Skip to content

Security Breached Blog

| One step at a time There's no need to rush It's like learning to fly! |

Menu
  • Home
  • Who Am I
  • Bug Bounty Guide
Menu

Author: Muhammad Khizer Javed

Cyber Security Researcher,  Bug Bounty Hunter & Freelance Pentester.

P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC

Posted on November 3, 2018 by Muhammad Khizer Javed

Hey Guys,   So This blog is a short blog about a P1 issue i found in a site it was a really simple and maybe a common issue, So I got invited to a site and the first thing i mostly do is to check github.com for issues related to that site & also…

Read more

Subdomain Takeover via Unsecured S3 Bucket Connected to the Website

Posted on September 24, 2018 by Muhammad Khizer Javed

Hey Guys,   So This Blog is Basically About an issue i found in a web where a missing file and an Unsecured S3 Bucket connected to that website gave me a way to takeover that subdomain without a Subdomain Takeover Vulnerability, So Let’s begin   So I was testing a private program when i…

Read more

IDOR User Account Takeover By Connecting My Facebook Account with victims Account

Posted on September 16, 2018September 16, 2018 by Muhammad Khizer Javed

Hey Guys Its Me Khizer again So This Blog is about an IDOR issue i found in a Web where changing the User ID in Facebook auth callback linking request actually connects my Facebook Account to the Victims Site Account so By this i could get complete access to User Account. So Let’s start what…

Read more

Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC

Posted on September 10, 2018September 10, 2018 by Muhammad Khizer Javed

Hey guys Me again with a Short POC about Login Bypass Using SQL Injection to get Access to AutoTraders Webmail so lets begain the POC will be short. What happened was i was working on AutoTraders Bug Bounty Program and had reported a couple of issues but all were Duplicate so i was checking subdomains…

Read more

ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC

Posted on September 9, 2018September 10, 2018 by Muhammad Khizer Javed

Hey Guys! Me Back with a New Post This One is about an Authentication Bypass Vulnerability in one of the subdomains of https://zol.co.zw/ ZOL Zimbabwe and Then got an XSS following with an SQLi in that Control Panel. So The Main Focus of this Blog Post will be on How i got access to the…

Read more

SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC

Posted on September 8, 2018September 8, 2018 by Muhammad Khizer Javed

Hey Guys,   So Another Concise Report about an SQLi I recently Found One day i was just going through some Twitter posts and saw one of my friend replied to a tweet about a Swag pack   As Some of you guys already know How Attractive such Tweets are so i decided to Test…

Read more

RCE Unsecure Jenkins Instance | Bug Bounty POC

Posted on September 7, 2018 by Muhammad Khizer Javed

Hi Guys, Honestly i was just getting bored and the blog wasn’t updated ina while so i decided to write this  (Will share some more recent issues in a few days 🙂 )   So i want this Write Up to be concise.. to Let’s Just say I was checking subdomains of a site and …

Read more

IOS 11.4 Siri Auth Bypass | CVE-2018-4238

Posted on May 22, 2018September 10, 2018 by Muhammad Khizer Javed

So this year in March i was just testing different settings of my iPhone that was running the latest IOS that time it was IOS 11.2.6 and i came across a setting under Settings > Siri > WhatsApp>”Use With Siri” I turned it on and locked my iPhone just to see if i can use…

Read more

How I was able to get subscription of $120/year For Free | Bug Bounty POC

Posted on May 18, 2018May 18, 2018 by Muhammad Khizer Javed

About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for $120/year i’ve decided to test WeTransfer for any possible vulnerability that can result of me bypassing their payment system or getting a Plus subscription for…

Read more

Security Researcher saved Careem from a Data Breach

Posted on December 19, 2017December 20, 2017 by Muhammad Khizer Javed

Careem App is a car booking platform based in UAE which offers traveling services by which people can book a car on their doorstep in a couple of minutes. Careem App is known for its pick and drop service with the most comfortable and safe environment all over UAE, PAKISTAN, AFRICA and more countries. But,…

Read more
  • Previous
  • 1
  • 2
  • 3
  • Next


  • Hacking 100k+ Loyalty Programs for Fun and Profit!
  • Getting Started in Android Apps Pen-testing (Part-1)
  • Exploiting Insecure Firebase Database!
  • Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION | BugBounty POC
  • Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC
  • My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.

Tweets by KHIZER_JAVED47
© 2022 Security Breached Blog | Powered by Minimalist Blog WordPress Theme
 

Loading Comments...