Blog Posts

Redtube gallery

Researcher successfully closed the image 'alt' attribute and injected javascript by intercepting the album creation request and gallery an XSS payload as the album title.

Muscle pussy gallery

This led to stored cross-site scripting on the user's album page, executed against any users who visited the album. Discovered in the day of public program launch. Request interception was necessary. Similar to thebut with different root cause.

busty german teen

Severity horny lesbians free videos set due to the factors such as: I had previously some experience with triage team, so in this case it was enough to demonstrate simple popup, without complex payload. Thanks to the redtube for great report handling and bounty!

free redhead video

Stored XSS in galleries - https: ID H1: