functionality.After reporting the SSRF issues, I proceeded to explore the application. It was a matter of time to discover something else … A few hours…Feb 12, 2021Feb 12, 2021
Lyubomir Tsirkov[GITLAB] — Just another SSRF issue.Today I am going to talk about the second SSRF vulnerability that I have identified in Gitlab. Just to emphasize again that I’ve never…Feb 12, 2021Feb 12, 2021
Lyubomir Tsirkov[GITLAB] — Server Side Request Forgery in “Project Import” page.I decided to share a story about my first bug bounty earned in HackerOne. It’s about SSRF vulnerability that had been previously exploited…Feb 12, 20211Feb 12, 20211