Skip to content (Press Enter)

Web Security Blog

Thomas Orlita’s blog

  • About Me
    • Projects
    • My web vulnerabilities
  • Bookmarklets
  • Cheatsheet
  • About Me
    • Projects
    • My web vulnerabilities
  • Bookmarklets
  • Cheatsheet
Google Code Jam

Reflected XSS in Google Code Jam

by ThomasVulnerabilitiesSeptember 8, 2018July 29, 2021

Attacker can get access to the victim’s CodeJam account and read and edit their profile information (address, phone number, etc).

Read More
webcomponents.org XSS

Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org

by ThomasVulnerabilitiesAugust 23, 2018July 29, 2021

If the user has authenticated using Github on webcomponents.org before, it’s possible to get the Github auth code and use it to star any public Github repo behalf of the user.

Read More
Angular XSS vulnerability on McDonalds.com

Angular XSS vulnerability on McDonalds.com

by ThomasVulnerabilitiesMarch 29, 2018January 6, 2021

I reported this vulnerability on https://www.openbugbounty.org/reports/608322/ Previous fixed vulnerabilities on mcdonalds.com: https://www.openbugbounty.org/reports/481416/ < back to the list of web vulns

Read More

Posts navigation

Previous Page 1 Page 2
Thomas OrlitaDigital Download | Developed by Rara Theme. Powered by WordPress.