Skip to main content

Posts

2023

Full Passcode bypass on Nextcloud App iOS
·1 min
Nextcloud bugbounty CVE-2023-28647
It’s possible to fully access the user’s nextcloud files on Nextcloud App iOS by using the Files app on iPhone.
Ability to read any emails through IDOR on Nextcloud Mail
·1 min
Nextcloud bugbounty CVE-2023-25160
An attacker can access the mail box by ID getting the subjects and the first characters of the emails.
Messages can still be seen on conversation after expiring when cron is misconfigured
·1 min
Nextcloud bugbounty CVE-2023-26041
Nextcloud talk has a feature called Message Expiration, Chat messages can be expired after a certain time. In order for messages to be removed from the database, the cron jobs need to be executed. However what would be the failover if in some cases the cron did not execute?
Ability to control the filename when uploading a logo or favicon on theming
·1 min
Nextcloud bugbounty CVE-2023-28833
When uploading a logo or favicon the filename can be controlled by attacker since the key can be modified which serves as the filename.
Passcode bypass on Talk Android app
·1 min
Nextcloud bugbounty CVE-2023-22473
It is possible to bypass the passcode protection in nextcloud android talk by clicking the notification of a message.

2022

File and Chat disclosure by calling the device while its in locked state
·1 min
Nextcloud bugbounty CVE-2021-41181
Talk app allows access to sensitive chat messages on lockscreen during a call
Nextcloud Talk ObjectId in share location can be set to open arbitrary URL or Deeplinks
·1 min
Nextcloud bugbounty CVE-2021-41180
It is possible to control the geolocation preview in the Nextcloud Talk app to point to a domain or deeplink which results to open-redirect.

2021

Sophos Secure Workspace App Password Bypass using Race Condition
·2 mins
Sophos bugbounty race condition Sophos Secure Workspace CVE-2021-36808
A race condition in Sophos Secure Workspace (Android) version 9.7.3081 that bypassed the App Password.

2020

Breaking the Doors: Paypal 2-Factor Bypass
·1 min
Paypal bugbounty Two Factor Authentication Bypass Paypal 2FA Bypass
Two-Factor Authentication bypass on Paypal
404 Not Found: Vulnerability Disclosure in the Philippines
·3 mins
Opinion Vulnerability Disclosure Philippines
We could have avoided the biggest data breaches in the country if there is a platform or channel where Security Researchers can report Vulnerabilities, frankly we don’t have one.
CVE-2020-12832
·1 min
Wordpress CVE-2020-12832 Path Traversal
WordPress Plugin Simple File List is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.
Non-Verified User can Submit Report,View Disclosed Reports | Secuna bug bounty
·2 mins
Secuna bugbounty
I was able to find a bug that lets me submit report,edit profile and view disclosed reports in secuna while using a rejected or non-verified account.

2019

Exposed S3 Credentials of QuadX
·2 mins
quadx vdp hardcoded credentials
I found a exposed sensitive credential in the website and was able to access the Amazon S3 Bucket of Paylink, One of the digital platforms of QuadX. This allowed me to retrieve, upload and remove all files in the S3 Bucket.
Rootcon CTF 2019 | Kahl Dereta Write Up
·1 min
rootcon Capture The Flag
The First Time CTF Experience with Jonelle H. Castañeda and Aeruc Maquilang was Really Good! Hats off to Pwn De Manila for Organizing this awesome Capture the Flag at Rootcon 13.
Insufficient Rate Limitting on Facebook Fundraisers
·1 min
facebook bugbounty Insufficient Rate Limit
Facebook Fundraisers Lacks Rate Limiting Protection. Malicious actors can bruteforce this by sending different random credit or debit card numbers.
CVE-2019-5450
·1 min
Nextcloud android bbp
Some basic HTML tags were rendered as Markup in directory names.
CVE-2018-19937
·1 min
vlc ios vdp
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.