Stored XSS in My Flow To RCE in Opera Browser #2RCE vulnerability inside Opera browser by using an XSS bug on MyFlow feature1d ago4821d ago482
Reflected XSS In Main Search, WAF+Sanitizer Bypass Using 2 ReflectionsHey, I just found a reflected XSS in main site search, I used many techniques and bypasses to get the full XSS, you will like it and might…Feb 12811Feb 12811
Client Side Path Traversal (CSPT) Bug Bounty Reports and TechniquesOver the past year, CSPT bugs have gained significant attention, with numerous blogs and disclosed reports highlighting their impact…Jan 242012Jan 242012
Arc Browser UXSS, Local File Read, Arbitrary File Creation and Path Traversal to RCEStory of how a malicious legacy boost in Arc browser can be exploited to get UXSS, LFI and RCE in targeted machine by clicking installNov 13, 2024187Nov 13, 2024187
You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing VulnerabilitiesAddress bar is one the main components of a browser security and in this blog I show many bugs affecting Opera browsers to spoof address…Oct 24, 202399Oct 24, 202399
Opera Browser VPN BypassWhile looking at Opera functionalities I stumbled upon the built-in VPN inside the browser and I was able to find a technique that allow an…Sep 22, 202267Sep 22, 202267
The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…Story of 3 bug bounty writeups which I use low bugs and chain them together for higher impact.May 10, 20223571May 10, 20223571
Facebook Messenger Desktop App Arbitrary File ReadI’m a daily user of Facebook Messenger on Mobile and Web, someday i got a banner in my Web version saying that Messenger is available on…Feb 3, 2021120Feb 3, 2021120
Copy Drag — Paste DropSmall write-up about drag and drop & cop and paste XSS’s using new browser techniquesJul 4, 202018Jul 4, 202018
Bypass SameSite Cookies Default to Lax and get CSRFSameSite=Lax Cookies by Default is a new browser feature we will look at how to bypass it and what is the security concerns with it..Jan 8, 2020377Jan 8, 2020377
Facebook Messenger Disclosing deleted messages that has been deleted by [Remove For Everyone]Story of a funny bug i found in Facebook Messenger because of a typo between (w) and (e) 😂Aug 15, 20191Aug 15, 20191
Security Fest 2019 CTF, entropian [web] write-upThis is my first CTF challenge write-up so i’m not good at itMay 24, 20191May 24, 20191
New technique to find Blind-XSSBlind-XSS is a powerful attack, now i will talk about a technique i have used in Bug Bounty programs to find it..Nov 16, 2018Nov 16, 2018
Self-XSS + CSRF to Stored XSSHola, this is Renwa from Kurdistan i’m glad to write my first write-up about infosec and Bugbounties.May 20, 2018May 20, 2018
![Facebook Messenger Disclosing deleted messages that has been deleted by [Remove For Everyone]](https://miro.medium.com/v2/resize:fill:80:53/0*dDv-9Pf1h7MdMAU4.png)
![Facebook Messenger Disclosing deleted messages that has been deleted by [Remove For Everyone]](https://miro.medium.com/v2/resize:fill:160:107/0*dDv-9Pf1h7MdMAU4.png)
![Security Fest 2019 CTF, entropian [web] write-up](https://miro.medium.com/v2/resize:fill:80:53/1*ZGnhks6PjmCZNb4GZk391A.png)
![Security Fest 2019 CTF, entropian [web] write-up](https://miro.medium.com/v2/resize:fill:160:107/1*ZGnhks6PjmCZNb4GZk391A.png)
