I was doing bounty on a private H1 program that interacts with various external services one of them was Atlassian Confluence and Jira. As you know, you can run Atlassian on their cloud service at Atlassian.net, or in your own server. …

a code injection inside javascript code can be a headache… But nothing is impossible While we are not working on Pentesting for companies, we love to Bug Hunting on Hackerone. We founded a vulnerable section on a site, with some sort of google analytics code, vulnerable to a URL XSS. …