Skip to content

Security Breached Blog

| One step at a time There's no need to rush It's like learning to fly! |

Menu
  • Home
  • Who Am I
  • Bug Bounty Guide
Menu

Edmodo official number for custom text messages to any number around the world!

Posted on May 23, 2018May 23, 2018 by

Hello 1337s, I hope you all are doing good and hunting websites. Today I’m going to tell you about a very interesting finding which was very simple and I never expected that it could really exist there. I was hunting Edmodo nine months back and after various tests and techniques, I was unable to find…

Read more

IOS 11.4 Siri Auth Bypass | CVE-2018-4238

Posted on May 22, 2018September 10, 2018 by Muhammad Khizer Javed

So this year in March i was just testing different settings of my iPhone that was running the latest IOS that time it was IOS 11.2.6 and i came across a setting under Settings > Siri > WhatsApp>”Use With Siri” I turned it on and locked my iPhone just to see if i can use…

Read more

How I was able to get subscription of $120/year For Free | Bug Bounty POC

Posted on May 18, 2018May 18, 2018 by Muhammad Khizer Javed

About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for $120/year i’ve decided to test WeTransfer for any possible vulnerability that can result of me bypassing their payment system or getting a Plus subscription for…

Read more

How I found IDOR on Twitter’s Acquisition – Mopub.com

Posted on February 5, 2018February 5, 2018 by

Hello everyone, Jay Jani noob here with another noobish finding. As 2k18 has started, I thought to hunt down Twitter for gaining reputation on HackerOne. I tried to find a bug on their acquisition – Mopub.com It was a quite strong site to get a single bug. I tried to find XSS and more other bugs…

Read more

Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)

Posted on February 4, 2018February 5, 2018 by

Hello Guys!! This is my first Blog post and i am starting with IDOR Vulnerability. In this Post you will know about many endpoints to test IDOR vulnerability! Hope you will like it. Arbaz Hussain get invitation to test one private program and find vulnerabilities with his team mates but he was busy with his…

Read more

How I was able to Bypass XSS Protection on HackerOne’s Private Program

Posted on February 2, 2018February 5, 2018 by

Hello friends, This is Jay Jani here and First of all frankly I would like to tell you all that I am completely a noob so I did some noobish things here. Please forgive me for my noobness. So, I was testing a private program on HackerOne and tried to find some basic vulnerabilities. There was…

Read more

How I was able to Download Any file from Web server!

Posted on January 27, 2018January 27, 2018 by

Hello to all Masters and Learners, I hope you all are doing well and spending most of your time in hunting and learning. Where most of us spend time to exploit the mechanism or to find out the weak endpoints. 😀 This is my first Write-up, I know that I am weak in English but…

Read more

KNOXSS for Dummies! A new Detailed Guide to use KNOXSS Pro in real world

Posted on January 16, 2018January 17, 2018 by

Just “XSS” it Hello to all my brothers and friends. First i would like to thank @knowledge_2014 (ak1t4 z3n) for his support and @IfrahIman_ (Ifrah Iman) for helping to write this article. My name is Emad Shanab from Egypt. I am a lawyer by occupation but I love to find bugs in websites as a hobby….

Read more

Security Researcher saved Careem from a Data Breach

Posted on December 19, 2017December 20, 2017 by Muhammad Khizer Javed

Careem App is a car booking platform based in UAE which offers traveling services by which people can book a car on their doorstep in a couple of minutes. Careem App is known for its pick and drop service with the most comfortable and safe environment all over UAE, PAKISTAN, AFRICA and more countries. But,…

Read more

Unrestricted File Upload to RCE | Bug Bounty POC

Posted on December 19, 2017 by Muhammad Khizer Javed

Hey Guys, Hope all of you guys are doing well, I’m an Active Bug Bounty participant, & also sometimes work as a Freelancer for some extra pocket money :p So I got a Project to test a site for possible security issues, while working on the Project i was able to bypass the file Upload…

Read more
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next


  • Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC
  • Exploiting Insecure Firebase Database!
  • My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.
  • Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION | BugBounty POC
  • Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC
  • RCE Unsecure Jenkins Instance | Bug Bounty POC

Tweets by KHIZER_JAVED47
© 2022 Security Breached Blog | Powered by Minimalist Blog WordPress Theme
 

Loading Comments...