Mastodon
Welcome, I'm Ash. I'm a..

Security Related Posts

Bountycon 2022 - Android Trinity - PWN

View Post

Disclosing BCC Recipients of an Email

View Post

Taking over the Call to Action button on Mobile Devices

View Post

Open redirects are not dead!
Or are they?

View Post

Edit Sent Messages - Teams Tenancy Bypass

View Post

Abusing corporate URL shorteners

View Post

Launching Internal & Non-Exported Deeplinks On Facebook

View Post

ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792

View Post

Ability To Backdoor Facebook For Android

View Post

Downloading any file via Facebook for Android

View Post

Breaking The Facebook For Android Application

View Post

Companies I've assisted

32 Red Casino

Multiple XSS

  • No disclosue on details

Alibaba

Android Vulnerability

  • No disclosure on details

Anghami

Android Vulnerability

  • Insecure webview

Apple

Shazam Android Vulnerability

AT&T

No disclosure on details

  • No disclosure on details

BBC

Multiple Vulnerabilites

BT

Open redirect / XSS

  • Multiple Open Redirects
  • Write up coming soon

Coinbase

Android Vulnerability

  • Disclosure pending

Coral

XSS & Insecure data

  • Multiple XSS
  • Insecure Data
  • Write up coming soon

ESET

XSS

Ford

No disclosure on details

  • No disclosure on details

Google

Android Vulnerabilities

  • No disclosure on details

HackerOne

Multiple Private Programs

  • No disclosure on details

Indeed

No disclosure on details

  • No disclosure on details

Intuit

Stored XSS

  • Stored XSS

Jet.com

No disclosure on details

  • No disclosure on details

JPMorgan Chase

Reflected XSS

Meta

XSS / Open Redirect / LFI

Microsoft

XSS

  • Reflective XSS
  • Team Foundation Server 2018
  • Write up coming soon

Oppo

XSS

  • XSS in product page

Paddy Power Betfair

No disclosure on details

  • No disclosure on details

Paypal

Android Vulnerability

  • Pending disclosure.

Pinterest

No disclosure on details

  • No disclosure on details

Skyscanner

No disclosure on details

  • No disclosure on details

uAccount

Multiple XSS

  • Reflective XSS
  • Open redirect
  • Write up coming soon

Uber

No disclosure on details

  • No disclosure on details

William Hill

Multiple Reports

  • Embedded open redirect
  • Reflective XSS

Xero

2 x Stored XSS

See something say something. Help keep the internet secure
Have I contacted you? Read some common FAQs here

Do you have a project? Large or small, I can most likely provide a solution.

Let's work together!

Get a quote

Recent Events.

Here's some of my recent events I've attended

  • all
  • HackerOne

H1-4420

H1-702

Enquire

contact me.

Questions | Feedback | Pentesting | Development Enquiries. Get in touch and I'll get back to you as soon as possible!

Employment

Software Development Manager @
Saphire Solutions Ltd

email address:

contact@ash-king.co.uk

LinkedIn:

AshkingUK

my location:

Gosport
United Kingdom