-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
88 lines (88 loc) · 17.8 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" media="print" onload="this.onload=null;this.media='all';" id="ao_optimized_gfonts" href="https://fonts.googleapis.com/css?family=Oswald%3A400%2C300%2C700%7CAlegreya+Sans%3A400%2C400italic%2C700%2C700italic%7CDosis%3Ainherit%2C400&subset=latin%2Clatin-ext&display=swap">
<link rel="profile" href="http://gmpg.org/xfn/11">
<link rel="pingback" href="/xmlrpc.php">
<meta name="theme-color" content="#1a1a1a">
<link media="all" href="/wp-content/cache/autoptimize/css/autoptimize_cbb6cb8f576766fd930a603741e773e9.css" rel="stylesheet">
<title>@omespino – just another security blog.</title>
<meta name="robots" content="max-image-preview:large">
<link rel="alternate" href="/es/" hreflang="es">
<link rel="alternate" href="/" hreflang="en">
<link rel="dns-prefetch" href="//www.googletagmanager.com">
<link href="https://fonts.gstatic.com/" crossorigin="anonymous" rel="preconnect">
<link rel="alternate" type="application/rss+xml" title="@omespino » Feed" href="/feed/">
<link rel="alternate" type="application/rss+xml" title="@omespino » Comments Feed" href="/comments/feed/">
<link rel="stylesheet" id="mm-compiled-options-mobmenu-css" href="/wp-content/cache/autoptimize/css/autoptimize_single_20b3cf9d88dd6d90b4e4a9a904cb8741.css" type="text/css" media="all"> <script type="text/javascript" src="https://www.googletagmanager.com/gtag/js?id=UA-47561535-2" id="google_gtagjs-js" async></script> <script type="text/javascript" src="/wp-includes/js/jquery/jquery.min.js" id="jquery-core-js"></script> <link rel="https://api.w.org/" href="/wp-json/">
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="/xmlrpc.php?rsd">
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="/wp-includes/wlwmanifest.xml">
<meta name="generator" content="WordPress 5.9.3">
<meta name="generator" content="Site Kit by Google 1.72.0"> <noscript><img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1119974224835012&ev=PageView&noscript=1"></noscript>
<link rel="icon" href="/wp-content/uploads/2020/12/cropped-dddd-32x32.png" sizes="32x32">
<link rel="icon" href="/wp-content/uploads/2020/12/cropped-dddd-192x192.png" sizes="192x192">
<link rel="apple-touch-icon" href="/wp-content/uploads/2020/12/cropped-dddd-180x180.png">
<meta name="msapplication-TileImage" content="/wp-content/uploads/2020/12/cropped-dddd-270x270.png"> <script src="/wp-content/cache/autoptimize/js/autoptimize_b830235660555f789aa739bd97c43818.js"></script>
</head>
<body class="home blog custom-background mob-menu-slideout-over">
<div id="page" class="hfeed site"> <a class="skip-link screen-reader-text" href="#content">Skip to content</a><header id="masthead" class="site-header" role="banner"><div class="navigation-wrapper"><nav id="site-navigation" class="main-navigation" role="navigation"> <button class="menu-toggle" aria-controls="primary-menu" aria-expanded="false">Menu</button><div class="menu-menu-espanol-container"><ul id="menu-menu-espanol" class="menu"><li id="menu-item-1304" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-1304"><a href="/es">BLOG EN ESPAÑOL</a></li></ul></div></nav></div>
<div class="site-branding">
<h1 class="site-title"><a href="/" rel="home">@omespino</a></h1>
<h2 class="site-description">just another security blog.</h2>
</div></header><div id="content" class="site-content"><div id="primary" class="content-area"><main id="main" class="site-main" role="main"><article id="post-2116" class="clear post-2116 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/write-up-finapi-open-banking-api-oauth-credentials-exposed-in-plain-text-in-android-app/" rel="bookmark"><time class="entry-date published" datetime="2022-04-01T20:15:45-07:00">April 1, 2022</time><time class="updated" datetime="2022-04-01T20:19:31-07:00">April 1, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/write-up-finapi-open-banking-api-oauth-credentials-exposed-in-plain-text-in-android-app/" rel="bookmark">WRITE UP – finAPI (Open Banking API) oauth credentials exposed in plain text in Android app </a></h1></header><div class="entry-summary"><p>Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about a REDACTED bug bounty program and why you can always check the basic payloads because you will be surprised that sometimes will work. (Never save creds in plain text inside of android […]</p></div>
