While assessing a target web application for impactful vulnerabilities, a useful check to conduct might be looking through the waybackmachine to discover URLs that have existed on the target over time. These might expose critcal functionality that could then be tested for bugs. This happened to be the case for…

Often companies deploy third-party applications to store various media content. This content is usually in various file formats such as images, documents, Html, JavaScript, SQL. Etcetera. During my engagements on bug bounty programs, it isn’t uncommon to find references to Amazon AWS S3 buckets that are disclosed in various places…

Google Dorking seems an often under-appreciated technique in a bug bounty hunter’s arsenal when assessing a target web application for vulnerabilities. …

A story of DOM XSS in Mail.ru It wasn’t till a year of joining the HackerOne platform that I actively started hunting for bugs. At the time, I was completely new to the various server and client-side bug classes that were being reported daily to programs on the platform. Amongst the vulnerabilities being disclosed at the time…

Two day’s after submitting my report for a critical Server Side Request Forgery bug i found on a program — https://medium.com/@mase289/a-tale-of-my-first-ever-full-ssrf-bug-4fe71a76e9c4, i woke up to an email alert notifying me that my XSS hunter payload had been triggered on one of the target’s subdomains. Blind XSS vulnerabilities are a variant…

After a couple of weeks of futile pocking and probing at web applications on some public programs, I decided to take a break and come back to it with a refreshed mind. In this article, I shall explore a Server Side Request Forgery vulnerability that gave me unrestricted access to…

My story begins after a long day’s work at the company under which i am employed. As was usually the case every evening, i opened up the ride app on my mobile device and ordered a ride back home. After i arrived at my destination, i noticed that i had…