Found a critical vulnerability involving leaked AWS credentials within an Android App API during a bug bounty hunt. by utilizing Dynamic Application Security Testing (DAST) and the Mobile Security Framework (MobSF) to uncover the vulnerability. This blog post provides a step-by-step guide for newcomers to set up their own testing environments and utilize MobSF.
This vulnerability on the Bugcrowd platform allowed manipulating rank on the platform using the API.
Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features. About the Issue: The...
Hey Everyone, My name is M.Qasim Munir and this is my first blog article that I’m writing about getting started in android apps pen-testing. I hope this article will help...
Hey guys so this blog post is about doing static analysis of an Android App, And due to insecure storage of SMS API credentials I was able to Takeover the SMS API here’s a Short POC of the issue.
Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a...
Hello Guys!! This is my first Blog post and i am starting with IDOR Vulnerability. In this Post you will know about many endpoints to test IDOR vulnerability! Hope you...
Just “XSS” it Hello to all my brothers and friends. First i would like to thank @knowledge_2014 (ak1t4 z3n) for his support and @IfrahIman_ (Ifrah Iman) for helping to write this...
Hi All, So I decide to write about the Love story between Bug Bounties & Recon. First of all I’m not much of an Expert so I’m just sharing my...
What virtual hosts (or vhosts)? A single web server can be configured to run multiple websites at once, under different domain names. These are the virtual hosts (or vhosts) and...