JohnfielLack of URL redirect validation for 3rd-party appHi again! So here is one more writeup on a simple yet tricky open redirect bug I found on a private application.3 min read·Apr 8, 2021----
JohnfielXSS Cloudflare Bypass!Hi InfoSec and non-InfoSec Community! This is John Fiel Brosas, a pentester by profession from the Philippines. It’s been a while since…3 min read·Mar 26, 2021--1--1
Johnfielxmlrpc.php File can Possibly Bruteforce Attack and Cause Denial of Service if EnabI was running a test on a specific website and I stumbled upon an xmlrpc.php file.2 min read·Nov 21, 2019----
JohnfielAWS S3 Misconfiguration Grant Public ‘WRITE’ AccessGranting public “WRITE” access to your AWS S3 buckets can allow anonymous users to upload, modify and delete S3 objects without permission…2 min read·Nov 21, 2019----