How I found a Critical 0-click ATO using only information from waybackurlsHello everyone! Today, I’d like to share an interesting discovery I made recently using information obtained through waybackurls, where I…Feb 16, 20242Feb 16, 20242
$1000 Bounty: How I scaled a Self-Redirect to an XSS in a web 3.0 system at HackenproofHello everyone, in this article, I will share how I scaled from a self-redirect that redirected only to a link containing the host itself…Nov 16, 20234Nov 16, 20234
How I found an XSS via multiple parametersHello everyone, after receiving a generous reward at Bugcrowd for an XSS, I would like to share a discovery from a Bug Bounty I found a…Nov 7, 20231Nov 7, 20231
Como fui de um range de IP até um RCE via SQL Injection — Bug BountyEstarei compartilhando o processo que percorri em um dos meus últimos bug bounties para chegar a tão aclamada falha de RCE. Onde fui de um…Dec 16, 20221Dec 16, 20221