Paulos Yibelo - Hacking Research

follow: @[email protected]

Posts

DoubleClickjacking: A New Era of UI Redressing

Cross Window Forgery: A New Class of Web Attack

This man thought opening a TXT file is fine, he thought wrong. macOS CVE-2019-8761

Pre-auth RCE via XXE & SSRF on NetGear Stora, SeaGate Home, and Medion LifeCloud NAS

THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS

SaferVPN CVE-2018-10308, from DoS to deanonymization

Hotspot Shield CVE-2018-6460, Sensitive Information Disclosure with XSSI

Exploiting odd behaviors in MS Edge & IE to bypass Facebook’s Linkshim

Why CSP Should be carefully crafted: Twitter XSS & CSP Bypass

Instagram Stored OAuth XSS

eFront LMS - RCE (All versions)

Facebook's Moves - OAuth redirect_uri bypass

Exploit-DB Local File Inclusion (Possible RCE/RFI)

Exploiting PHP Upload forms with CVE-2015-2348

Facebook: Another Linkshim Bypass

Facebook’s Oculus – Cross-Site Content Hijacking (XSCH) to Bypass SOP

Morfy CMS Multiple Vulnerabilities

XSS Bug on Facebook Studio

(Monstra <= 3.0.1 & Anchor <= 0.9) CVE-2014-9006, CVE-2014-9182

ZTE ZXDSL 831C|| Multiple Vulnerabilities

ZTE ZXDSL 831 Router Exploits: Hacking and Rooting my internet neighbor

DVWA: Unintended Security Issues

Facebook Bug Bounty 2014, Reflected XSS and Filter Evasion worth 7500$

Facebook Bug Bounty 2014: Linkshim Evasion and URL Redirection