Random ramblings in Infosec

XSS Challenge – Sh*t it’s a WAF

During my research on a well known bug bounty program i came across a tricky XSS vulnerability that had some type of WAF filtering. I always like to play with WAFs so I tried to test the WAF and understand how it works. After doing few tests I found a weakness in the WAF and I’ve managed to bypass it and execute a cool alert box, however my payload had a mild user interaction. So I made this challenge out of it exactly as it was on the bug bounty website.

Read More

BookFresh Tricky File Upload Bypass to RCE

Hello all :)

today i’m going to write about an interesting vulnerability i’ve found in Square’s Acquisition website that was escalated to remote code execution.

the story started when i saw that Bookfresh became a part of Square bug bounty program at Hackerone.
i decided to take a look at and start finding some vulnerabilities . i’ve found that the website is vulnerable to many XSS but i was looking for something bigger like Sql Injection or RCE.

Read More

One Vulnerability allowed deleting comments of any user in all Yahoo sites

Hello all hatj

today i’m going to write about a strange and critical vulnerability that affected 90% of Yahoo’s Services such as:

Yahoo News , Yahoo Sports , Yahoo TV , Yahoo Music , Yahoo Weather, Yahoo Celebrity , Yahoo Voices and more .

the vulnerability allowed me to delete any user comments in all these Yahoo sites.
the impact of the vulnerability is high because it could delete millions of comments .

Read More

osCommerce v2.x SQL Injection Vulnerability

Hello everyone hatj

This is my first writeup and i would like to start it with the 0day vulnerability that i’ve found recently in osCommerce the well known open-source commerce web application .

it wasn’t a very easy task for me to find a vulnerability in the oscommerce as it’s an open source and being developed for many years but i always like accepting the tough challenges so i wanted to start playing with it.

Read More