Monday, February 29, 2016

Reflected XSS in

I have found a reflected XSS in The bug was easy to exploit since you will only enter the XSS payload into the searchbar. I have reported it to via HackerOne and was resolved within a few days. I was also listed in their Hall of Fame as thanks.



Saturday, February 27, 2016

My list of Recognitions (Hall of Fame)

As of February 2016, I have found many vulnerabilities and got listed in big companies' Hall of Fame thanks list. Below are the companies that I have reported vulnerabilities and got recognized:

*US - CERT Department of Homeland Security
*Khan Academy
*Urban Dictionary

Wednesday, February 24, 2016

Subdomain Takeover in Snapchat

I have found a subdomain takeover in Snapchat's acquisition, is currently integrated into Snapchat application. The vulnerable subdomain was pointing to Zendesk. I have reported it to Snapchat and was fixed quickly and rewarded me with a bounty and made me the Top 5 hacker in their thanks list. Here is the link of my report: