h0wl's blog
Subscribe
Sign in
Home
Archive
About
SolChat Messages Insecure Encryption Method
The SolChat app stored its encryption key and implemented symmetric encryption logic client-side. This means anyone could decrypt every message sent and…
Mar 3
•
Pawel Wylecial
Share this post
SolChat Messages Insecure Encryption Method
h0wl.substack.com
Copy link
Facebook
Email
Note
Other
October 2023
New Bitcoin City Stored Cross-Site Scripting (XSS) in Mentions
Another stored XSS vulnerability in NBC that could result in draining user wallets, performing unauthorised transactions with the possibility to spread…
Oct 31, 2023
•
Pawel Wylecial
Share this post
New Bitcoin City Stored Cross-Site Scripting (XSS) in Mentions
h0wl.substack.com
Copy link
Facebook
Email
Note
Other
New Bitcoin City bypassing the top 100 restriction to post images
New Bitcoin City SocialFi app allows to make public posts but images can be uploaded only by the top 100 users, at least in theory.
Oct 14, 2023
•
Pawel Wylecial
Share this post
New Bitcoin City bypassing the top 100 restriction to post images
h0wl.substack.com
Copy link
Facebook
Email
Note
Other
September 2023
Wormable Stored Cross-Site Scripting (XSS) in Alpha (New Bitcoin City)
A vulnerability in Alpha SocialFi app existed that could result in draining user wallets, performing unauthorised transactions with the possibility to…
Sep 25, 2023
•
Pawel Wylecial
Share this post
Wormable Stored Cross-Site Scripting (XSS) in Alpha (New Bitcoin City)
h0wl.substack.com
Copy link
Facebook
Email
Note
Other
August 2023
Chat Room Messages Leak on Friend.tech
Accessing the most recent message sent to each of the chat rooms a particular user is part of is open to anyone. Ownership of shares or even an account…
Aug 21, 2023
•
Pawel Wylecial
Share this post
Chat Room Messages Leak on Friend.tech
h0wl.substack.com
Copy link
Facebook
Email
Note
Other
January 2023
The importance of Web UI security in decentralised applications
Abusing front-end to trick users into performing unintended interactions with the smart contract
Jan 25, 2023
•
Pawel Wylecial
Share this post
The importance of Web UI security in decentralised applications
h0wl.substack.com
Copy link
Facebook
Email
Note
Other
Share
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts