OverviewThis writeup details a series of vulnerabilities I encountered a few months ago on a single private program. The company did specify that they would like to read the writeup before publication to approve it first. Unfortunately, the private program has since been shut down, and the email account that…
Note: I updated my Ghost instance but forgot to back up images, so all of the images that were on this blog are now gone forever. cries but anyway The Story And Some NotesIn September, I was fortunate enough to be selected as a team member of Team Ireland. I…
I participated in the H@cktivityCon 2021 CTF alongside some talented hackers - we placed 57th out of over 2,000 participating teams. My contributions weren't that big - but I did learn a lot. Most of the challenges I solved were easy. Bad Words The general aim of Bad…
Given that this vulnerability is still in triage, I will give a vague overview of the bug chain. Whilst working on my automation, I was investigating various interesting subdomains that it had found. One given subdomain was owned by a SaaS bug bounty program. I was reading the HTML source…
When I started the challenge, I was greeted with this: Hovering over the links, I noticed that the links contained a recipe parameter. So, I opened the link in a new tab. Clearly the parameter was being processed somewhere, so figuring out where it was taking place was important. In…