Posts by Thomas Orlita on websecblog.com

Showing 13 Result(s)

Reflected XSS in Google Code Jam

by Thomas OrlitaVulnerabilitiesSeptember 8, 2018February 16, 2022

Attacker can get access to the victim’s CodeJam account and read and edit their profile information (address, phone number, etc).

Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org

by Thomas OrlitaVulnerabilitiesAugust 23, 2018February 16, 2022

If the user has authenticated using Github on webcomponents.org before, it’s possible to get the Github auth code and use it to star any public Github repo behalf of the user.

Angular XSS vulnerability on McDonalds.com

by Thomas OrlitaVulnerabilitiesMarch 29, 2018February 16, 2022

I reported this vulnerability on https://www.openbugbounty.org/reports/608322/ Previous fixed vulnerabilities on mcdonalds.com: https://www.openbugbounty.org/reports/481416/ < back to the list of web vulns