infosec write-ups and ramblings
Recently, HackerOne hosted their second Hack The World competition. During this time I decided to take a look at Yahoo's bug bounty program because I have heard good things about them and also due to the fact that their scope is pretty big. After finding a few issues in my.yahoo.com and getting paid…
Corben Leo
H1 212 CTF Solution H1-212 CTF Solution.pdf 778 KB .a{fill:none;stroke:curr…
Corben Leo
PHP Code Injection in X Cart PHP Code Injection in X-Cart.pdf 482 KB .a{fil…
Corben Leo
Recently, while my friend Alyssa Herrera and I were collaborating on finding ffmpeg vulnerabilities in bug bounty programs, we came to learn that Bandcamp ran a bug bounty program. If you have never heard of BandCamp, it is essentially a platform that allows artists, fans, and labels to interact, co…
Corben Leo
Multiple XSS and CSRF in Pulse Connect Secure v83R1 Multiple XSS and CSRF in Pulse Connect Secure v8.3R1.pdf 543 KB…
Corben Leo