Found a cool bug at Meta.
From misconfigured Grafana instance to R/W access on 507 private Meta repositories.
Wrote up the full chain here:
https://t.co/LYQ0prc68d
$157k bounty awarded by @metabugbounty
Hacking Windsurf: I asked the AI for the shell, it said yes.
new video’s out. I show how I could’ve hacked you… just by getting you to click my link.
Link posted below.
the research paper is out:
Next.js and the corrupt middleware: the authorizing artifact
result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical)
https://t.co/GZkbnr6o9H
enjoy the read!
New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate.
Full disclosure:
https://t.co/e2EwvUMgqw
In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found.
Here is our writeup:
https://t.co/g9orwwgoxt
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! https://t.co/7ygwWXY0pd
Highlights include:
⚡ Escaping from DocumentRoot to System Root
⚡ Bypassing built-in ACL/Auth with just a '?'
⚡ Turning XSS into RCE with legacy code from 1996
In May 2024, our security research team disclosed three critical issues in ServiceNow, which allowed for unauthenticated arbitrary code execution and data access for ServiceNow Vancouver or Washington instances. You can read our blog post here: https://t.co/3rIGexjbaV
I love crossover bugs that go between web/mobile/native because there's so much strange interactions that occur and a lot can go wrong - this research was another result of this!
https://t.co/m4XULDBXQ7
Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k!
https://t.co/az4wNhDYyO
Citrixbleed: On Oct 10th, Citrix announced a security advisory for CVE-2023-4966, a sensitive information disclosure bug marked as CVSS 9.4 affecting Netscaler Gateway. The security research team at @assetnote was able to reproduce the vulnerability. Blog post here: https://t.co/CuWGl75MEG or you can find the exploit here: https://t.co/US4s7OkDfT
Here is the blog post for
CVE-2023-22515: Broken Access Control Vulnerability in Confluence Data Center and Server
I've left two challenges in it, try to solve them. If you solve second one, that would be a 0-day 😅
https://t.co/HZDFKRykR8
ATO of FB/OC accounts after stealing access_tokens ($44,250)
https://t.co/79z5LwgN2n
DOM-XSS in Instant Games due to improper verifications ($62,500?)
https://t.co/Hf63ib7g4x
ATO in Canvas Games due to weak cross window message Origin validations ($62,500)
https://t.co/BUziBmRbjj
As promised: Here's the first $10,000 @Intel bug (aka CVE-2022-33942) that allows to bypass the authentication of Intel's DCM by spoofing Kerberos and LDAP responses.
Exploit inside, enjoy 🥳
https://t.co/PmK0Xq2T4o
#BugBounty#security