HomePosts tagged 'bounty programs'

Flickr API Explorer – Force users to execute any API request.

Author:

February 3, 2015February 25, 2024 bbuerhaus Security bounty programs, cross-site request forgery, csrf, flickr, hackerone, research, security

Flickr has a developer application section called The App Garden. Developers are able to create apps that make API calls to Flickr as an authenticated user via OAuth. I discovered a Cross-Site Request Forgery (CSRF) attack vector that allowed you to attack any user on Flickr.

Continue reading →

Yahoo – Root Access SQL Injection – tw.yahoo.com

Author:

Brett Buerhaus

January 15, 2015February 25, 2024 bbuerhaus Security bounty programs, hackerone, research, security, sql injection, yahoo

I'll keep this one simple and sweet because anyone reading this blog probably knows what SQL Injection is. I discovered a root access SQL injection on tw.yahoo.com.

Continue reading →