Skip to content

Security Breached Blog

| One step at a time There's no need to rush It's like learning to fly! |

Menu
  • Home
  • Who Am I
  • Bug Bounty Guide
Menu

How I was Able To Bypass Email Verification

Posted on December 8, 2018December 8, 2018 by

Hello Masters and Learner I hope you are doing well and always put your efforts to secure the world so that no can get benefits unethically. the main reason why i am writing this article is that sometime when we lose hope that time we just need to think outside of the box xD ….

Read more

Hacking a Company Through help desk – Ticket Trick | Bug Bounty POC

Posted on November 5, 2018 by Muhammad Khizer Javed

Hey,   So First of all before i start writing about this issue i want you guys to read the blog about Ticket Trick it was written by Inti De Ceukelaire (Thanks to him for sharing this and help us work on it to secure more companies ). This blog is just about my experience with this issue and…

Read more

P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC

Posted on November 3, 2018 by Muhammad Khizer Javed

Hey Guys,   So This blog is a short blog about a P1 issue i found in a site it was a really simple and maybe a common issue, So I got invited to a site and the first thing i mostly do is to check github.com for issues related to that site & also…

Read more

Privilege Escalation like a Boss

Posted on October 27, 2018 by

Hello guys, This is Jay Jani and after a long time, I am back with one of my finding. This one is simple Privilege Escalation on a private program of HackerOne.   PS : This post is for Noobs like me so Leets please ignore the post :/   So I was invited to participate…

Read more

Subdomain Takeover via Unsecured S3 Bucket Connected to the Website

Posted on September 24, 2018 by Muhammad Khizer Javed

Hey Guys,   So This Blog is Basically About an issue i found in a web where a missing file and an Unsecured S3 Bucket connected to that website gave me a way to takeover that subdomain without a Subdomain Takeover Vulnerability, So Let’s begin   So I was testing a private program when i…

Read more

IDOR User Account Takeover By Connecting My Facebook Account with victims Account

Posted on September 16, 2018September 16, 2018 by Muhammad Khizer Javed

Hey Guys Its Me Khizer again So This Blog is about an IDOR issue i found in a Web where changing the User ID in Facebook auth callback linking request actually connects my Facebook Account to the Victims Site Account so By this i could get complete access to User Account. So Let’s start what…

Read more

Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC

Posted on September 10, 2018September 10, 2018 by Muhammad Khizer Javed

Hey guys Me again with a Short POC about Login Bypass Using SQL Injection to get Access to AutoTraders Webmail so lets begain the POC will be short. What happened was i was working on AutoTraders Bug Bounty Program and had reported a couple of issues but all were Duplicate so i was checking subdomains…

Read more

ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC

Posted on September 9, 2018September 10, 2018 by Muhammad Khizer Javed

Hey Guys! Me Back with a New Post This One is about an Authentication Bypass Vulnerability in one of the subdomains of https://zol.co.zw/ ZOL Zimbabwe and Then got an XSS following with an SQLi in that Control Panel. So The Main Focus of this Blog Post will be on How i got access to the…

Read more

SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC

Posted on September 8, 2018September 8, 2018 by Muhammad Khizer Javed

Hey Guys,   So Another Concise Report about an SQLi I recently Found One day i was just going through some Twitter posts and saw one of my friend replied to a tweet about a Swag pack   As Some of you guys already know How Attractive such Tweets are so i decided to Test…

Read more

RCE Unsecure Jenkins Instance | Bug Bounty POC

Posted on September 7, 2018 by Muhammad Khizer Javed

Hi Guys, Honestly i was just getting bored and the blog wasn’t updated ina while so i decided to write this  (Will share some more recent issues in a few days 🙂 )   So i want this Write Up to be concise.. to Let’s Just say I was checking subdomains of a site and …

Read more
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next


  • What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?
  • Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC
  • Subdomain Takeover Through Expired Cloudfront Distribution | live.lamborghini.com
  • My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.
  • SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC
  • UBER Wildcard Subdomain Takeover | BugBounty POC

Tweets by KHIZER_JAVED47
© 2022 Security Breached Blog | Powered by Minimalist Blog WordPress Theme
 

Loading Comments...