Blogs

This is my first public disclosure on HackerOne. It is a partial disclosure, but the summary is clear: there was a stored XSS in the image preview feature via crafted attachment filename. #275274 - touch.mail.ru/messages - Stored XSS 07/10/2017 - I send the report 11/10/2017 - The vulnerability is fixed and the bug bounty reward is 750$ 27/12/2017 - Public disclosure

In my own spare time I like to participate in the bug bounty programs. They are a hard challenge, but it is satisfying to find vulnerabilities in big companies. I usually look for XSS vulnerabilities, for this reason I have written a little python script to automate the search of XSS. XSSSonar is an open source tool to look for XSS vulnerabilities on a web page, it is written in Python 2....