Contact us
Search
English

Posts by Carlos Bello

Carlos is security researcher at Fluid Attacks since September 2022.

Photo by Yeshi Kangrang on Unsplash

Carlos Bello

RCE in PaperCut MF/NG via CSRF

What is invisible to some hackers is visible to others

Here we present in detail a vulnerability we discovered in PaperCut MF/NG v22.0.10, along with the steps to follow to replicate the exploit.

Photo by sebastiaan stam on Unsplash

Carlos Bello

UXSS to Account Takeover in Rushbet

Injecting JS into one site is harmful, into all, lethal

In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.

Photo by Nahel Abdul Hadi on Unsplash

Carlos Bello

Account Takeover in KAYAK

So it's the app itself that delivers the cookie to me?

In this blog post, I present in detail a zero-day vulnerability I discovered in KAYAK v161.1, along with the steps to follow to replicate the exploit.

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial

Service

Continuous Hacking

Platform overview

Solutions

Application security

Compliance

Systems

Testing Techniques

ASPM

SAST

DAST

MPT

MAST

SCA

CSPM

ARM

PTaaS

RE

SCR

Plans

Machine

Squad

Resources

Blog

Learn

Advisories

Clients

Downloadables

Documentation

Company

About us

Certifications

Partners

Careers

Contact us

Ethics Hotline

Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.

Service status

Terms of use

Privacy policy

Cookie policy