Random ramblings in Infosec

BookFresh Tricky File Upload Bypass to RCE

Hello all :)

today i’m going to write about an interesting vulnerability i’ve found in Square’s Acquisition website that was escalated to remote code execution.

the story started when i saw that Bookfresh became a part of Square bug bounty program at Hackerone.
i decided to take a look at and start finding some vulnerabilities . i’ve found that the website is vulnerable to many XSS but i was looking for something bigger like Sql Injection or RCE.

Read More