Microsoft outlook stored XSS write-up ($3000)

Staying home is really nightmare for me and I am so boring to learn new things. So, I decided to write a writeup about how I found stored XSS in Micorsoft outook and got some bounty $3000. I stopped hunting bugs since last 3 years ago after I got some bounty from Yahoo, Tumblr ..etc. … Continue reading Microsoft outlook stored XSS write-up ($3000)

PostMessage vuln, what is it?

Nowadays JavaScript becomes very popular and application can write with only JavaScript. I want to share about exploiting websocket vulnerability and how to find them that I learned last 4 years ago during preparing to pass eWPT. In order to understand about exploiting websocket vulnerability we need to know how browsers interact with pages and … Continue reading PostMessage vuln, what is it?