4 Crits in 48 hours: Unicorn Programs

I've decided to remove this article for the time being to write a more detailed writeup in collaboration with the program itself, so stay tuned.…

Oauth client secret leak and possible IDOR leading to PII Disclosure

Given that this vulnerability is still in triage, I will give a vague overview of the bug chain. Whilst working on my automation, I was investigating various interesting subdomains that it had found. One given subdomain was owned by a SaaS bug bounty program. I was reading the HTML source…

Github Dorking for sensitive information

I consider myself, in my infinite laziness, to be primarily an information disclosure-oriented hunter. This is, of course, subject to change, but due to work commitments and whatnot, this is what I am at this moment in time. The most effective method of finding info disclosure bugs is arguably dorking.…

On Exposed Jira Dashboards

While doing my own research recently, I discovered exposed Jira dashboards for several companies. While there is no guarantee that those companies own those dashboards, it is a reasonably safe assumption to make. Circle K: https://circlek.atlassian.net/jira/filters?searchName=&Search=Search&filterView=search Waterstones: https:…