Bypassing iCloud Web Access RestrictionToday, I am going to share a short story about discovering a vulnerability in www.icloud.com that allowed me to bypass a security…Jun 21Jun 21
Cross-Site Scripting via Web Cache Poisoning and WAF bypassA few months ago, I found Cross-Site Scripting vulnerability on a private bug bounty program that I’d like to write about.Jun 171Jun 171
[Netflix][Smart TV] — Chaining Self-XSS with Session poisoning.I’d like to share my experience of discovering an interesting vulnerability on Netflix while using their TV application. Mar 11, 20231Mar 11, 20231
OSCP Preparation 2021 — Learning PathLike a lot of the people who passed the exam, I am also going to share some thoughts about it … I will be brief.Feb 12, 2021Feb 12, 2021
[GITLAB] — Denial of service via “Login Panel” functionality.After reporting the SSRF issues, I proceeded to explore the application. It was a matter of time to discover something else … A few hours…Feb 12, 2021Feb 12, 2021
[GITLAB] — Just another SSRF issue.Today I am going to talk about the second SSRF vulnerability that I have identified in Gitlab. Just to emphasize again that I’ve never…Feb 12, 2021Feb 12, 2021
[GITLAB] — Server Side Request Forgery in “Project Import” page.I decided to share a story about my first bug bounty earned in HackerOne. It’s about SSRF vulnerability that had been previously exploited…Feb 12, 20211Feb 12, 20211
![[Netflix][Smart TV] — Chaining Self-XSS with Session poisoning.](https://miro.medium.com/v2/resize:fill:160:106/1*Kp-OEx7OR54sNc13AI1znA.png)
![[Netflix][Smart TV] — Chaining Self-XSS with Session poisoning.](https://miro.medium.com/v2/resize:fill:320:214/1*Kp-OEx7OR54sNc13AI1znA.png)
![[GITLAB] — Just another SSRF issue.](https://miro.medium.com/v2/resize:fill:160:106/1*0PgBWiP5I3NHZTehtIHvcg.png)
![[GITLAB] — Just another SSRF issue.](https://miro.medium.com/v2/resize:fill:320:214/1*0PgBWiP5I3NHZTehtIHvcg.png)
![[GITLAB] — Server Side Request Forgery in “Project Import” page.](https://miro.medium.com/v2/resize:fill:160:106/1*3IPi60D1TarS6yDPji3wNw.png)
![[GITLAB] — Server Side Request Forgery in “Project Import” page.](https://miro.medium.com/v2/resize:fill:320:214/1*3IPi60D1TarS6yDPji3wNw.png)
