Benjamin Walter

Jun 8, 2022

Exploiting Amazon active vulnerability

How to exploit an Amazon active vulnerability and get access to Prime (& all it’s benefits, including all Prime Video Channels) for free, due to a too extensive grace period of payment. Why? About a year ago I reported to Amazon a vulnerability which allows a malicious user to abuse the…

Bug Bounty

2 min read

Bug Bounty

2 min read

Apr 9, 2021

Cookie poisoning leads to DoS and Privacy Violation

When the verification goes wrong. Avatar cookie contains the URL of the avatar image. But what if we change that? When I was hunting on cs.money, I noticed that the avatar cookie had the url for the user’s avatar on Steam. …

Cybersecurity

2 min read

Cookie poisoning leads to DoS and Privacy Violation

Cybersecurity

2 min read

Apr 8, 2021

(CRITICAL) Blind Storage XSS — My first Bug Bounty 💰

What is the impact of a XSS on support chat? Imagine, a hacker with full access to the support account and able to spread the XSS for every user on the platform. How it happens During my tests on cs.money I sent an image to the supporter, got the request and sent to burp repeater. …

Bug Bounty

2 min read

Bug Bounty

2 min read