pwnedDesal

!#pwnedDesal

ARBITRARY SECURITY & CODE STUFFFFFF BY pwnedDesal

This should be a header :-D

Welcome to my blog. Subscribe and get my latest blog post in your inbox.

PoC for robotlegs—a MVC Flex applications vulnerable to CVE-2011-2461

Published 2017-05-23 00:00:00 +0200 | 23 May 2017 5 min read 8 comments

PoC for robotlegs—a MVC Flex applications vulnerable to CVE-2011-2461 Read more

Scriptless attack—Use Unobtrusive scripting in malicious way(Bypassing XSS Mitigations Via Script Gadgets)

Published 2016-07-25 00:00:00 +0200 | 25 Jul 2016 5 min read 8 comments

Stored on-site request forgery Read more

Profiles Of The Top 7 Bug Hunters From Around the Globe

Published 2016-07-14 00:00:00 +0200 | 14 Jul 2016 5 min read 8 comments

link here: http://www.darkreading.com/…

Top #5 based on bugcrowd. The result of deep loneliness 😁.… https://t.co/iwC5oQX5uA
— adrian:zap:⚡ (@NUkesec) July 13, 2016

Oauth security misconfiguration on facebook

Published 2016-05-14 00:00:00 +0200 | 14 May 2016 5 min read 8 comments

facebook oauth flaws Read more

XSS on Jira's Confluence Data Center

Published 2016-05-11 00:00:00 +0200 | 11 May 2016 5 min read 8 comments

On `02/Jul/2015 3:27 AM` i found a XSS flaw on confluence, https://jira.atlassian.com/browse/CONF-38127 Read more

Abusing Thumbnails to see Vimeo private video

Published 2016-05-11 00:00:00 +0200 | 11 May 2016 5 min read 8 comments

https://vimeo.com/upload/select_thumb uri is used set a thumbnails on your vimeo video. https://vimeo.com/upload/............. Read more

OCULUS VR account hijacking via password reset vulnerability

Published 2014-08-15 00:00:00 +0200 | 15 Aug 2014 5 min read 8 comments

Oculus VR is a virtual reality technology company founded by Brendan Iribe and Palmer Luckey. Their first product, still in development, is the Oculus Rift, a head-mounted display for immersive virtual reality(VR). In March 2014,Facebook agreed to acquire Oculus VR for US$2 billion in cash and Facebook stock. While testing the forgot password functionality of oculusVR .I have found that it's possible to abuse this functionality. Here is a algorithm how the reset password functionality of oculus VR works. Read more

Flowdock XSS or RCE(malicious file upload)

Published 2014-07-26 00:00:00 +0200 | 26 Jul 2014 5 min read 8 comments

One day I accidentally uploaded a `.pdf` filetype on https://www.flowdock.com/oauth/applications page. it was sucessfuly uploaded. So I tried to upload some arbitary filetype, But flowdock rejected it. Flowdock backlisted all arbirtary content-type such as..... Read more

Bypass anti CSRF token of Yandex!

Published 2014-05-07 00:00:00 +0200 | 07 May 2014 5 min read 8 comments

When you browse a link in docviewer.yandex.com, The site will recreate a token named `sk`, which is used to validate a redirection and anti-csrf token `sk` is also an anti-csrf token on {% highlight text %} http://webmaster.yandex.ru`,..... Read more