Omkar Bhagwat (th3_hidd3n_mist)inInfoSec Write-upsEffortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bountyHey everyone, I recently reported a dupe for a XSSI bug on a private program which paid out $300, to the original reporter. I believe the…Dec 27, 2019Dec 27, 2019
Omkar Bhagwat (th3_hidd3n_mist)inInfoSec Write-upsBug Bounty: Broken API AuthorizationHey everyone, I’d like to share how I found a simple API authorization bug in a private program, which affected thousands of sub-domains…Nov 12, 20192Nov 12, 20192