Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a Short POC tutorial of the issue. A few days ago i was doing static analysis of an Android app on a bug bounty target, as normally i decompiled my targeted […]
Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here’s a Short POC of the issue. HackerOne Report: #420420 A Subdomain on Snapchat’s website https://whatis.snapchat.com/ Gives the basic information about Snapchat, what it does and how it […]
Hey guys so this blog post is about a User Account Takeover issue that i discover. the bug was an Account Takeover issue that was found in Signup & Switch Accounts feature so here’s the a Short POC of the issue. While testing i saw that there is a “Switch Accounts” Option in Application Menu and mine […]
Hey, So First of all before i start writing about this issue i want you guys to read the blog about Ticket Trick it was written by Inti De Ceukelaire (Thanks to him for sharing this and help us work on it to secure more companies ). This blog is just about my experience with this issue and how i use this issue […]
Hey Guys, So This blog is a short blog about a P1 issue i found in a site it was a really simple and maybe a common issue, So I got invited to a site and the first thing i mostly do is to check github.com for issues related to that site & also code etc, so i searched […]
Hey Guys, So This Blog is Basically About an issue i found in a web where a missing file and an Unsecured S3 Bucket connected to that website gave me a way to takeover that subdomain without a Subdomain Takeover Vulnerability, So Let’s begin So I was testing a private program when i came across a Subdomain on […]
Hey Guys, So Another Concise Report about an SQLi I recently Found One day i was just going through some Twitter posts and saw one of my friend replied to a tweet about a Swag pack As Some of you guys already know How Attractive such Tweets are so i decided to Test the Site that give him […]
Hi Guys, Honestly i was just getting bored and the blog wasn’t updated ina while so i decided to write this (Will share some more recent issues in a few days 🙂 ) So i want this Write Up to be concise.. to Let’s Just say I was checking subdomains of a site and found a subdomain jenkins-thor.dosomething.org so By […]
So this year in March i was just testing different settings of my iPhone that was running the latest IOS that time it was IOS 11.2.6 and i came across a setting under Settings > Siri > WhatsApp>”Use With Siri” I turned it on and locked my iPhone just to see if i can use WhatsApp to send a Message […]
About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for $120/year i’ve decided to test WeTransfer for any possible vulnerability that can result of me bypassing their payment system or getting a Plus subscription for completely free well for this […]