This blog is mostly about security writeups and research articles.
Recent posts
Jun 26, 2023
A Classical Account Takeover Case via Multiple Bypasses —
Introduction Recently I found a password reset/recovery flaw in a program at Synack. The vulnerability is the classical password reset link manipulation via Host Header Injection but rather than the vulnerability itself, the way how I managed to exploit it might be interesting.…
Apr 3, 2021
RCE on Starbucks Singapore and more for $5600 —
Recon After I found a critical vulnerability in Starbucks Singapore web application, I wanted to dig a little deeper and began to examine the com.…