Weekend project: understand and exploit CVE-2019-2215

Soo many cool talks at offensivecon. I wish I was going!

I was afraid to watch Matrix 4. I finally did it. Fuck.

Yelp disclosed a bug submitted by Lil Endian: hackerone.com/reports/2010530 #hackerone #bugbounty

Abusing Yelps Cookie bridge to turn self XSS into plain XSS and leak HttpOnly cookies of the victim. I'm a little dissapointed with their CVSS scoring here. Another case of setting PR:L on a self signup service...

Do you sometimes find that you'll get blocked by Cloudflare when you're proxying your browser through Burp, but not otherwise? Burp will default to HTTP/2 if the server supports it. Unchecking this option fixes the issue.

I Made $80k from bounties in 2023. My 2024 bug bounty goal is to double that and find cool bugs

When did middle-click to pop a javascript: XSS with target="_blank" stop working in Chrome? I feel like this worked not that long ago. It still works in Firefox.

This morning the trading platform Nordnet Danmark had an issue where users were getting randomly signed in to other users trading accounts. They can easily fix this by simply reminding their customers that AC:H and PR:L. This gives a CVSS score of 6.8/10 so it's only a medium issue

I just finished a 60 hours fast with just water and black coffee. I’ve never fasted longer than 24 hours before. Good experience and I had a clear mind but my body definitely felt weaker at the end. Next time I think I’ll make some snake juice and see if it makes a difference

Finally back from Google bugSWAT Mexico! What an awesome event! I met so many nice people, had a great time and found a few bugs.