Start a hangout
Profile
Jakub Zoczek
Works at Allegro
Lives in Poznań
105 followers|98,128 views
AboutPostsPhotosYouTube
Stream
Jakub Zoczek
Shared publicly -GetClouder domain takeover
GetClouder is cloud hosting service having bug bounty program. In Administration Panel we have some domain management tool for hosting our own domain names. After adding ANY domain - zone is configured on two DNS servers: nimbus.getclouder.com and cumul...
GetClouder is cloud hosting service having bug bounty program. In Administration Panel we have some domain management tool for hosting our own domain names. After adding ANY domain - zone is configured on two DNS servers: nimbus.getclouder.com and cumul...
GetClouder is cloud hosting service having bug bounty program. In Administration Panel we have some domain management tool for hosting our own domain names. After adding ANY domain - zone is configured on two DNS servers: nim...
1
Add a comment...
Jakub Zoczek
Shared publicly -Yandex - 2x XSS (duplicates) + Same-Origin Policy Bypass
Here are some writeups of few bugs I found in Yandex services last time. 1) Reflected XSS in http://interactive-answers.webmaster.yandex.com. While uploading some file on http://interactive-answers.webmaster.yandex.com/gate/add-scheme/get the response would...
Here are some writeups of few bugs I found in Yandex services last time. 1) Reflected XSS in http://interactive-answers.webmaster.yandex.com. While uploading some file on http://interactive-answers.webmaster.yandex.com/gate/add-scheme/get the response would...
Here are some writeups of few bugs I found in Yandex services last time. 1) Reflected XSS in http://interactive-answers.webmaster.yandex.com. While uploading some file on http://interactive-answers.webmaster.yandex.com/g...
1
Add a comment...
Jakub Zoczek
Shared publicly -How Reverse DNS can help us with XSS, SQLi, RCE...
One day I got the idea to put XSS vector into reverse dns record. You know - sometimes webapplication displays IP address AND reverse lookup. As far as people think that there is no need to sanitize displayed revdns records, because as RFC1034 said: Note th...
One day I got the idea to put XSS vector into reverse dns record. You know - sometimes webapplication displays IP address AND reverse lookup. As far as people think that there is no need to sanitize displayed revdns records, because as RFC1034 said: Note th...
One day I got the idea to put XSS vector into reverse dns record. You know - sometimes webapplication displays IP address AND reverse lookup. As far as people think that there is no need to sanitize displayed revdns records, ...
1
Add a comment...
In his circles
121 people
Have him in circles
105 people
Jakub Zoczek
Shared publicly -CSAW CTF Web300 writeup
In this post I want to show my solution for CSAW CTF - Web300. This is the service, where we are able to post some links, that are parsed by bot, and looks like this: There are two important things about this task. First of all, we can notice that page usin...
In this post I want to show my solution for CSAW CTF - Web300. This is the service, where we are able to post some links, that are parsed by bot, and looks like this: There are two important things about this task. First of all, we can notice that page usin...
In this post I want to show my solution for CSAW CTF - Web300. This is the service, where we are able to post some links, that are parsed by bot, and looks like this: There are two important things about this task. First ...
1
Add a comment...
Jakub Zoczek
Shared publicly -Nieźle!
Dziesiątki tysięcy zainfekowanych systemów, armia serwerowych botów w największych serwerowniach świata gotowych do zmasowanego ataku na każde życzenie swojego anonimowego mocodawcy, w wolnym czasie wysyłająca spam oraz serwująca malware. Za...
1
Add a comment...
People
In his circles
121 people
Have him in circles
105 people
Places
Currently
Poznań
Links
YouTube
Work
Employment
- Allegro2013 - present
- Holicon Sp. z o.o.Młodszy Progrmaista, 2007 - 2013
Basic Information
Gender
Male