cache Authenticated CORS with Access-Control-Allow-Origin: * During one of my BugBounty session on a program from YesWeHack I came across an API with with some personal informations and the header Access-Control-Allow-Origin: *. Here is how I managed to steal the informations an find a bug in chrome. I build a minimal
xss YesWeHack & Alibaba Security Meetup challenge solution The goal of the challenge was to find an XSS vulnerability on a minimalist website. It was composed of 3 steps of increasing difficulty in the form of extra security layer. All the payload are tested with Chrome 75. difficulty Escape GET value X-XSS-Protection
xss Spooky Challenge Solution After 30 days of competition, the event is now over and only one team managed to solve the last part and claim the prizes. The goal was to find an XSS to alert the final flag. The challenge was divided in three parts, each
xss FindBUG XSS Challenge Here is my solution to the XSS challenge by Brutelogic and Findbug The challenge was pretty simple, you just need to pop an alert on the vulnerable webpage using an xss. The code was the following: http://brutelogic.com.br/chall/findbug.php?name=