Hello friends, This is Jay Jani here and First of all frankly I would like to tell you all that I am completely a noob so I did some noobish things here. Please forgive me for my noobness. So, I was testing a private program on HackerOne and tried to find some basic vulnerabilities. There was a functionality where I can […]
Hello to all Masters and Learners, I hope you all are doing well and spending most of your time in hunting and learning. Where most of us spend time to exploit the mechanism or to find out the weak endpoints. 😀 This is my first Write-up, I know that I am weak in English but I’m going to try my […]
Just “XSS” it Hello to all my brothers and friends. First i would like to thank @knowledge_2014 (ak1t4 z3n) for his support and @IfrahIman_ (Ifrah Iman) for helping to write this article. My name is Emad Shanab from Egypt. I am a lawyer by occupation but I love to find bugs in websites as a hobby. “Every Law has its own […]
Careem App is a car booking platform based in UAE which offers traveling services by which people can book a car on their doorstep in a couple of minutes. Careem App is known for its pick and drop service with the most comfortable and safe environment all over UAE, PAKISTAN, AFRICA and more countries. But, what if this multinational organization […]
Hey Guys, Hope all of you guys are doing well, I’m an Active Bug Bounty participant, & also sometimes work as a Freelancer for some extra pocket money :p So I got a Project to test a site for possible security issues, while working on the Project i was able to bypass the file Upload functionality to Upload a shell […]
hey all here is ameer hamza, Facebook has recently introduced login with phone functionality if you have forgotten your password. however I was able to exploit it which leads to access the facebook account.login with phone button pops a qr code to scan : so i thought why not try to break it ? firstly i tried to decode the qrcode […]
Hi All, So I decide to write about the Love story between Bug Bounties & Recon. First of all I’m not much of an Expert so I’m just sharing my opinion. This blog post will be focusing on recon & where to look for bugs In a Bug Bounty Program, This is not a guide on how to find bugs […]
Hi All, So Last month i decided to test Uber for Fun & Profit, So while scanning for subdomains to target i found a subdomain “design.uber.com” While navigating to the subdomain it redirected me to another domain Owned By Uber That was https://www.uber.design/ so The domain was new for me as i haven’t seen that before that domain is a static […]
What virtual hosts (or vhosts)? A single web server can be configured to run multiple websites at once, under different domain names. These are the virtual hosts (or vhosts) and they are usually found in shared hosting environments. Why you need to Enumerate? The host name discovery phase is an information gathering act to get a complete and detailed view […]
The POST explains What is Subdomain Hijack/takeover Vulnerability, What are the Impacts of the Vulnerability & How can You prevent such attacks, In addition to this I Tried my best to add the step by step guide about how to Identify & Exploit Vulnerable Subdomains Using 5 different services that includes, Amazon Cloudfront Heroku Desk.com Pantheon service Github Pages Hope […]