Stored XSS in olx.pt

Published on

Our team leader found a stored XSS in olx.pt. When submiting a new ad, it was possible to add a XSS payload on data[person]. The ad got approved without reflection on the output of this field, it was sanitized. Afterwards when we try to edit the ad, the payload was launched, so the input wasn’t sanitized when added … Continue reading Stored XSS in olx.pt

We got Adobe XSSed

Published on

When our security team leader started his path on HackerOne he started with Adobe bug bounty program. David already was present on their Security Acknowledgements list (2013) but he wanted to get a big company on his HackerOne profile so after a while he found a Reflected XSS (CWE-79) on their website. You may notice that … Continue reading We got Adobe XSSed