MuhammadKhizerJaved
Dedicated and seasoned cybersecurity professional with over 8 years of active engagement in Bug Bounty Hunting, complemented by 4 years of experience as a Penetration Tester. Skilled in web and mobile application security testing and vulnerability assessment, I am actively involved in platforms like HackerOne and Bugcrowd. My contributions in the Bug Bounty arena have been recognized by over 200 reputable organizations, including Apple, Google, Facebook, The Government of Singapore, and The US Department of Defense. As an advocate for community growth, I actively contribute as a speaker, conducting sessions in local universities and presenting talks at various security conferences, both locally and internationally, including twice at BlackHat MEA, With a passion for growth, Always happy to connect with fellow security practitioners.
In this blog, I explore a real-world case of an Admin Panel Takeover caused by broken authentication and insecure configurations. By exploiting a misconfigured JWT token from a staging environment, full administrative access was gained to a production system, exposing sensitive user data and critical application controls. This case study emphasizes the dangers of default credentials, unsecured staging environments, and improperly scoped tokens, providing key lessons in security hygiene and best practices to prevent such vulnerabilities.
Like this:
Like Loading...
Discover how a simple API key exposure led to the complete takeover of an AI assistant in production. This eye-opening security analysis reveals the critical vulnerabilities lurking in AI-powered applications and offers essential insights for developers and security professionals.
Like this:
Like Loading...
Found a critical vulnerability involving leaked AWS credentials within an Android App API during a bug bounty hunt. by utilizing Dynamic Application Security Testing (DAST) and the Mobile Security Framework (MobSF) to uncover the vulnerability. This blog post provides a step-by-step guide for newcomers to set up their own testing environments and utilize MobSF.
Like this:
Like Loading...
This guide is a must-read for beginners to dive into Bug Bounty Hunting. It provides foundational skills, tips, tools, and resources for Bug Bounty Hunters. I’ve covered various aspects including vulnerabilities and learning resources. Are you ready to embark on your Bug Bounty adventure?
Like this:
Like Loading...
This vulnerability on the Bugcrowd platform allowed manipulating rank on the platform using the API.
Like this:
Like Loading...
This blog post is about how a hacker could have Hacked 100k+ Loyalty Programs to get free points & redeem them for free stuff or coupons.
Like this:
Like Loading...
Like this:
Like Loading...
Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features. About the Issue: The...
Like this:
Like Loading...
Hey guys so this blog post is about RCE issue reported to Microsoft bug bounty program, Remote Code execution issue existed in microsoft.com subdomain running Apache Solr. I’ll try...
Like this:
Like Loading...
Hey Everyone, My name is M.Qasim Munir and this is my first blog article that I’m writing about getting started in android apps pen-testing. I hope this article will help...
Like this:
Like Loading...