Blog
-
Directory traversal at lsid.eu – Livesport bug bounty
written by
Intro Directory Traversal vulnerability was identified and responsibly reported through Livesport’s official bug bounty program. The vulnerability was present at https://lsid.eu, a service that represents a key part of https://livesport.cz, as it’s Node JS server for registrations, logins and managing user data. So, if we want to log in to our account on https://livesport.cz, one…
-
Chained vulnerabilities leads to Administrative Area Compromise and RCE on on planetum.cz
written by
A security assessment identified an externally reachable attack path that allowed an unauthenticated attacker to progressively gain and escalate access, ultimately resulting in administrative control planetum.cz and remote code execution.
-
Reflected XSS at České Budějovice Observatory
written by
Identified Cross-Site Scripting (XSS) vulnerability, which may compromise the security of user’s data.