Neilmark Ochea

Jan 12

Xiaomi Execute Arbitrary JavaScript

I’m glad you’re here. Please have fun reading (nmochea). In this writeup, I’ll tell you how I was able to Execute Arbitrary JavaScript in Xiaomi Browser using HTML Injection. Description Due to lack of HTML Sanitization, It’s possible to Inject Malicious Iframe tag in Readmode and Execute Arbitrary JavaScript code. I…

Bug Bounty

2 min read

Dec 8, 2020

Facebook Leak Referrer Data

I’m glad you’re here. Please have fun reading (nmochea). While finding a facebook vulnerability I visited this interesting link with a back uri parameter endpoint So I view the source code and read it. …

Bug Bounty

2 min read

Published in InfoSec Write-ups

·Dec 7, 2020

Facebook Push Notification Linkshim Bypassed

I’m glad you’re here. Please have fun reading (nmochea). While browsing and finding facebook vulnerability I accidentally found this facebook push notification link when I visited the facebook link something strange the whole facebook page has blank, there’s nothing here hmm so I view the source code and read it…

Bug Bounty

3 min read

Facebook Push Notification Linkshim Bypassed

Dec 5, 2020

Opera Browser Cross Site Scripting (XSS)

I’m glad you’re here. Please have fun reading (@nmochea). While using opera browser for android I noticed something strange the address bar in opera browser replaced by the reader mode and the web title added without any filter. I know that I can trigger the xss in reader mode but…

Bug Bounty

3 min read

Opera Browser Cross Site Scripting (XSS)