# Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

## EN | Race Condition to Users Limit Bypass in Add User Function

In September of last year, I found a Race Condition vulnerability at an Online Services company located in the Netherlands. They had a private Zerocopter program and that’s why I was doing bug hunting based on web applications, on their systems. And I reported the…

## EN | Account Takeover via Web Cache Poisoning based Reflected XSS

Firstly, its nice to publish my last write-up this year. In June of this year, I found a Reflected XSS vulnerability in a video-game company. Then, I realized that this server is caching the weak parameters value. In this way, I incresead the…

## EN | Clickjacking to Account Takeover via Drag&Drop

In August of this year, I found a Clickjacking vulnerability in a dutch company. Later I realized that this vulnerability could be upgraded to Account Takeover. Then, I coded a PoC template with CSS and reported the vulnerability. And they fixed…

## EN | Alert-box Message Content Manipulation based Base64

In July of this year, I found a Content Spoofing vulnerability in a Bitcoin Exchange company. The system was very simple, an encrypted text in a GET parameter was decrypted and reflected on the homepage in an alertbox. I know it’s…

## EN | Account Takeover and Sensitive Data Leakage via CORS Misconfiguration

In June of this year, I found a CORS Misconfiguration vulnerability in a datacenter company. The system was very simple, a PUT command sent to the API Server both changed the account email and showed all the data of the account in JSON format as Response. Then, I reported…

## EN | Stored XSS with Password Recovery Page

In April of this year, I found a Stored Xss vulnerability at University of Utwente. However, I later realized that there was a vendor of the vulnerable system, and I contacted them. Then they fixed this vuln. and rewarded me with a \$ bounty. Also this was my first bounty…

## IceWarp <11.4.4.1 Cross-Site Scripting - CVE-2020-8512

In IceWarp Webmail Server through versions 11.4.4.1 and below, there is XSS in the /webmail/ color parameter.

IceWarp is mail and collaboration server software aimed at small to mid-range businesses and as an alternative to services such as Microsoft Exchange. The XSS vulnerability in question was resolved in 11.4.4.1 of IceWarp.

Earlier versions of the technology are vulnerable to a flaw that means an attacker can use an XSS loophole the /WebMail/ color parameter to send a malicious script to unsuspecting admins or users.