Skip to content

Sam Curry

Web Application Security Researcher
  • Home
  • Blog
  • Contact
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More

January 3, 2023 samwcyo

During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC…

Continue Reading →

Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library

September 21, 2022 samwcyo

Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js “netlify-ipx” repository which would allow an…

Continue Reading →

Hacking Chess.com and Accessing 50 Million Customer Records

Hacking Chess.com and Accessing 50 Million Customer Records

December 16, 2020 samwcyo

To preface: the bug we found here is really simple. The interesting thing here is the impact of the vulnerability…

Continue Reading →

We Hacked Apple for 3 Months: Here’s What We Found

October 7, 2020 samwcyo

Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked…

Continue Reading →

Hacking Starbucks and Accessing Nearly 100 Million Customer Records

June 20, 2020 samwcyo

After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided…

Continue Reading →

Don’t Force Yourself to Become a Bug Bounty Hunter

May 10, 2020 samwcyo

Ever since I was a kid I was never good at doing schoolwork. I had envied everyone that seemed to…

Continue Reading →

Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts

April 19, 2020 samwcyo

Over the last few years, usage of vulnerability disclosure and bug bounty programs have increased significantly. It is now almost…

Continue Reading →

Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty

November 1, 2019 samwcyo

As a preface, when I originally found this bug I was unfamiliar the class of “null byte buffer overflow” even…

Continue Reading →

Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure

September 25, 2019 samwcyo

Jira Service Desk is a help desk application that is built on top of core Jira. It allows customers to…

Continue Reading →

Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program

July 14, 2019 samwcyo

One of the more interesting things I’ve had the opportunity to hack on is the Tesla Model 3. It has…

Continue Reading →

Post navigation

Page 1 of 2
1 2 Next →