o___o – Hacktive Security Blog

Application Security

Responsible disclosure – Reflected XSS on hireon.amazon.com

April 13, 2018June 20, 2021

On March 13th, by using dnsrecon (https://github.com/darkoperator/dnsrecon) and a huge wordlist, I came across with an Amazon domain (hireon.amazon.com) with a Reflected XSS. Usually I...

Mobile

Happy Hacking Easter (story of privacy violation into an eggshell)

o___o

July 22, 2015June 20, 2021

In accordance with ethics of responsible disclosure, the vendor was informed but emails were left unreplied/ignored Timeline First email on 08 March 2016Second email on...

Application Security

Symantec Security Information Manager, multiple vulnerabilities (XSS, SQLi, Information Disclosure)

o___o

July 1, 2013June 20, 2021

Hi there, we missed here for quite a while but one more time we are back with something (hopefully) interesting. In the past months we...

Mobile

Abusing Ruzzle protocol, privacy violation and more…

o___o

March 21, 2013June 20, 2021

In the beginning of January 2013 we started a security research project focused on some of the most spreaded mobile applications and considering how popular Ruzzle became...

Responsible disclosure – Reflected XSS on hireon.amazon.com

Happy Hacking Easter (story of privacy violation into an eggshell)

Symantec Security Information Manager, multiple vulnerabilities (XSS, SQLi, Information Disclosure)

Abusing Ruzzle protocol, privacy violation and more…

Top Category

Application Security

Mobile

Reverse Engineering

Recent Post

Top Category