Published in InfoSec Write-ups·PinnedExploiting Unrestricted File Upload to achieve Remote Code Execution on a bug bounty programMy story began with a typical assessment of the program's scope. Luckily all of the in-scope subdomains were listed on the program’s page which eliminated the need for subdomain enumeration. After browsing through the available subdomains, I settled on a single one which piqued my interest. I shall refer to…Remote Code Execution3 min read
Published in InfoSec Write-ups·PinnedChaining password reset link poisoning, IDOR, and information leakage to achieve account takeover at api.redacted.comWhile assessing a target web application for impactful vulnerabilities, a useful check to conduct might be looking through the waybackmachine to discover URLs that have existed on the target over time. These might expose critcal functionality that could then be tested for bugs. …Cybersecurity3 min read
Published in InfoSec Write-ups·Feb 17, 2021From AWS S3 Misconfiguration to Sensitive Data ExposureOften companies deploy third-party applications to store various media content. This content is usually in various file formats such as images, documents, Html, JavaScript, SQL. Etcetera. …Bug Bounty4 min read
Published in InfoSec Write-ups·Aug 18, 2020From SQL Injection to Hall Of FameGoogle Dorking seems an often under-appreciated technique in a bug bounty hunter’s arsenal when assessing a target web application for vulnerabilities. …Sqli2 min read
Published in InfoSec Write-ups·Jul 19, 2020The $1,000 worth cookieA story of DOM XSS in Mail.ru It wasn’t till a year of joining the HackerOne platform that I actively started hunting for bugs. At the time, I was completely new to the various server and client-side bug classes that were being reported daily to programs on the platform. Amongst the vulnerabilities being disclosed at the time…Cybersecurity4 min read
Published in InfoSec Write-ups·Jul 10, 2020How I was able to leak your session token-A story of blind XSS in an admin panel at redacted.comTwo day’s after submitting my report for a critical Server Side Request Forgery bug i found on a program — https://medium.com/@mase289/a-tale-of-my-first-ever-full-ssrf-bug-4fe71a76e9c4, i woke up to an email alert notifying me that my XSS hunter payload had been triggered on one of the target’s subdomains. Blind XSS vulnerabilities are a variant…Xss Vulnerability3 min read
Published in InfoSec Write-ups·Jun 22, 2020A tale of my first ever full SSRF bugAfter a couple of weeks of futile pocking and probing at web applications on some public programs, I decided to take a break and come back to it with a refreshed mind. In this article, I shall explore a Server Side Request Forgery vulnerability that gave me unrestricted access to…Ssrf4 min read
Jun 8, 2020How i hacked a popular ride hailing app for unlimited rides ;-)My story begins after a long day’s work at the company under which i am employed. As was usually the case every evening, i opened up the ride app on my mobile device and ordered a ride back home. After i arrived at my destination, i noticed that i had…Bug Bounty2 min read