Cristi VladPrivilege Escalation to Admin through an Import FeatureI usually skip the introduction when posting a writeup because I don’t need to teach you what privesc or BOLA are, you can google that…2 min read·Apr 25, 2024--1--1
Cristi VladAccount Takeover [It Looked Secure at First]In a recent pentest for a client, I was going through the password reset flow. You know…3 min read·Feb 15, 2024--2--2
Cristi VladAccount Takeover via Weak OTPI seem to keep writing ATO posts here. I don’t mind. These are cool. Some are so easily discovered that it baffles me how persistent…2 min read·Nov 2, 2023----
Cristi VladThe Domino Effect: How Multiple Bugs Lead to Account TakeoverIf you’ve spent sufficient time on a cybersecurity assignment so that the bigger picture falls into place, you know that some issues will…3 min read·Oct 13, 2023----
Cristi VladUnauthenticated Massive PII LeakThis is probably the report that I’m most proud of. On top of that, it was the lengthiest I’ve ever written.4 min read·Sep 13, 2023--3--3
Cristi VladAccount Takeover via Email ConfirmationIt’s the second account takeover I’m finding on a client pentest in the span of a few days. I’m not sure wth is going on…2 min read·Jul 25, 2023--3--3
Cristi VladAccount (of the CEO) Takeover via Password ResetIn a web app pentest for a client, I found this interesting account takeover and I thought of sharing my findings with the infosec…3 min read·Jul 10, 2023--1--1
Cristi VladBugproof your Firmware with BugProveI guess the graphic above depicts the essence of BugProve, a recently launched European IOT Security company.6 min read·Mar 30, 2023----
Cristi VladExfiltrating AWS Credentials via PDF Rendering of Unsanitized InputI know the title is a mouthful; submissions are open for better candidates. If you have one, suggest it below!4 min read·Mar 1, 2023--1--1
Cristi VladIf You’re Using GraphQL, you must have InigoI’ve spent the past couple of days looking over inigo.io, a GraphQL security and management platform for APIs. This basically works by…4 min read·Feb 13, 2023----