PinnedPublished inInfoSec Write-upsExploiting XSS with Javascript/JPEG PolyglotWhat is a polyglot?Apr 8, 2022A response icon6Apr 8, 2022A response icon6
Bypassing 2FA in GraphQL APIs: A Step-by-Step GuideThis blog explains how 2FA can be bypassed in GraphQL applications using different techniques.Jul 5Jul 5
When the Grind Drains You: The Dark Side of Bug BountyIntroduction: The Highs and Lows of the HuntJul 1A response icon1Jul 1A response icon1
Published inInfoSec Write-upsExposed Client Secret in JavaScript Resulted in Quick Bug Bounty $$$IntroductionJun 28Jun 28
Published inInfoSec Write-upsIDOR Leads to Unauthorized Deletion: How I Earned $500 in Bug BountyIntroductionJun 22Jun 22
Published inInfoSec Write-upsBug Bounty Findings: Unauthorized Addition of Shipping Addresses and Shopping Carts via CSRFWhile testing the account features of an e-commerce platform, I came across a CSRF vulnerability that allowed unauthorized addition of…Jun 19A response icon1Jun 19A response icon1
Bug Bounty Guide: Finding and Exploiting Leaked .git/ DirectoriesIn this blog, we’ll look at how exposed .git/ directories can lead to critical information leaks. You’ll learn how to detect them, analyze…Jun 14Jun 14
Published inInfoSec Write-upsHow to Test “Forgot Password” for Bugs — A Guide for BB Hunters & PentestersIntroductionJun 13A response icon1Jun 13A response icon1
Published inInfoSec Write-upsBroken Object Level Authorization Vs. Broken Functionality Level Authorization | API Hacking |In this blog, we will explore two significant security vulnerabilities: Broken Object Level Authorization (BOLA) and Broken Functionality…Oct 17, 2023A response icon2Oct 17, 2023A response icon2
