RCE Unsecure Jenkins Instance | Bug Bounty POC
Hi Guys, Honestly i was just getting bored and the blog wasn’t updated ina while so i decided to write this (Will share some more recent issues in a few...
BugBounty POC
Edmodo official number for custom text messages to any number around the world!
Hello 1337s, I hope you all are doing good and hunting websites. Today I’m going to tell you about a very interesting finding which was very simple and I never...
IOS 11.4 Siri Auth Bypass | CVE-2018-4238
So this year in March i was just testing different settings of my iPhone that was running the latest IOS that time it was IOS 11.2.6 and i came across...
How I was able to get subscription of $120/year For Free | Bug Bounty POC
About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for...
Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)
Hello Guys!! This is my first Blog post and i am starting with IDOR Vulnerability. In this Post you will know about many endpoints to test IDOR vulnerability! Hope you...
How I was able to Download Any file from Web server!
Hello to all Masters and Learners, I hope you all are doing well and spending most of your time in hunting and learning. Where most of us spend time to...
KNOXSS for Dummies! A new Detailed Guide to use KNOXSS Pro in real world
Just “XSS” it Hello to all my brothers and friends. First i would like to thank @knowledge_2014 (ak1t4 z3n) for his support and @IfrahIman_ (Ifrah Iman) for helping to write this...
Unrestricted File Upload to RCE | Bug Bounty POC
Hey Guys, Hope all of you guys are doing well, I’m an Active Bug Bounty participant, & also sometimes work as a Freelancer for some extra pocket money :p So...
HOW I WAS ABLE TO TAKEOVER FACEBOOK ACCOUNT | Bug Bounty Poc
hey all here is ameer hamza, Facebook has recently introduced login with phone functionality if you have forgotten your password. however I was able to exploit it which leads to access...
UBER Wildcard Subdomain Takeover | BugBounty POC
Hi All, So Last month i decided to test Uber for Fun & Profit, So while scanning for subdomains to target i found a subdomain “design.uber.com” While navigating to the...