</div></article><article id="post-2062" class="clear post-2062 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/write-up-private-bug-bounty-bypass-redacted-android-application-screen-lock-via-local-brute-forcing/" rel="bookmark"><time class="entry-date published" datetime="2022-02-22T13:38:54-07:00">February 22, 2022</time><time class="updated" datetime="2022-02-24T16:55:30-07:00">February 24, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/write-up-private-bug-bounty-bypass-redacted-android-application-screen-lock-via-local-brute-forcing/" rel="bookmark">WRITE UP – Android Application Screen Lock bypass via adb brute forcing</a></h1></header><div class="entry-summary"><p>Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about how to simulate android keystrokes virtually in order to perform a brute-forcing attack with adb tools If you like Bug Bounty writeups please check my handbook Bug Bounty Write Ups Collection Report […]</p></div>
</div></article><article id="post-2018" class="clear post-2018 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/write-up-private-bug-bounty-rce-in-ec2-instance-via-ssh-with-private-key-exposed-on-public-github-repository-xx000-usd/" rel="bookmark"><time class="entry-date published" datetime="2022-02-03T11:47:47-07:00">February 3, 2022</time><time class="updated" datetime="2022-02-03T12:08:09-07:00">February 3, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/write-up-private-bug-bounty-rce-in-ec2-instance-via-ssh-with-private-key-exposed-on-public-github-repository-xx000-usd/" rel="bookmark">WRITE UP – PRIVATE BUG BOUNTY: RCE in ec2 instance via ssh with private key exposed on public GitHub repository </a></h1></header><div class="entry-summary"><p>Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about a private bug bounty program and why you can always check public repos on GitHub, because you will be surprised. If you like Bug Bounty writeups please check my handbook Bug Bounty […]</p></div>
</div></article><article id="post-1959" class="clear post-1959 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/write-up-private-bug-bounty-firebase-database-exposed-by-misconfiguration-2000-usd/" rel="bookmark"><time class="entry-date published" datetime="2022-01-17T10:18:17-07:00">January 17, 2022</time><time class="updated" datetime="2022-02-22T13:16:49-07:00">February 22, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/write-up-private-bug-bounty-firebase-database-exposed-by-misconfiguration-2000-usd/" rel="bookmark">WRITE UP – PRIVATE BUG BOUNTY: Firebase database exposed by misconfiguration – $2,000 USD</a></h1></header><div class="entry-summary"><p>Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about a private bug bounty program and why you can always check the basic payloads because you will be surprised that sometimes will work. If you like Bug Bounty writeups please check my […]</p></div>
</div></article><article id="post-1825" class="clear post-1825 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/bug-bounty-writeups-collection/" rel="bookmark"><time class="entry-date published" datetime="2022-01-07T15:56:40-07:00">January 7, 2022</time><time class="updated" datetime="2022-01-13T10:40:54-07:00">January 13, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/bug-bounty-writeups-collection/" rel="bookmark">BOOK – Bug Bounty Write Ups collection – Omar Espino</a></h1></header><div class="entry-summary"><p>Bug Bounty Write ups Collection – omespino: More than $$$$$ USD in rewards by legally hacking big companies Description: With the passage of the years, I have been included in the hall of fame of companies such as Google (top 100 researcher worldwide), Microsoft, Facebook, Twitter, Slack, Netflix, Sony, Nokia, Telegram, etc. The main goal […]</p></div>
</div></article><article id="post-1319" class="clear post-1319 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/write-up-xss-stored-in-files-slack-com-via-xml-svg-file-ios-1000-usd/" rel="bookmark"><time class="entry-date published" datetime="2021-12-03T13:51:28-07:00">December 3, 2021</time><time class="updated" datetime="2022-01-07T16:44:48-07:00">January 7, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/write-up-xss-stored-in-files-slack-com-via-xml-svg-file-ios-1000-usd/" rel="bookmark">WRITE UP – XSS STORED IN FILES.SLACK.COM VIA XML/SVG FILE (IOS) – $1,000 USD</a></h1></header><div class="entry-summary"><p>Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about the Slack bug bounty program and why you can always check the basic payloads because you will surprise that some times will work This blogpost appeared first in the book Bug Bounty […]</p></div>
</div></article><article id="post-1492" class="clear post-1492 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/write-up-apple-bug-bounty-n-a-arbitrary-local-file-read-via-zip-file-and-symlinks-usd/" rel="bookmark"><time class="entry-date published" datetime="2021-11-17T16:53:15-07:00">November 17, 2021</time><time class="updated" datetime="2022-01-07T16:45:12-07:00">January 7, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/write-up-apple-bug-bounty-n-a-arbitrary-local-file-read-via-zip-file-and-symlinks-usd/" rel="bookmark">WRITE UP – APPLE N/A: PII information, full contact list, main phone no. and main iCloud email extracted; Bug patched: Arbitrary local file read via zip file and symlinks on iOS Files app.</a></h1></header><div class="entry-summary"><p>Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an Arbitrary local file read on iOS Files app via zip file and symlinks Disclaimer: Unfortunately, after 13 months of […]</p></div>
