Subdomain Takeover via Unsecured S3 Bucket Connected to the Website
Hey Guys, So This Blog is Basically About an issue i found in a web where a missing file and an Unsecured S3 Bucket connected to that website gave...
IDOR User Account Takeover By Connecting My Facebook Account with victims Account
Hey Guys Its Me Khizer again So This Blog is about an IDOR issue i found in a Web where changing the User ID in Facebook auth callback linking request...
Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC
Hey guys Me again with a Short POC about Login Bypass Using SQL Injection to get Access to AutoTraders Webmail so lets begain the POC will be short. What happened...
ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC
Hey Guys! Me Back with a New Post This One is about an Authentication Bypass Vulnerability in one of the subdomains of https://zol.co.zw/ ZOL Zimbabwe and Then got an XSS...
SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC
Hey Guys, So Another Concise Report about an SQLi I recently Found One day i was just going through some Twitter posts and saw one of my friend replied...
RCE Unsecure Jenkins Instance | Bug Bounty POC
Hi Guys, Honestly i was just getting bored and the blog wasn’t updated ina while so i decided to write this (Will share some more recent issues in a few...
Edmodo official number for custom text messages to any number around the world!
Hello 1337s, I hope you all are doing good and hunting websites. Today I’m going to tell you about a very interesting finding which was very simple and I never...
IOS 11.4 Siri Auth Bypass | CVE-2018-4238
So this year in March i was just testing different settings of my iPhone that was running the latest IOS that time it was IOS 11.2.6 and i came across...
How I was able to get subscription of $120/year For Free | Bug Bounty POC
About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for...
How I found IDOR on Twitter’s Acquisition – Mopub.com
Hello everyone, Jay Jani noob here with another noobish finding. As 2k18 has started, I thought to hunt down Twitter for gaining reputation on HackerOne. I tried to find a bug...