Story of Abusing a Fully Secured redirect_uri in an OAuth FlowWhen it comes to bug hunting, authentication is my first choice. Nowadays, major companies' authentication systems have many implementations and enormous underlying complexity. So when I start testingMar 21, 2026·8 min read
Cloudflare Image Proxy as a CSPT Gadget: A Cross-Origin CSPT ExploitThe CSPT (Client-Side Path Traversal) vulnerability has recently attracted considerable attention from bug bounty hunters and security researchers because of its flexibility and the variety of real-world impacts it can enable. CSPT arises when user-c...Oct 19, 2025·4 min read
Hacking Veeam: Several CVEs and $30k BountiesHello, I’m a web guy. Usually, I’m not working on non-web applications since my mind doesn’t know binary and reverse engineering. About one year ago, I started giving myself a shot at working on some macOS applications, and I managed to uncover sever...Aug 9, 2025·8 min read
Puny-Code, 0-Click Account TakeoverHello! This blog post is a detailed version of the talk given by Amir and me at Nahamcon 2025. We usually choose a topic to focus on, spending time on it - it might turn into a 0day or just a simple checklist. Then we apply our findings to our daily ...Jun 1, 2025·7 min read
Stealing oAuth Token via Referrer Policy OverrideHello, let’s get straight to the main course. OAuth implementation has many hidden parts that have been discussed before on the internet. The most famous one is Account hijacking using “dirty dancing” in sign-in OAuth-flows, which inspired Omid and l...May 6, 2025·4 min read
CSS Data Exfiltration to Steal OAuth TokenHello, I’m Amir, and this is my first blog post here. Some time ago, @YShahinzadeh shared an endpoint with me and asked me to investigate it. It was vulnerable to HTML injection. Although it couldn't lead to XSS, I started exploring how to make the m...Feb 15, 2025·7 min read
OAuth Non-Happy Path to ATOA few months ago, I was working on a public bug bounty program, and there was an OAuth implementation for users to log in and sign up. Introduction First of all, before you start reading this blog post, you should be familiar with some concepts: Happ...Nov 22, 2024·7 min read
![uXSS on Samsung Browser [CVE-2025-58485 SVE-2025-1879]](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1769612322324%2F5d0547d4-f91a-49d7-bc16-70a87513b506.png&w=3840&q=75)