</div></article><article id="post-1615" class="clear post-1615 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/write-up-google-vrp-bug-bounty-etc-environment-local-variables-exfiltrated-on-linux-google-earth-pro-desktop-app-1337-usd/" rel="bookmark"><time class="entry-date published" datetime="2021-11-11T13:26:58-07:00">November 11, 2021</time><time class="updated" datetime="2022-01-18T10:36:02-07:00">January 18, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/write-up-google-vrp-bug-bounty-etc-environment-local-variables-exfiltrated-on-linux-google-earth-pro-desktop-app-1337-usd/" rel="bookmark">WRITE UP – GOOGLE VRP BUG BOUNTY: /etc/environment local variables exfiltrated on Linux Google Earth Pro desktop app – $1,337 USD</a></h1></header><div class="entry-summary"><p>Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to exfiltrate /etc/environment local variables on the Google Earth Pro Desktop app on Linux. If you like Bug Bounty writeups please check […]</p></div>
</div></article><article id="post-1352" class="clear post-1352 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/write-up-xss-stored-in-api-media-atlassian-com-via-doc-file-ios/" rel="bookmark"><time class="entry-date published" datetime="2021-10-28T10:37:53-07:00">October 28, 2021</time><time class="updated" datetime="2022-01-07T16:44:28-07:00">January 7, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/write-up-xss-stored-in-api-media-atlassian-com-via-doc-file-ios/" rel="bookmark">WRITE UP – ATLASSIAN BUG BOUNTY: XSS STORED IN API.MEDIA.ATLASSIAN.COM VIA DOC FILE (IOS)</a></h1></header><div class="entry-summary"><p>Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about the Atlassian bug bounty program and why you can always check the basic payloads because you will surprise that some times will work: This blogpost appeared first in the book Bug Bounty […]</p></div>
</div></article><article id="post-1201" class="clear post-1201 post type-post status-publish format-standard hentry category-uncategorized-en"><div class="entry-meta"> <span class="byline"> Written by <span class="author vcard"><a class="url fn n" href="/author/user-admin/">omespino</a></span></span><span class="posted-on"><a href="/write-up-google-vrp-n-a-arbitrary-local-file-read-macos-via-a-tag-and-null-byte-in-google-earth-pro-desktop-app/" rel="bookmark"><time class="entry-date published" datetime="2021-10-14T06:38:47-07:00">October 14, 2021</time><time class="updated" datetime="2022-01-07T16:43:38-07:00">January 7, 2022</time></a></span>
</div>
<div class="entry-wrapper">
<header class="entry-header"><h1 class="entry-title"><a href="/write-up-google-vrp-n-a-arbitrary-local-file-read-macos-via-a-tag-and-null-byte-in-google-earth-pro-desktop-app/" rel="bookmark">WRITE UP – GOOGLE VRP N/A: Arbitrary local file read (macOS) via <a> tag and null byte (%00) in Google Earth Pro Desktop app</a></h1></header><div class="entry-summary"><p>Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an Arbitrary local macOS file read via <a> tag and null byte (%00) in Google Earth Pro Desktop app This […]</p></div>
</div></article><nav class="navigation posts-navigation" aria-label="Posts"><h2 class="screen-reader-text">Posts navigation</h2>
<div class="nav-links"><div class="nav-previous"><a href="/page/2/">Older posts</a></div></div></nav></main></div></div>
<footer id="colophon" class="site-footer" role="contentinfo"><div class="site-info"></div></footer>
</div>
<div class="mobmenu-overlay"></div>
<div class="mob-menu-header-holder mobmenu" data-menu-display="mob-menu-slideout-over" data-open-icon="down-open" data-close-icon="up-open">
<div class="mobmenul-container"><a href="#" class="mobmenu-left-bt mobmenu-trigger-action" data-panel-target="mobmenu-left-panel" aria-label="Left Menu Button"><i class="mob-icon-menu mob-menu-icon"></i><i class="mob-icon-cancel-1 mob-cancel-button"></i></a></div>
<div class="mob-menu-logo-holder"><a href="/" class="headertext"><span>@OMESPINO</span></a></div>
<div class="mobmenur-container"></div>
</div>
<div class="mobmenu-left-alignment mobmenu-panel mobmenu-left-panel "> <a href="#" class="mobmenu-left-bt" aria-label="Left Menu Button"><i class="mob-icon-cancel-1 mob-cancel-button"></i></a><div class="mobmenu-content"><div class="menu-menu-espanol-container"><ul id="mobmenuleft" role="menubar" aria-label="Main navigation for mobile devices"><li role="none" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-1304"><a href="/es" role="menuitem" class="">BLOG EN ESPAÑOL</a></li></ul></div></div>
<div class="mob-menu-left-bg-holder"></div>
</div>
</body>
</html>