PinnedPublished inInfoSec Write-upsExploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty programMy story began with a typical assessment of the program's scope. Luckily all of the in-scope subdomains were listed on the program’s page…Apr 18, 2021A response icon1Apr 18, 2021A response icon1
PinnedPublished inInfoSec Write-upsChaining password reset link poisoning, IDOR+account information leakage to achieve account…While assessing a target web application for impactful vulnerabilities, a useful check to conduct might be looking through the…Nov 10, 2020A response icon3Nov 10, 2020A response icon3
Published inInfoSec Write-upsFROM AWS S3 MISCONFIGURATION TO SENSITIVE DATA EXPOSUREOften companies deploy third-party applications to store various media content. This content is usually in various file formats such as…Feb 17, 2021A response icon1Feb 17, 2021A response icon1
Published inInfoSec Write-upsFrom SQL Injection to Hall Of FameGoogle Dorking seems an often under-appreciated technique in a bug bounty hunter’s arsenal when assessing a target web application for…Aug 18, 2020A response icon1Aug 18, 2020A response icon1
Published inInfoSec Write-upsThe $1,000 worth cookieA story of DOM XSS in Mail.ruJul 19, 2020A response icon1Jul 19, 2020A response icon1
Published inInfoSec Write-upsHow i was able to leak your session token-A story of blind XSS in an admin panel at redacted.comTwo day’s after submitting my report for a critical Server Side Request Forgery bug i found on a program —…Jul 10, 2020Jul 10, 2020
Published inInfoSec Write-upsA tale of my first ever full SSRF bugAfter a couple of weeks of futile pocking and probing at web applications on some public programs , I decided to take a break and come…Jun 22, 2020A response icon1Jun 22, 2020A response icon1
How i hacked a popular ride hailing app for unlimited rides ;-)My story begins after a long day’s work at the company under which i am employed. As was usually the case every evening, i opened up the…Jun 8, 2020Jun 8, 2020
