Hello folks! Today I want to talk about ASUS RCE vulnerability on rma.asus-europe.eu domain. I was trying to fill out service apply form for my personal laptop. I had a screen issue. I realised that there is an upload part to upload some warranty documents. I was trying to bypass upload restrictions by editing request….
SMARTSHEET XSS VIA FILE UPLOAD
Hi, today I want to explain XSS vulnerability that I found on Smartsheet.com. Smartsheet XSS vulnerability is an interesting vulnerability because it occurs via file upload! By the way I want to clarify that, this XSS works with or without authorization, so it is dangerous vulnerability as well as interesting. What is Smartsheet and more…
BYPASS TWO FACTOR AUTHENTICATION VULNERABILITY ON LOGIN.GOV
I found a way to bypass two factor authentication on login.gov which contains critical informations in it. This vulnerability occurs because of the misconfigurated token. The account creating process of login.gov is very interesting. You need to confirm your email first, instead of last. I realised that this might cause some security problems. And it…
Recent Posts
- Protected: REDACTED 20 November 2021
- [REDACTED] App – Insufficiently “Encrypted” Config Leads to Free InAppPurchase 23 March 2020
- Make IDOR great again! 5 December 2019