Hi Guys, Honestly i was just getting bored and the blog wasn’t updated ina while so i decided to write this (Will share some more recent issues in a few days đ ) So i want this Write Up to be concise.. to Let’s Just say I was checking subdomains of a site and found a subdomain jenkins-thor.dosomething.org so By […]
Hello 1337s, I hope you all are doing good and hunting websites. Today I’m going to tell you about a very interesting finding which was very simple and I never expected that it could really exist there. I was hunting Edmodo nine months back and after various tests and techniques, I was unable to find any solid bug. Well before […]
So this year in March i was just testing different settings of my iPhone that was running the latest IOS that time it was IOS 11.2.6 and i came across a setting under Settings > Siri > WhatsApp>”Use With Siri” I turned it on and locked my iPhone just to see if i can use WhatsApp to send a Message […]
About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for $120/year i’ve decided to test WeTransfer for any possible vulnerability that can result of me bypassing their payment system or getting a Plus subscription for completely free well for this […]
Hello Guys!! This is my first Blog post and i am starting with IDOR Vulnerability. In this Post you will know about many endpoints to test IDOR vulnerability! Hope you will like it. Arbaz Hussain get invitation to test one private program and find vulnerabilities with his team mates but he was busy with his work and selected me to […]
Hello to all Masters and Learners, I hope you all are doing well and spending most of your time in hunting and learning. Where most of us spend time to exploit the mechanism or to find out the weak endpoints. đ This is my first Write-up, I know that I am weak in English but I’m going to try my […]
Just âXSSâ it Hello to all my brothers and friends. First i would like to thank @knowledge_2014 (ak1t4 z3n) for his support and @IfrahIman_ (Ifrah Iman) for helping to write this article. My name is Emad Shanab from Egypt. I am a lawyer by occupation but I love to find bugs in websites as a hobby. âEvery Law has its own […]
Hey Guys, Hope all of you guys are doing well, I’m an Active Bug Bounty participant, & also sometimes work as a Freelancer for some extra pocket money :p So I got a Project to test a site for possible security issues, while working on the Project i was able to bypass the file Upload functionality to Upload a shell […]
hey all here is ameer hamza,  Facebook has recently introduced login with phone functionality if you have forgotten your password. however I was able to exploit it which leads to access the facebook account.login with phone button pops a qr code to scan : so i thought why not try to break it ? firstly i tried to decode the qrcode […]
Hi All, So Last month i decided to test Uber for Fun & Profit, So while scanning for subdomains to target i found a subdomain “design.uber.com” While navigating to the subdomain it redirected me to another domain Owned By Uber That was https://www.uber.design/Â so The domain was new for me as i haven’t seen that before that domain is a static […]