Elber Andre – Medium

Elber Andre

BugBounty types — HTML injection via email

HTML injection é um ataque muito parecido com o Cross-site Scripting (XSS), enquanto no XSS o invasor pode injetar e executar códigos em…

Feb 17, 2020

BugBounty types — HTML injection via email

Feb 17, 2020

Hack ’N’ Routers — Vulnerabilidades comuns em roteadores domésticos

Hello world, aqui falo um pouco sobre algumas vulns e exploits para roteadores domésticos

Dec 12, 2019

Hack ’N’ Routers — Vulnerabilidades comuns em roteadores domésticos

Dec 12, 2019

Broken Access: Posting to Google private groups through any user in the group

In this post I’m showing how I could post in the private groups of google using any account of any user of this group, without passwd or…

Apr 27, 2019

Broken Access: Posting to Google private groups through any user in the group

Apr 27, 2019

SSTI: Bypass in a hard place, Fort Knox — ASIS Quals 2019

Falando sobre alguns tipos de Bypass SSTI, para desafios de CTF.

Apr 25, 2019

SSTI: Bypass in a hard place, Fort Knox — ASIS Quals 2019

Apr 25, 2019

SSRF Trick: SSRF/XSPA in Microsoft’s Bing Webmaster Central

Today I’m going to talk about a trick that might be useful for BugHunters.

Apr 9, 2019

SSRF Trick: SSRF/XSPA in Microsoft’s Bing Webmaster Central

Apr 9, 2019

$1.000 SSRF in Slack

How I got a $1,000 SSRF on Slack using the same bypass.

Feb 17, 2019

$1.000 SSRF in Slack

Feb 17, 2019

Router exploit: Getting Wireless Password and Administrator Session Without Being Connected on the…

[CVE-2017–14219] XSS IN INTELBRAS ROUTER WRN 240.

Feb 14, 2018

Router exploit: Getting Wireless Password and Administrator Session Without Being Connected on the…

Feb 14, 2018

Uploader bypass: Obtendo XSS em ‘imagem . jpg’

Como eu consegui burlar um sistema de upload e obter um XSS em uma imagem.

Feb 8, 2018

Uploader bypass: Obtendo XSS em ‘imagem . jpg’

Feb 8, 2018

Elber Andre

Elber Andre

Pentester , CTF player, Bug Hunter & Security Researcher \nTwitter: https://twitter.com/elber333

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams