🦜 Sam Curry
@samcurry.net@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline!
Brought to you by the RSS Parrot.
---
Web Application Security Researcher
Your feed and you don't want it here? Just
e-mail the birb.
Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform
https://samcurry.net/points-com/
Published: August 3, 2023 17:30
Introduction Between March 2023 and May 2023, we identified multiple security vulnerabilities within points.com, the backend provider for a significant…
The post Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform…
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
https://samcurry.net/web-hackers-vs-the-auto-industry/
Published: January 3, 2023 09:48
During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC…
The post Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More first appeared on Sam Curry.
Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
https://samcurry.net/universal-xss-on-netlifys-next-js-library/
Published: September 21, 2022 23:21
Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js "netlify-ipx" repository which would allow an…
The post Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library first appeared on Sam…
Hacking Chess.com and Accessing 50 Million Customer Records
https://samcurry.net/hacking-chesscom/
Published: December 16, 2020 12:49
To preface: the bug we found here is really simple. The interesting thing here is the impact of the vulnerability…
The post Hacking Chess.com and Accessing 50 Million Customer Records first appeared on Sam Curry.
We Hacked Apple for 3 Months: Here’s What We Found
https://samcurry.net/hacking-apple/
Published: October 7, 2020 17:15
Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked…
The post We Hacked Apple for 3 Months: Here’s What We Found first appeared on Sam Curry.
Hacking Starbucks and Accessing Nearly 100 Million Customer Records
https://samcurry.net/hacking-starbucks/
Published: June 20, 2020 23:42
After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided…
The post Hacking Starbucks and Accessing Nearly 100 Million Customer Records first appeared on Sam Curry.
Don’t Force Yourself to Become a Bug Bounty Hunter
https://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunter/
Published: May 11, 2020 00:18
Ever since I was a kid I was never good at doing schoolwork. I had envied everyone that seemed to…
The post Don’t Force Yourself to Become a Bug Bounty Hunter first appeared on Sam Curry.
Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts
https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/
Published: April 19, 2020 10:29
Over the last few years, usage of vulnerability disclosure and bug bounty programs have increased significantly. It is now almost…
The post Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts first appeared on Sam Curry.
Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty
https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/
Published: November 1, 2019 15:50
As a preface, when I originally found this bug I was unfamiliar the class of “null byte buffer overflow” even…
The post Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty first appeared on Sam Curry.
Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure
https://samcurry.net/analysis-of-cve-2019-14994/
Published: September 26, 2019 00:30
Jira Service Desk is a help desk application that is built on top of core Jira. It allows customers to…
The post Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure first appeared on Sam Curry.