by Julien Ahrens | Wednesday, March 1, 2017 | Advisory, Bug Bounty
In late January, I have found and reported a Server-Side Request Forgery (SSRF) vulnerability on toolbox.googleapps.com to Google’s VRP, which could be used to discover and query internal Google DNS servers to extract all kinds of corporate...
by Julien Ahrens | Tuesday, February 23, 2016 | Bug Bounty
Better late than never. This article will give you some insights about my discovered generic Cross-Site Request Forgery Protection Bypass in Ubiquiti’s UniFi v3.2.10 and below, as published some time earlier this year on HackerOne. This...
by Julien Ahrens | Thursday, November 20, 2014 | Bug Bounty
It’s been a while since I’ve published my last article, this is mainly because I’m currently working on a nice project overseas in Asia and enjoying this relaxed life here a little bit. Therefore I also keep this blog post a little short, because...
by Julien Ahrens | Thursday, September 26, 2013 | Bug Bounty
Bag the bug! I’ve reported another interesting vulnerability to the PayPal site security team in May 2013 affecting their domain www.paypaltech.com, which is in scope of the official Bug Bounty program. But this time, it’s not one of the common web...
by Julien Ahrens | Saturday, April 13, 2013 | Bug Bounty
Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program. This time the domain www.paypaltech.com was affected, which provides scripts and samples used for...
by Julien Ahrens | Wednesday, October 10, 2012 | Bug Bounty
Great news! A few months ago I submitted a Cross-Site Scripting Vulnerability to the official Bug Bounty program of PayPal: It was accepted, fixed, and fully paid out, and I was very excited about the nice bounty :-). Additionally this has been my first participation...
