Websec

Changing Pre-Auth stored XSS to RCE for fun and no profit (CVE-NaN)

Hi all, it has been months since I didn’t publish anything on Medium. In January 2021, I found preauthentication stored XSS and command injection bug in TastyIgniter v2.1.1. TastyIgniter open-source food ordering…

Account takeover in cups.mail.ru

In this year April 1, I quit my job due to some reason and so I can spend some times in Hackerone. I stopped finding bugs in 2018 because I have insecurity for my skills and I feels I don’t have enough skill set to deep dive into full-time bug hunting and so I tried to…

Stored XSS in amazon drive

Copy from 2018 blog post again.

iOS Outlook Stored XSS Write-Up($3000)

Staying home is really nightmare for me and I am so boring to learn new things. So, I…

PostMessage vuln, what is it?

Nowadays JavaScript becomes very popular and application can write with only JavaScript. I want to share…

Lesser Known Web Attack(LKWA) Lab Walk-through

0x0A — Introduction

Stored XSS in Yahoo mail IOS app($3500)

Copy from one of my 2018 blog post.

Intro

I want to share about my easy finding in Yahoo mail IOS application, easy but worth $3500.

Stored XSS in Microsoft outlook

Copy from one of my 2018 blog post.

Story of stealing mail conversation, contacts in mail.ru and myMail iOS applications via XSS