Skip to content

Security Breached Blog

| One step at a time There's no need to rush It's like learning to fly! |

Menu
  • Home
  • Who Am I
  • Bug Bounty Guide
Menu

HOW I WAS ABLE TO TAKEOVER FACEBOOK ACCOUNT | Bug Bounty Poc

Posted on December 10, 2017April 4, 2018 by

hey all here is ameer hamza,  Facebook has recently introduced login with phone functionality if you have forgotten your password. however I was able to exploit it which leads to access the facebook account.login with phone  button pops  a qr code to scan : so i thought why not try to break it ? firstly i…

Read more

My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.

Posted on November 25, 2017 by Muhammad Khizer Javed

Hi All, So I decide to write about the Love story between Bug Bounties & Recon. First of all I’m not much of an Expert so I’m just sharing my opinion. This blog post will be focusing on recon & where to look for bugs In a Bug Bounty Program, This is not a guide…

Read more

UBER Wildcard Subdomain Takeover | BugBounty POC

Posted on November 20, 2017November 20, 2017 by Muhammad Khizer Javed

Hi All, So Last month i decided to test Uber for Fun & Profit, So while scanning for subdomains to target i found a subdomain “design.uber.com” While navigating to the subdomain it redirected me to another domain Owned By Uber That was https://www.uber.design/ so The domain was new for me as i haven’t seen that before…

Read more

Accessing Localhost via Vhost | VIRTUAL HOST ENUMERATION | BugBounty POC

Posted on November 4, 2017November 5, 2017 by Muhammad Khizer Javed

What virtual hosts (or vhosts)? A single web server can be configured to run multiple websites at once, under different domain names. These are the virtual hosts (or vhosts) and they are usually found in shared hosting environments. Why you need to Enumerate? The host name discovery phase is an information gathering act to get…

Read more

What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?

Posted on October 11, 2017October 11, 2017 by Muhammad Khizer Javed

The POST explains What is Subdomain Hijack/takeover Vulnerability, What are the Impacts of the Vulnerability & How can You prevent such attacks, In addition to this I Tried my best to add the step by step guide about how to Identify & Exploit Vulnerable Subdomains Using 5 different services that includes, Amazon Cloudfront  Heroku Desk.com…

Read more

Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net

Posted on October 10, 2017 by Muhammad Khizer Javed

Hey guys! few Months a go i was  testing different sites for CORS (Cross Origin Resource Sharing ) issues so that i can see what actually it is as i took about a week to understand it  from different sources and blogs  so i found a website that was vulnerable and I tried to see…

Read more

Bugcrowd’s Domain & Subdomain Takeover vulnerability!

Posted on October 10, 2017 by Muhammad Khizer Javed

Hey, I decided to Write about this Issue because I have seen some people are still confused about “Fastly error: unknown domain” Many Subdomains of BugBounty programs have This error on their Subdomains and People Report is Without Claiming or Try to claim That.. But If you try to claim such Subdoamin it will ask…

Read more

Subdomain Takeover Through Expired Cloudfront Distribution | live.lamborghini.com

Posted on October 10, 2017 by Muhammad Khizer Javed

Hey Guys! So I have to accept that I’m a Huge Fan of Lamborghini Cars 👊 So I was just looking at their website lamborghini.com when I decided to scan subdomains of the website 😛 and I found a Subdomain (live.lamborghini.com) that was showing an error Like Cloudfront Error on live.lamborghini.com So as i Know and…

Read more

SQLi & XSS Vulnerabilities in a Popular Airlines Website!

Posted on October 10, 2017 by Muhammad Khizer Javed

  Hey Guys, Some of my friends was asking for another Writeup. so Here’s One 🙂 Last month I decided to practice a little So I took one of the popular websites… Lets Take That Website as goodwesite.com (As Its Not a public Program) Lets start from a Little basics. What is SQL Injection Vulnerability? This…

Read more
  • Previous
  • 1
  • 2
  • 3
  • 4


  • ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC
  • KNOXSS for Dummies! A new Detailed Guide to use KNOXSS Pro in real world
  • My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.
  • SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC
  • Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC
  • How I was able to Download Any file from Web server!

Tweets by KHIZER_JAVED47
© 2023 Security Breached Blog | Powered by Minimalist Blog WordPress Theme
 

Loading Comments...