Arc Browser UXSS, Local File Read, Arbitrary File Creation and Path Traversal to RCEStory of how a malicious legacy boost in Arc browser can be exploited to get UXSS, LFI and RCE in targeted machine by clicking installNov 13Nov 13
You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing VulnerabilitiesAddress bar is one the main components of a browser security and in this blog I show many bugs affecting Opera browsers to spoof address…Oct 24, 2023Oct 24, 2023
Opera Browser VPN BypassWhile looking at Opera functionalities I stumbled upon the built-in VPN inside the browser and I was able to find a technique that allow an…Sep 22, 2022Sep 22, 2022
The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…Story of 3 bug bounty writeups which I use low bugs and chain them together for higher impact.May 10, 20221May 10, 20221
Facebook Messenger Desktop App Arbitrary File ReadI’m a daily user of Facebook Messenger on Mobile and Web, someday i got a banner in my Web version saying that Messenger is available on…Feb 3, 2021Feb 3, 2021
Copy Drag — Paste DropSmall write-up about drag and drop & cop and paste XSS’s using new browser techniquesJul 4, 2020Jul 4, 2020
Bypass SameSite Cookies Default to Lax and get CSRFSameSite=Lax Cookies by Default is a new browser feature we will look at how to bypass it and what is the security concerns with it..Jan 8, 2020Jan 8, 2020
Facebook Messenger Disclosing deleted messages that has been deleted by [Remove For Everyone]Story of a funny bug i found in Facebook Messenger because of a typo between (w) and (e) 😂Aug 15, 2019Aug 15, 2019
Security Fest 2019 CTF, entropian [web] write-upThis is my first CTF challenge write-up so i’m not good at itMay 24, 20191May 24, 20191
New technique to find Blind-XSSBlind-XSS is a powerful attack, now i will talk about a technique i have used in Bug Bounty programs to find it..Nov 16, 2018Nov 16, 2018