Category: Tutorials

Using Inspect Element to Bypass Security restrictions | Bug Bounty POC

Hey guys so this blog post is about bug bounty report, I was able to Bypass Security restrictions by using inspect element and use Paid Features.   About the Issue: The issue is really simple to execute. I was looking for a way to use the service for free and managed to find it so…


Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC

Hey guys so this blog post is about doing static analysis of an Android App, And due to insecure storage of SMS API credentials I was able to Takeover the SMS API here’s a Short POC of the issue….


Exploiting Insecure Firebase Database!

Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a Short POC tutorial of the issue. A few days ago i was doing static analysis of an Android app on a bug bounty target, as…


Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)

Hello Guys!! This is my first Blog post and i am starting with IDOR Vulnerability. In this Post you will know about many endpoints to test IDOR vulnerability! Hope you will like it. Arbaz Hussain get invitation to test one private program and find vulnerabilities with his team mates but he was busy with his…


KNOXSS for Dummies! A new Detailed Guide to use KNOXSS Pro in real world

Just “XSS” it Hello to all my brothers and friends. First i would like to thank @knowledge_2014 (ak1t4 z3n) for his support and @IfrahIman_ (Ifrah Iman) for helping to write this article. My name is Emad Shanab from Egypt. I am a lawyer by occupation but I love to find bugs in websites as a hobby….


My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.

Hi All, So I decide to write about the Love story between Bug Bounties & Recon. First of all I’m not much of an Expert so I’m just sharing my opinion. This blog post will be focusing on recon & where to look for bugs In a Bug Bounty Program, This is not a guide…


Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION | BugBounty POC

What virtual hosts (or vhosts)? A single web server can be configured to run multiple websites at once, under different domain names. These are the virtual hosts (or vhosts) and they are usually found in shared hosting environments. Why you need to Enumerate? The host name discovery phase is an information gathering act to get…


What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?

The POST explains What is Subdomain Hijack/takeover Vulnerability, What are the Impacts of the Vulnerability & How can You prevent such attacks, In addition to this I Tried my best to add the step by step guide about how to Identify & Exploit Vulnerable Subdomains Using 5 different services that includes, Amazon Cloudfront  Heroku Desk.com…