Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)

Hello Guys!! This is my first Blog post and i am starting with IDOR Vulnerability. In this Post you will know about many endpoints to test IDOR vulnerability! Hope you will like it. Arbaz Hussain get invitation to test one private program and find vulnerabilities with his team mates but he was busy with his work and selected me to […]

Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION | BugBounty POC

What virtual hosts (or vhosts)? A single web server can be configured to run multiple websites at once, under different domain names. These are the virtual hosts (or vhosts) and they are usually found in shared hosting environments. Why you need to Enumerate? The host name discovery phase is an information gathering act to get a complete and detailed view […]

What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?

The POST explains What is Subdomain Hijack/takeover Vulnerability, What are the Impacts of the Vulnerability & How can You prevent such attacks, In addition to this I Tried my best to add the step by step guide about how to Identify & Exploit Vulnerable Subdomains Using 5 different services that includes, Amazon Cloudfront  Heroku Desk.com Pantheon service Github Pages Hope […]