Skip to content

Sam Curry

Web Application Security Researcher
  • Home
  • Blog
  • Contact

Author: samwcyo

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More

January 3, 2023 samwcyo

During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC…

Continue Reading →

Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library

September 21, 2022 samwcyo

Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js “netlify-ipx” repository which would allow an…

Continue Reading →

Hacking Chess.com and Accessing 50 Million Customer Records

Hacking Chess.com and Accessing 50 Million Customer Records

December 16, 2020 samwcyo

To preface: the bug we found here is really simple. The interesting thing here is the impact of the vulnerability…

Continue Reading →

We Hacked Apple for 3 Months: Here’s What We Found

October 7, 2020 samwcyo

Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked…

Continue Reading →

Hacking Starbucks and Accessing Nearly 100 Million Customer Records

June 20, 2020 samwcyo

After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided…

Continue Reading →

Don’t Force Yourself to Become a Bug Bounty Hunter

May 10, 2020 samwcyo

Ever since I was a kid I was never good at doing schoolwork. I had envied everyone that seemed to…

Continue Reading →

Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts

April 19, 2020 samwcyo

Over the last few years, usage of vulnerability disclosure and bug bounty programs have increased significantly. It is now almost…

Continue Reading →

Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty

November 1, 2019 samwcyo

As a preface, when I originally found this bug I was unfamiliar the class of “null byte buffer overflow” even…

Continue Reading →

Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure

September 25, 2019 samwcyo

Jira Service Desk is a help desk application that is built on top of core Jira. It allows customers to…

Continue Reading →

Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program

July 14, 2019 samwcyo

One of the more interesting things I’ve had the opportunity to hack on is the Tesla Model 3. It has…

Continue Reading →

Post navigation

Page 1 of 2
1 2 Next →

Recent Posts

  • Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
  • Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
  • Hacking Chess.com and Accessing 50 Million Customer Records

Archives

  • January 2023
  • September 2022
  • December 2020
  • October 2020
  • June 2020
  • May 2020
  • April 2020
  • November 2019
  • September 2019
  • July 2019
  • December 2018
  • July 2018
  • May 2018
  • November 2017
  • August 2017
  • June 2017
  • May 2017