H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress
TL;DR While doing recon for H1-4420, I stumbled upon a Wordpress blog that had a plugin enabled called SlickQuiz. Although the latest version 1.3.7.1 was ins...
Recent posts
About a Sucuri RCE…and How Not to Handle Bug Bounty Reports
TL;DR Sucuri is a self-proclaimed “most recommended website security service among web professionals” offering protection, monitoring and malware removal se...
CVE-2018-7841: Schneider Electric U.Motion Builder Remote Code Execution 0-day
I came across an unauthenticated Remote Code Execution vulnerability (called CVE-2018-7841) on an IoT device which was apparently using a component provided...
Dell KACE K1000 Remote Code Execution - the Story of Bug K1-18652
This is the story of an unauthenticated RCE affecting one of Dropbox’s in scope vendors during last year’s H1-3120 event. It’s one of my more recon-intensiv...
H1-3120: MVH! (H1 Event Guide for Newbies)
Here’s another late post about my coolest bug bounty achievement so far! In May I’ve participated in HackerOne’s H1-3120 in the beautiful city of Amsterdam w...