Hey, Bug bounty community!

Long time no updates, so here is a little story that you probably will find useful and maybe earn a bit money with this little trick.

A vulnerability I will talk about is not something new, it is a known behaviour for web developers. But not that many people considired it from security perspective and I never seen it being mentioned on any security paper, that’s why I decided to shed light on it.

  1. What Open Redirect is

So, we already should know what Open redirect is. For someone who doesn’t — it is when remote…


Hello, community.

So, here I will share info about new critical vulnerability in Jira server. It was not originally found by me. 4 days ago at evening I found a security advisory which claimed that critical security hole existed in Jira. The very next morning I researched and had working exploit.

It wasn’t hard to find a working exploit since Atlassian shared almost all needed info in advisory. It said that “bulk email send“ and “contact Admin” functionalities were affected by server side template injection. “Bulk email send” was immediately discarded since it requires Admin priveledges to exploit. …


Hey. I want to share a cool and uncommon vulnerability I found in one of bug bounty programs.

Once I was testing an application, I suddenly decided to look into LocalStorage content. For those who are not familiar, LocalStorage is a key-value storage in browsers. It is not safe to use LocalStorage for storing a sensitive information, because it is always accessible from javascript. …

ruvlol

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store