JohnfielLack of URL redirect validation for 3rd-party appHi again! So here is one more writeup on a simple yet tricky open redirect bug I found on a private application.Apr 8, 2021Apr 8, 2021
JohnfielXSS Cloudflare Bypass!Hi InfoSec and non-InfoSec Community! This is John Fiel Brosas, a pentester by profession from the Philippines. It’s been a while since…Mar 26, 20211Mar 26, 20211
Johnfielxmlrpc.php File can Possibly Bruteforce Attack and Cause Denial of Service if EnabI was running a test on a specific website and I stumbled upon an xmlrpc.php file.Nov 21, 2019Nov 21, 2019
JohnfielAWS S3 Misconfiguration Grant Public ‘WRITE’ AccessGranting public “WRITE” access to your AWS S3 buckets can allow anonymous users to upload, modify and delete S3 objects without permission…Nov 21, 2019Nov 21, 2019