Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

Via Giosuè Carducci, 21 - Pomigliano d'Arco (Italy)
Paseo Montjuic, número 30 - Barcelona (Spain)

info@hacktivesecurity.com

+39 06 8773 8747

Application Security

Responsible disclosure – Reflected XSS on hireon.amazon.com

On March 13th, by using dnsrecon (https://github.com/darkoperator/dnsrecon) and a huge wordlist, I came across with an Amazon domain (hireon.amazon.com) with a Reflected XSS. Usually I don’t use to write an article for an XSS vulnerability, but I would share a trick I discovered during this analysis. Looking for a not existent resource, the following error […]

Application Security

Facebook chat / dashboard content injection

I often wondered how link generation functionality is implemented by major social network applications and, more specifically, the preview generation. Some time ago a friend of mine was spear-phished with a message through the Facebook chat, this happened before Facebook patched the chat application, allowing to exchange of messages only between people connected as friends. […]

Application Security

Symantec Security Information Manager, multiple vulnerabilities (XSS, SQLi, Information Disclosure)

Hi there, we missed here for quite a while but one more time we are back with something (hopefully) interesting. In the past months we have worked together with Symantec vulnerability response team to address some critical issues that were afflicting the Symantec Security Information Manager. Our R&D Team discovered vulnerabilities consisting of XSS (both […]

Receive the latest news

Subscribe To Our Newsletter

Get notified about new articles