Skip to content

Security Breached Blog

| One step at a time There's no need to rush It's like learning to fly! |

Menu
  • Home
  • Who Am I
  • Bug Bounty Guide
Menu

Hacking 100k+ Loyalty Programs for Fun and Profit!

Posted on May 19, 2022May 19, 2022 by Muhammad Khizer Javed

This blog post is about how a hacker could have Hacked 100k+ Loyalty Programs to get free points & redeem them for free stuff or coupons.

Read more

Hacking Subscription Plans for free service.

Posted on February 27, 2022May 19, 2022 by Muhammad Khizer Javed
Read more

Using Inspect Element to Bypass Security restrictions | Bug Bounty POC

Posted on June 30, 2020May 22, 2022 by Muhammad Khizer Javed

Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features. About the Issue: The issue is really simple to execute. I was looking for a way to use the service for free and managed to find it so easily…

Read more

Playing with JSON Web Tokens for Fun and Profit

Posted on April 4, 2020May 19, 2022 by Muhammad Qasim Munir

Hey Everyone, I hope you all are fine and doing well. Today I wanna share something related JSON Web Tokens (JWT). In this writeup, I’ll tell you how I was able to confirm emails without confirmation tokens, reset password as well as taking over company emails. So let’s start. What is JSON Web Token? JSON…

Read more

Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC

Posted on March 31, 2020May 22, 2022 by Muhammad Khizer Javed

Hey guys so this blog post is about RCE issue reported to Microsoft bug bounty program, Remote Code execution issue existed in microsoft.com subdomain running Apache Solr.   I’ll try to be as simple as possible. Participated in Microsoft Bug Bounty Program first time.. About the RCE: While doing some recon on microsoft.com website i…

Read more

Getting Started in Android Apps Pen-testing (Part-1)

Posted on March 17, 2020May 22, 2022 by Muhammad Khizer Javed

Hey Everyone, My name is M.Qasim Munir and this is my first blog article that I’m writing about getting started in android apps pen-testing. I hope this article will help you with learning something new. Getting Started in Android apps Pen-testing (PART-1):   Amazing development and growth in mobile apps have carried a bunch of…

Read more

Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC

Posted on February 19, 2020May 22, 2022 by Muhammad Khizer Javed

Hey guys so this blog post is about doing static analysis of an Android App, And due to insecure storage of SMS API credentials I was able to Takeover the SMS API here’s a Short POC of the issue.

Read more

Exploiting Insecure Firebase Database!

Posted on February 4, 2020May 22, 2022 by Muhammad Khizer Javed

Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a Short POC tutorial of the issue. A few days ago i was doing static analysis of an Android app on a bug bounty target, as…

Read more

Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC

Posted on January 26, 2020May 22, 2022 by Muhammad Khizer Javed

Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here’s a Short POC of the issue.     HackerOne Report: #420420 A Subdomain on Snapchat’s website https://whatis.snapchat.com/ Gives the basic information about Snapchat, what…

Read more

User Account Takeover via Signup Feature | Bug Bounty POC

Posted on January 22, 2020May 22, 2022 by Muhammad Khizer Javed

Hey guys so this blog post is about a User Account Takeover issue that i discover. the bug was an Account Takeover issue that was found in Signup & Switch Accounts feature so here’s the a Short POC of the issue.   While testing i saw that there is a “Switch Accounts” Option in Application…

Read more
  • 1
  • 2
  • 3
  • 4
  • Next


  • HOW I WAS ABLE TO TAKEOVER FACEBOOK ACCOUNT | Bug Bounty Poc
  • P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC
  • IDOR User Account Takeover By Connecting My Facebook Account with victims Account
  • Hacking a Company Through help desk – Ticket Trick | Bug Bounty POC
  • Subdomain Takeover Through Expired Cloudfront Distribution | live.lamborghini.com
  • Using Inspect Element to Bypass Security restrictions | Bug Bounty POC

Tweets by KHIZER_JAVED47
© 2023 Security Breached Blog | Powered by Minimalist Blog WordPress Theme
 

Loading Comments...