Home2016April

ESEA Server-Side Request Forgery and Querying AWS Meta Data

Author:

April 18, 2016February 25, 2024 bbuerhaus Security

For anyone familiar with the Counter-Strike competitive scene, you know about ESEA. They just recently launched a bounty program that puts their website, game client, and game servers in scope for security research.

I spent a night taking a look over the website and found a few vulnerabilities. The most interesting discovery was a Server-Side Request Forgery vulnerability. Using a cool trick that Ben Sadeghipour (@NahamSec) showed me, I was able to pull private information from ESEA's AWS metadata.

Continue reading →

Yahoo Login Protection Seal – Stored CSS Injection

Author:

Brett Buerhaus

April 18, 2016February 25, 2024 bbuerhaus Security bug bounty, css, xss, yahoo

In 2014 I discovered a vulnerability on Yahoo's Login Protection seal that allowed for CSS injection. This information was saved to the browser and IP, persisting across login sessions on that computer. The protection seal feature has since been removed from the login page, but the feature still exists in your account preferences.

Continue reading →

Brett Buerhaus

Security research, vulnerability disclosures, and puzzle write-ups.

Month: April 2016

ESEA Server-Side Request Forgery and Querying AWS Meta Data

Yahoo Login Protection Seal – Stored CSS Injection