Josh FaminInfoSec Write-upsBypassing CORS configurations to produce an Account Takeover for Fun and ProfitThe bug that is being written about here is from an previous bug bounty engagement for a major telecommunication company. This bug consists…4 min read·Feb 13, 2023--1--1
Josh FaminInfoSec Write-upsHow I was able to Turn a XSS into A Account TakeoverTo begin,this is a vulnerability that I found during a bug bounty engagement.I would split this into two parts, or two separate…6 min read·Feb 3, 2021--2--2
Josh FaminInfoSec Write-upsOpenEMR 5.0.1.3 — (Authenticated) Arbitrary File ActionsBack in 2018, a group of security researchers and I decided to try our hands at OpenEMR and find security vulnerabilities.The full report…2 min read·Nov 17, 2020----