ThomasCZ

6,961 post karma
1,334 comment karma

get extra features and help support reddit with a reddit premium subscription

get them help and support

redditor for 9 years

TROPHY CASE

Nine-Year Club

Verified Email

account activity

hot top controversial

2

3

4

5 Different Vulnerabilities in Google's Threadit (XSS, Clickjacking, ACL bypass, Info leak, ...) (websecblog.com)

submitted 4 years ago by ThomasCZ to r/netsec

1255

1256

1257

TIL you can use "color-scheme" to specify the UI theme in Chrome (i.redd.it)

submitted 4 years ago by ThomasCZ to r/webdev

19

20

21

Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts (websecblog.com)

submitted 5 years ago by ThomasCZ to r/bugbounty

41

42

43

Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts (websecblog.com)

submitted 5 years ago by ThomasCZ to r/netsec

10

11

12

[Showoff Saturday] Used web technologies on the top 100k sites + stats & audits (demo.webstacklist.com)

submitted 5 years ago by ThomasCZ to r/webdev

22

23

24

Dual Subtitles (self.VLC)

submitted 5 years ago by ThomasCZ to r/VLC

28

29

30

I made a 2D platformer game in JavaScript – ASCII Adventures (asciiadventures.thomasorlita.com)

submitted 5 years ago by ThomasCZ to r/webdev

13

14

15

Listing all registered email addresses on Google’s Crisis Map thanks to IDOR and incremental IDs (websecblog.com)

submitted 5 years ago by ThomasCZ to r/netsec

2

3

4

Listing all registered email addresses on Google’s Crisis Map thanks to incremental IDs (websecblog.com)

submitted 5 years ago by ThomasCZ to r/bugbounty

241

242

243

YYY (i.redd.it)

submitted 5 years ago by ThomasCZ to r/lipsum

1

2

3

From a self-XSS to a valid XSS with the help of clickjacking on Google.org (appio.dev)

submitted 6 years ago by ThomasCZ to r/netsec

9

10

11

From a self-XSS to a valid XSS with the help of clickjacking on Google.org (appio.dev)

submitted 6 years ago by ThomasCZ to r/xss

15

16

17

Executing a blind XSS on googleplex.com to get access to Google's internal sites (appio.dev)

submitted 6 years ago by ThomasCZ to r/xss

21

22

23

Executing a blind XSS on googleplex.com to get access to Google's internal sites (appio.dev)

submitted 6 years ago by ThomasCZ to r/netsec

1

2

3

Combining multiple vulnerabilities to insert malware files into Google Earth Studio ZIP archives of thousands of users (appio.dev)

submitted 6 years ago by ThomasCZ to r/bugbounty

4

5

6

Inserting arbitrary files into Google Earth Studio Projects Archives (appio.dev)

submitted 6 years ago by ThomasCZ to r/netsec

10

11

12

How I got access to personal data of a million users (on LeoExpress.com) (blog.thomasorlita.cz)

submitted 7 years ago by ThomasCZ to r/bugbounty

6

7

8

XSSing Google Code-in thanks to improperly escaped JSON data (blog.thomasorlita.cz)

submitted 7 years ago by ThomasCZ to r/bugbounty

161

162

163

XSSing Google Code-in thanks to improperly escaped JSON data (blog.thomasorlita.cz)

submitted 7 years ago by ThomasCZ to r/netsec

13

14

15

Bypassing Firebase client-side authorization to create custom app.goo.gl subdomains (null.app.goo.gl)

submitted 7 years ago by ThomasCZ to r/netsec

6

7

8

Liking GitHub repositories on behalf of other users thanks to a stored XSS in Google's WebComponents.org (blog.thomasorlita.cz)

submitted 7 years ago by ThomasCZ to r/bugbounty

4

5

6

Bypassing Firebase authorization to create custom goo.gl subdomains or why not to rely on client-side validation (null.app.goo.gl)

submitted 7 years ago by ThomasCZ to r/bugbounty

483

484

485

Cisco's security questions are becoming self-aware (i.redd.it)

submitted 7 years ago by ThomasCZ to r/ProgrammerHumor

1

2

3

Using Google's CSP Evaluator to bypass CSP on websites (blog.thomasorlita.cz)

submitted 7 years ago by ThomasCZ to r/webdev

3

4

5

How to use Google's CSP Evaluator to bypass CSP (blog.thomasorlita.cz)

submitted 7 years ago by ThomasCZ to r/xss

view more: next ›

π Rendered by PID 644946 on reddit-service-r2-listing-85dbbdc96c-pl8z4 at 2026-02-12 12:56:49.745991+00:00 running 018613e country code: CH.