# Blog posts

## EN | Alert-box Message Content Manipulation based Base64

In July of this year, I found a Content Spoofing vulnerability in a Bitcoin Exchange company. The system was very simple, a encrypted text in a GET parameter was decrypted and reflected on the homepage in an alertbox. I know it’s…

## EN | Account Takeover and Sensitive Data Leakage via CORS Misconfiguration

In June of this year, I found a CORS Misconfiguration vulnerability in a datacenter company. The system was very simple, a PUT command sent to the API Server both changed the account email and showed all the data of the account in JSON format as Response. Then, I reported…

## EN | Stored XSS with Password Recovery Page

In April of this year, I found a Stored Xss vulnerability at University of Utwente. However, I later realized that there was a vendor of the vulnerable system, and I contacted them. Then they fixed this vuln. and rewarded me with a \$ bounty. Also this was my first bounty…