Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC

Hey guys so this blog post is about RCE issue reported to Microsoft bug bounty program, Remote Code execution issue existed in microsoft.com subdomain running Apache Solr.   I’ll try to be as simple as possible. Participated in Microsoft Bug Bounty Program first time.. About the RCE: While doing some recon on microsoft.com website i found a subdomain http://tide90.microsoft.com/ doing […]

Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC

Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here’s a Short POC of the issue.     HackerOne Report: #420420 A Subdomain on Snapchat’s website https://whatis.snapchat.com/ Gives the basic information about Snapchat, what it does and how it […]