↓ Skip to main content

Michele Spagnuolo

Staff Software Engineer

Recent

Put.io API design issues - I can haz your files

August 10, 2015·5 mins

The power of DNS rebinding: stealing WiFi passwords with a website

April 20, 2015·7 mins

Adobe fixed Rosetta Flash today

August 15, 2014·4 mins

Abusing JSONP with Rosetta Flash

July 8, 2014·9 mins

XSS in Zagat, exploiting a XOR-based obfuscation algorithm

February 16, 2014·1 min

Mailbox.app Javascript execution

September 24, 2013·5 mins

My experience with Google interviews and why it is different from Facebook's

September 18, 2013·8 mins

XSRF and Cookie manipulation on google.com

September 15, 2013·2 mins

XSS in Google Finance

July 30, 2013·2 mins

Stored XSS in GMail

July 8, 2013·1 min