Escalating Self-XSS for Riches
I have a bit of a love hate relationship with Self XSS. I find them somewhat regularly, and while I do think programs should pay a bounty for them (the lowest they offer), I’m…
I have a bit of a love hate relationship with Self XSS. I find them somewhat regularly, and while I do think programs should pay a bounty for them (the lowest they offer), I’m…
After I created TemplateSearch.io, I was testing it out by searching for random things and I came across several templates for YesWiki. So I Googled it to see exactly what it is…
This is the first part in my new series "Funny Bug Bounty Reports". These are not judged on their merits, technical abilities, or anything other than if they make me laugh. Today,…
I was tired of manually searching for the right Nuclei templates to use. The one existing site that lets you search them — while interestingly designed and certainly more stylish…
I went to install Tailscale on a Wifi Pineapple, and the normal pipe to bash (lol) script didn't work. I had to do it manually like this. YMMV attempt at your own risk . I'm…
I received an email saying I'm a top 25 researcher in the California VDP from 2024. Not too bad from the thousands of reports they get, I'm sure.
I recently ran across an application that allowed access to a ClickHouse DB for my user. The access was allowed, so that isn't an issue. However, when we as pentesters or bug…
The other day I received an email saying I was eligible for some swag for getting my 25th valid P1 submission on BugCrowd. I don't do too much BB hunting these days, and also not…
That's in quotes, because this is seemingly a self HTML injection with little to no security impact, but it does allow for you to change your reMarkable's sleep screen in a…
A while back the illustrious team over at Project Discovery wrote about the discovery of an SQLi in Masa/Mura CMS . It's a good writeup, so go check it out for the technical…