mert tascilimited freemarker ssti to arbitrary liql query and manage lithium cmswe faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd’s program. we could show the traditional 49’ number when trying…2 min read·Mar 11, 2023--1--1
mert tascixss attack vector at “style” context for less.jsdetail less & sass suddenly came to my mind when researching about of css injection attacks. you know, both are css pre-processor so i…1 min read·Mar 11, 2023----
mert tascia little open redirect bypass storyin one private program at bugcrowd, i came across three different open redirect bug methods.2 min read·Mar 11, 2023--1--1
mert tasciparameter pollution bug at twittertwitter sent an e-mail to you when someone followed you when someone favorited your tweets etc. you can unsubscribe the twitter…1 min read·Mar 11, 2023--1--1