Our Security Ninja Miguel Regala found a vulnerability on drive.google.com. It’s a common problem of data exposure, without PII leak, but rarely found in production environment. Google security team gave a quick answer and in a very transparent process the bug was fixed in a short period of time. Miguel appears now at Google’s Hall … Continue reading Vulnerability on drive.google.com
Our team leader found a stored XSS in olx.pt. When submiting a new ad, it was possible to add a XSS payload on data[person]. The ad got approved without reflection on the output of this field, it was sanitized. Afterwards when we try to edit the ad, the payload was launched, so the input wasn’t sanitized when added … Continue reading Stored XSS in olx.pt
When our security team leader started his path on HackerOne he started with Adobe bug bounty program. David already was present on their Security Acknowledgements list (2013) but he wanted to get a big company on his HackerOne profile so after a while he found a Reflected XSS (CWE-79) on their website. You may notice that … Continue reading We got Adobe XSSed
David Sopas is the security team leader at Char49 and he is sharing great tips at Cobalt’s Blog on how writing great vulnerability reports can have a huge impact in your bug bounties career. The article covers best practices on preparation, writing and also tools used. Go check it out.
David Sopas is the security team leader in Char49 and he is always looking for a new challenge. Today he presents his top 10 vulnerability list to reach #1 at Cobalt bounty programs, with a clear description of each one. Check out this article on Cobalt Blog from our researcher and team leader.