This is part of a report of a bug that I sent back in 2020, changing of course the program name for obvious reasons.


When someone asks me about how it is like hacking I tell them it’s like being an artist 🎨. This involves a lot of love, imagination…

I was doing bounty on a private H1 program that interacts with various external services one of them was Atlassian Confluence and Jira.

As you know, you can run Atlassian on their cloud service at, or in your own server. …

a code injection inside javascript code can be a headache… But nothing is impossible

While we are not working on Pentesting for companies, we love to Bug Hunting on Hackerone.

We founded a vulnerable section on a site, with some sort of google analytics code, vulnerable to a URL XSS.

Master SEC

It Security company from Argentina. Penetration Testing, Red Team, Bug Bounty, Training.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store