Stored XSS in olx.pt

Published on

Our team leader found a stored XSS in olx.pt. When submiting a new ad, it was possible to add a XSS payload on data[person]. The ad got approved without reflection on the output of this field, it was sanitized. Afterwards when we try to edit the ad, the payload was launched, so the input wasn’t sanitized when added … Continue reading Stored XSS in olx.pt

We got Adobe XSSed

Published on

When our security team leader started his path on HackerOne he started with Adobe bug bounty program. David already was present on their Security Acknowledgements list (2013) but he wanted to get a big company on his HackerOne profile so after a while he found a Reflected XSS (CWE-79) on their website. You may notice that … Continue reading We got Adobe XSSed

Can you write a great vulnerability report?

Published on

David Sopas is the security team leader at Char49 and he is sharing great tips at Cobalt’s Blog on how writing great vulnerability reports can have a huge impact in your bug bounties career. The article covers best practices on preparation, writing and also tools used. Go check it out.

The Top 10 Vulnerabilities used by David Sopas to reach #1 at Cobalt

Published on

David Sopas is the security team leader in Char49 and he is always looking for a new challenge. Today he presents his top 10 vulnerability list to reach #1 at Cobalt bounty programs, with a clear description of each one. Check out this article on Cobalt Blog from our researcher and team leader.

ImageTragick

Published on

One of the most interesting vulnerabilities that could potentially allow Remote Code Execution (RCE). Check out this article from our researcher Miguel Regala on Cobalt Blog.

Flash XSS on typewrite_header.swf

Published on

Our lab found a interesting XSS on a .swf file that we later discover was mainly used on phishing websites. Source code of typewrite_header.swf: //———————————————————————- //Frame 3 //———————————————————————- gotoAndPlay (2); //———————————————————————- //Frame 1 //———————————————————————- var q = 1; var myurl = “http://xxxxxxxxxxxxxxxxxxxxxxxxx/”; var mytext1 = _root.thetitle; var mytext2 = _root.thestrap; _global.mytext = ((“” + mytext1) … Continue reading Flash XSS on typewrite_header.swf

Char49 helps Microsoft fix a Reflected File Download

Published on

Our security researchers found a Reflected File Download on outlook.office365.com domain which would allow malicious users to trick innocent victims to download files that would seem to be hosted on Microsoft domain. This vulnerability first presented by Oren Hafif in Blackhat Europe 2015 is not very well known but if implemented correctly could be very dangerous. … Continue reading Char49 helps Microsoft fix a Reflected File Download

Safer Internet Day 2016

Published on

Today more than 100 countries worldwide, including all 28 countries of the European Union, are celebrating Safer Internet Day (SID) for the thirteenth year running. Initiated under the European Commission’s Safer Internet Programme and now continuing under the Connecting Europe Facility (CEF) which funds Safer Internet Centres in the member states, the day marks an annual … Continue reading Safer Internet Day 2016