Kamil Onur Özkaleli as ko2sec

This blog is mostly about security writeups and research articles.

Recent posts

Jun 26, 2023
A Classical Account Takeover Case via Multiple Bypasses Introduction Recently I found a password reset/recovery flaw in a program at Synack. The vulnerability is the classical password reset link manipulation via Host Header Injection but rather than the vulnerability itself, the way how I managed to exploit it might be interesting.…
Apr 3, 2021
RCE on Starbucks Singapore and more for $5600 Recon After I found a critical vulnerability in Starbucks Singapore web application, I wanted to dig a little deeper and began to examine the com.…
Oct 7, 2020
6k$ Worth Account Takeover via IDOR in Starbucks Singapore Recon While browsing Starbucks Singapore, I noticed a page loaded with content from a 3rd party site. Let’s call this site example.…