Posts by Carlos Bello

Carlos is security researcher at Fluid Attacks since September 2022.

Carlos Bello

LFR via SSRF in BookStack

Beware of insecure-by-default libraries!

Here we present in detail a vulnerability we discovered in BookStack v23.10.2, along with the steps to follow to replicate the exploit.

Carlos Bello

RCE in PaperCut MF/NG via CSRF

What is invisible to some hackers is visible to others

Here we present in detail a vulnerability we discovered in PaperCut MF/NG v22.0.10, along with the steps to follow to replicate the exploit.

Carlos Bello

UXSS to Account Takeover in Rushbet

Injecting JS into one site is harmful, into all, lethal

In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.

Carlos Bello

Account Takeover in KAYAK

So it's the app itself that delivers the cookie to me?

In this blog post, I present in detail a zero-day vulnerability I discovered in KAYAK v161.1, along with the steps to follow to replicate the exploit.

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.