Recently, I was performing a research on Same Origin Policy attacks, I managed to realize that the la version of Firefox (currently 67) is vulnerable to local files theft attack (on any supported OS), due to improper implementation of Same Origin Policy for file scheme URIs. Let’s go over the PoC details then I will provide an explanation of why its not patched yet.

StackStorm (aka “IFTTT for Ops”) is event-driven automation for auto-remediation, security responses, troubleshooting, deployments, and more. In this blogpost I will describe how can you cause RCE on targeted servers which only requires an authenticated user browse to malicious webpage.

Google fixed this a year after I reported this bug and yet refused to accept this as a vulnerability, got no luck with bug-bounties haha

According to wordpress.com, the WordPress platform powers 29% of the worldwide internet websites.

While we are on Facebook, we are often share links to external sources, like Youtube, Google Drive, Instagram, or any other websites.

Github - https://github.com/Quitten/Autorize

In this blog post I will discuss a XSS vulnerability I’ve found in AliExpress website.

In this blog post I will discuss a vulnerability I’ve found in the SoapUI product before version 4.6.4 (CVE-2014-1202).

Github - https://github.com/Quitten/PT-Manager

In this short blogpost I will give a short explain of XSS vulnerability i found on geminabox v0.13.5. which is a gems manager like rubygems.org so you can upload and download gems

In this blog post I will give a short example of exploiting CSRF vulnerability on Geminabox.
So Geminabox is an application allows you manage your internal gems was vulnerable to CSRF on upload file.