In this page I (used to) keep track of the vulnerabilities I found over time.
- Leakage of sensitive drivers' data in ride-hailing services awarded by Uber and Lyft.
- Authentication flaw on SAML SSO can be used as launching pad of XSS on RelayState sanitization. See SAML SSO Specs Errata.
- Multiple CSRF in Web application. Related CVEs: CVE-2017-8874 and CVE-2017-8930.
- Uncontrolled resource consumption in Apache HTTPD, (CVE-2014-0118), and Apache CXF (CVE-2014-0109 and CVE-2014-0110). Discovery on Apache HTTPD awarded by Hackerone.
- Multiple uncontrolled resource consumption vulnerabilities in XMPP servers via highly-compressed XMPP stanzas (xmppbombs). Awarded by the bounty program of Hackerone. Full report can be found here.
- Discovered multiple logic vulnerabilities in eCommerce web application that would have allowed an attacker to shop for free or pay less. See VU#459446, VU#207540, and VU#583564
- 14/05/2017: Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices, CVE-2017-8930
- 09/05/2017: Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic, CVE-2017-8874
- 17/07/2014: Apache HTTPD, Resource exhaustion that allows DoS, CVE-2014-0118
- 08/05/2014: Apache CXF, Resource exhaustion that allows DoS, CVE-2014-0110, CVE-2014-0109
- 10/04/2014: Prosody (Lightwitch), Resource exhaustion via xmppbomb DoS attack , CVE-2014-2744, CVE-2014-2745 ,
- 10/04/2014: Tigase, Resource exhaustion via xmppbomb DoS attack,CVE-2014-2746,
- 10/04/2014: Ignite Realtime Openfire, Resource exhaustion via xmppbomb DoS attack,CVE-2014-2741,
- 22/02/2013: CS-Cart, Logic Vulnerability that allows to shop for free,CVE-2013-0118, VU#583564
- 30/10/2012: TomatoCart, Logic Vulnerability that allows to pay less or shop for free, CVE-2012-4934, VU#207540
- 18/09/2012: osCommerce,Logic Vulnerability that allows to shop for free, CVE-2012-2991, VU#459446