Muhammad Khizer Javed
How I Manipulated My Rank on the Bugcrowd Platform

How I Manipulated My Rank on the Bugcrowd Platform

Muhammad Khizer Javed 1 year ago

This vulnerability on the Bugcrowd platform allowed manipulating rank on the platform using the API.

Muhammad Khizer Javed
Hacking 100k+ Loyalty Programs for Fun and Profit!

Hacking 100k+ Loyalty Programs for Fun and Profit!

Muhammad Khizer Javed 2 years ago

This blog post is about how a hacker could have Hacked 100k+ Loyalty Programs to get free points & redeem them for free stuff or coupons.

Muhammad Khizer Javed
Hacking Subscription Plans for free service.

Hacking Subscription Plans for free service.

Muhammad Khizer Javed 2 years ago
Muhammad Khizer Javed
Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC

Microsoft Apache Solr RCE Velocity Template | Bug Bounty POC

Muhammad Khizer Javed 4 years ago

Hey guys so this blog post is about RCE issue reported to Microsoft bug bounty program, Remote Code execution issue existed in microsoft.com subdomain running Apache Solr.   I’ll try…

Muhammad Khizer Javed
Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC

Hacking SMS API Service Provider of a Company |Android App Static Security Analysis | Bug Bounty POC

Muhammad Khizer Javed 4 years ago

Hey guys so this blog post is about doing static analysis of an Android App, And due to insecure storage of SMS API credentials I was able to Takeover the SMS API here’s a Short POC of the issue.

Muhammad Khizer Javed
Exploiting Insecure Firebase Database!

Exploiting Insecure Firebase Database!

Muhammad Khizer Javed 4 years ago

Hey guys so this blog post is about Exploiting Insecure Firebase Databases, due to Improper set security rules one can write data to the database in certain conditions here’s a…

Muhammad Khizer Javed
Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC

Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC

Muhammad Khizer Javed 4 years ago

Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat…

Muhammad Khizer Javed

How I was able to get subscription of $120/year For Free | Bug Bounty POC

Muhammad Khizer Javed 6 years ago

About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for…

Hunting Insecure Direct Object Reference Vulnerabilities for Fun and Profit (PART-1)

6 years ago

Hello Guys!! This is my first Blog post and i am starting with IDOR Vulnerability. In this Post you will know about many endpoints to test IDOR vulnerability! Hope you…