BugBounty types — HTML injection via emailHTML injection é um ataque muito parecido com o Cross-site Scripting (XSS), enquanto no XSS o invasor pode injetar e executar códigos em…Feb 17, 2020Feb 17, 2020
Hack ’N’ Routers — Vulnerabilidades comuns em roteadores domésticosHello world, aqui falo um pouco sobre algumas vulns e exploits para roteadores domésticosDec 12, 2019Dec 12, 2019
Broken Access: Posting to Google private groups through any user in the groupIn this post I’m showing how I could post in the private groups of google using any account of any user of this group, without passwd or…Apr 27, 2019Apr 27, 2019
SSTI: Bypass in a hard place, Fort Knox — ASIS Quals 2019Falando sobre alguns tipos de Bypass SSTI, para desafios de CTF.Apr 25, 20191Apr 25, 20191
SSRF Trick: SSRF/XSPA in Microsoft’s Bing Webmaster CentralToday I’m going to talk about a trick that might be useful for BugHunters.Apr 9, 2019Apr 9, 2019
$1.000 SSRF in SlackHow I got a $1,000 SSRF on Slack using the same bypass.Feb 17, 20191Feb 17, 20191
Router exploit: Getting Wireless Password and Administrator Session Without Being Connected on the…[CVE-2017–14219] XSS IN INTELBRAS ROUTER WRN 240.Feb 14, 20181Feb 14, 20181
Uploader bypass: Obtendo XSS em ‘imagem . jpg’Como eu consegui burlar um sistema de upload e obter um XSS em uma imagem.Feb 8, 20182Feb 8, 20182