Turning featues into security issues

Security Related Posts

Companies I've assisted

32 Red Casino

Multiple XSS

No disclosue on details

Alibaba

Android Vulnerability

No disclosure on details

Anghami

Android Vulnerability

Insecure webview

Apple

Shazam Android Vulnerability

CVE-2019-8791
CVE-2019-8792

AT&T

No disclosure on details

No disclosure on details

BBC

Multiple Vulnerabilites

Disclosure Pending
Acknowledgement

BT

Open redirect / XSS

Multiple Open Redirects
Write up coming soon

Coinbase

Android Vulnerability

Disclosure pending

Coral

XSS & Insecure data

Multiple XSS
Insecure Data
Write up coming soon

ESET

XSS

Acknowledgement
Pending disclosure.

Ford

No disclosure on details

No disclosure on details

Google

Android Vulnerabilities

No disclosure on details

HackerOne

Multiple Private Programs

No disclosure on details

Indeed

No disclosure on details

No disclosure on details

Intuit

Stored XSS

Stored XSS

Jet.com

No disclosure on details

No disclosure on details

JPMorgan Chase

Reflected XSS

Acknowledgement

Microsoft

XSS

Reflective XSS
Team Foundation Server 2018
Write up coming soon

Oppo

XSS

XSS in product page

Paddy Power Betfair

No disclosure on details

No disclosure on details

Paypal

Android Vulnerability

Pending disclosure.

No disclosure on details

No disclosure on details

Skyscanner

No disclosure on details

No disclosure on details

uAccount

Multiple XSS

Reflective XSS
Open redirect
Write up coming soon

Uber

No disclosure on details

No disclosure on details

William Hill

Multiple Reports

Embedded open redirect
Reflective XSS

Xero

2 x Stored XSS

No disclosure on details
Acknowledgement

See something say something. Help keep the internet secure
Have I contacted you? Read some common FAQs here

Do you have a project? Large or small, I can most likely provide a solution.

Let's work together!

Get a quote

Recent Events.

Here's some of my recent events I've attended

all
HackerOne

Security Related Posts

Bountycon 2022 - Android Trinity - PWN

Disclosing BCC Recipients of an Email

Taking over the Call to Action button on Mobile Devices

Open redirects are not dead!Or are they?

Edit Sent Messages - Teams Tenancy Bypass

Abusing corporate URL shorteners

Launching Internal & Non-Exported Deeplinks On Facebook

ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792

Ability To Backdoor Facebook For Android

Downloading any file via Facebook for Android

Breaking The Facebook For Android Application

Companies I've assisted

32 Red Casino

Alibaba

Anghami

Apple

AT&T

BBC

BT

Coinbase

Coral

ESET

Ford

Google

HackerOne

Indeed

Intuit

Jet.com

JPMorgan Chase

Meta

Microsoft

Oppo

Paddy Power Betfair

Paypal

Pinterest

Skyscanner

uAccount

Uber

William Hill

Xero

Let's work together!

Recent Events.

H1-4420

H1-702

Enquire

Event Overview

HackerOne 4420

Event Overview

HackerOne 702

Enquire

Get in touch

Have I contacted you or your business?

Great news!

contact me.

Employment

email address:

LinkedIn:

my location:

Open redirects are not dead!
Or are they?