Muhammad Khizer Javed
Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC

Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC

Muhammad Khizer Javed 4 years ago

Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat…

Muhammad Khizer Javed
User Account Takeover via Signup Feature | Bug Bounty POC

User Account Takeover via Signup Feature | Bug Bounty POC

Muhammad Khizer Javed 4 years ago

Hey guys so this blog post is about a User Account Takeover issue that i discover. the bug was an Account Takeover issue that was found in Signup & Switch…

How I was Able To Bypass Email Verification

6 years ago

Hello Masters and Learner I hope you are doing well and always put your efforts to secure the world so that no can get benefits unethically. the main reason why…

Muhammad Khizer Javed

Hacking a Company Through help desk – Ticket Trick | Bug Bounty POC

Muhammad Khizer Javed 6 years ago

Hey,   So First of all before i start writing about this issue i want you guys to read the blog about Ticket Trick it was written by Inti De Ceukelaire (Thanks to him…

Muhammad Khizer Javed

P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC

Muhammad Khizer Javed 6 years ago

Hey Guys,   So This blog is a short blog about a P1 issue i found in a site it was a really simple and maybe a common issue, So…

Privilege Escalation like a Boss

6 years ago

Hello guys, This is Jay Jani and after a long time, I am back with one of my finding. This one is simple Privilege Escalation on a private program of…

Muhammad Khizer Javed
Subdomain Takeover via Unsecured S3 Bucket Connected to the Website

Subdomain Takeover via Unsecured S3 Bucket Connected to the Website

Muhammad Khizer Javed 6 years ago

Hey Guys,   So This Blog is Basically About an issue i found in a web where a missing file and an Unsecured S3 Bucket connected to that website gave…

Muhammad Khizer Javed

IDOR User Account Takeover By Connecting My Facebook Account with victims Account

Muhammad Khizer Javed 6 years ago

Hey Guys Its Me Khizer again So This Blog is about an IDOR issue i found in a Web where changing the User ID in Facebook auth callback linking request…

Muhammad Khizer Javed

Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC

Muhammad Khizer Javed 6 years ago

Hey guys Me again with a Short POC about Login Bypass Using SQL Injection to get Access to AutoTraders Webmail so lets begain the POC will be short. What happened…

Muhammad Khizer Javed

ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC

Muhammad Khizer Javed 6 years ago

Hey Guys! Me Back with a New Post This One is about an Authentication Bypass Vulnerability in one of the subdomains of https://zol.co.zw/ ZOL Zimbabwe and Then got an XSS…