websec

Abusing URL Shortners to discover sensitive resources or assets ·

Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions ·

Introducing Websec Weekly ·

How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others ·

Full Disclosure: Coinbase design allows for mass, targeted phishing of its users. ·

Accessing PayPal’s internal network - the critical nature of SSRF ·

I found Prezi’s source code ·

"wont fix" Persistent XSS on eBay member pages ·