Plotly is a powerful data analytics and visualisation platform. Founded in 2012, the firm offer a range of products, including a collaborative web interface, API libraries, the Plotly.js library, on-premises services and various software utlities. Plotly maintain a public bug bounty policy in parallel with a dedicated HackerOne program.…Yasin Soliman
Publicly disclosed vulnerability reports and bug write-ups.
As a GitHub bounty hunter with previously resolved reports, this February I was invited to a pre-release of the organisation SAML single sign-on (SSO) feature for GitHub.com, which has since been deployed in production. A few hours after the invitation went live and I reached out to the GitHub team to get started, my testbed organisation…Yasin Soliman
Mike Knoop's research into XXE exploitation inspired me to experiment with RSS parsing on Hootsuite. These vulnerabilities arise when a parser validates and processes XML-based input which contains references to an external entity. Within fifteen minutes of testing, I had gained a pingback and demonstrated an exfiltration of /etc/issue.…Yasin Soliman