Exposed S3 Credentials of QuadX

I found a exposed sensitive credential in the website and was able to access the Amazon S3 Bucket of Paylink, One of the digital platforms of QuadX. This allowed me to retrieve, upload and remove all files in the S3 Bucket.
Read more →

Rootcon CTF 2019 | Kahl Dereta Write Up

The First Time CTF Experience with Jonelle H. Castañeda and Aeruc Maquilang was Really Good! Hats off to Pwn De Manila for Organizing this awesome Capture the Flag at Rootcon 13.
Read more →

Insufficient Rate Limitting on Facebook Fundraisers

Facebook Fundraisers Lacks Rate Limiting Protection. Malicious actors can bruteforce this by sending different random credit or debit card numbers.
Read more →

CVE-2019-5450

Some basic HTML tags were rendered as Markup in directory names.
Read more →

CVE-2018-19937

A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
Read more →