corben.io

corben.io


infosec write-ups and ramblings

Tags


Corben Leo

infosec write-ups and ramblings


SQL Injection in rog.asus.com

🔎 Introduction & BackgroundTo get started, I'll give a bit of backstory behind this. I found this bug back in January of 2017 and was one of the first reports I made to a company. I was bored back in January so I decided to hunt for bugs in *.asus.com. After about an hour I came across rog.as…

Corben Leo Corben Leo

Tricky CORS Bypass in Yahoo! View

Recently, HackerOne hosted their second Hack The World competition. During this time I decided to take a look at Yahoo's bug bounty program because I have heard good things about them and also due to the fact that their scope is pretty big. After finding a few issues in my.yahoo.com and getting paid…

Corben Leo Corben Leo

Stored XSS in BandCamp

Recently, while my friend Alyssa Herrera and I were collaborating on finding ffmpeg vulnerabilities in bug bounty programs, we came to learn that Bandcamp ran a bug bounty program. If you have never heard of BandCamp, it is essentially a platform that allows artists, fans, and labels to interact, co…

Corben Leo Corben Leo