Josh FaminInfoSec Write-upsBypassing CORS configurations to produce an Account Takeover for Fun and ProfitThe bug that is being written about here is from an previous bug bounty engagement for a major telecommunication company. This bug consists…Feb 13, 20231Feb 13, 20231
Josh FaminInfoSec Write-upsHow I was able to Turn a XSS into A Account TakeoverTo begin,this is a vulnerability that I found during a bug bounty engagement.I would split this into two parts, or two separate…Feb 3, 20212Feb 3, 20212
Josh FaminInfoSec Write-upsOpenEMR 5.0.1.3 — (Authenticated) Arbitrary File ActionsBack in 2018, a group of security researchers and I decided to try our hands at OpenEMR and find security vulnerabilities.The full report…Nov 17, 2020Nov 17, 2020