Software

The Trendsale Chronicles: Breaching the admin portal

Finding the domain In the previous blog post, we discussed how we found a stored XSS vulnerability in the Trendsales platform.

Read More

The Trendsale Chronicles: Initial contact. Deactivating accounts, unearthing XSS and Filetype Flaws

Finding our first flaws in Trendsales and establishing contact with them As curious people, and former sneaker bot developers we like to “poke” at website API’s and how they work, to try and see how the internet is designed and how it develops, it doesn’t really matter which site we’re exploring, we do it everywhere, and Trendsales was no exclusion.

Read More