Tag: vulnerability

Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC

March 31, 2020
BugBounty POC
3 Comments

Hey guys so this blog post is about RCE issue reported to Microsoft bug bounty program, Remote Code execution issue existed in microsoft.com subdomain running Apache Solr.   I’ll try to be as simple as possible. Participated in Microsoft Bug Bounty Program first time.. About the RCE: While doing some recon on microsoft.com website i…

Read More

Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC

February 19, 2020
BugBounty POCTutorials
2 Comments

Hey guys so this blog post is about doing static analysis of an Android App, And due to insecure storage of SMS API credentials I was able to Takeover the SMS API here’s a Short POC of the issue….

Read More

Exploiting Insecure Firebase Database!

February 4, 2020
BugBounty POCTutorials
6 Comments

Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a Short POC tutorial of the issue. A few days ago i was doing static analysis of an Android app on a bug bounty target, as…

Read More

Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC

January 26, 2020
BugBounty POC
1 Comment

Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here’s a Short POC of the issue.     HackerOne Report: #420420 A Subdomain on Snapchat’s website https://whatis.snapchat.com/ Gives the basic information about Snapchat, what…

Read More

How I was able to get subscription of $120/year For Free | Bug Bounty POC

May 18, 2018
BugBounty POC
8 Comments

About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for $120/year i’ve decided to test WeTransfer for any possible vulnerability that can result of me bypassing their payment system or getting a Plus subscription for…

Read More

Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)

February 4, 2018
BugBounty POCTutorialsUncategorized
1 Comment

Hello Guys!! This is my first Blog post and i am starting with IDOR Vulnerability. In this Post you will know about many endpoints to test IDOR vulnerability! Hope you will like it. Arbaz Hussain get invitation to test one private program and find vulnerabilities with his team mates but he was busy with his…

Read More