webapp security

infosec

Stored XSS via Swish Transaction

Last week I went to the cinema with some friends. My friend paid for the ticket so I decided to use

Read
Uncategorized

Enumerating Cinema Tickets

This is a hack I disclosed around a year ago to the company in question. It involves the company SF, which has a

Read
infosec

One.com CSRF and XSS

About a year ago I found a few vulnerabilities on the one.com website. For those of you that don't know, _one.com_ is

Read
infosec

FitBit CSRF and XSS

A few months ago I bought a fitbit, which is a wristband tracking device.

Read