A tale of critical account take over
Hello everyone I hope everyone is healthy and safe taking precautions as well
So , I am going to share my latest finding which I have found on private program let’s get started !!
So first thing i do is check login with google and Facebook feature on program and I had this feature in my program
How does that work :
1) click on login with google
2) enter you email id and password
Simple right ?? Wait for twist
we all know vulnerability like changing email with other user email that…
A Story of Rs.10k Bounty within minutes
Hello everyone i hope you guys are doing great in this quarantine i decided to write small blog post about my months older bug please have a look
So it was normie day no college decided to hunt ask my friend if he got any program ?
got to know about program its indian program so will kept this as private ( dnt want to get sue by them :xD)
As usual started with passive recon on github, trello, repl.it …
From publicly available database leak to high impact business logic error
Hello everyone this is my first writeup I hope you guys will like it let’s get started :)
My target is private so will call it target ,it is tech giant company with many subsidiaries
Usually i start with passive recon I started with normal GitHub recon like
target “api” , target “token” etc
Had no success with that so I remembered best writeup from Prateek Tiwari where he mentioned about scribd.com
what is scribd ?
Scribd is an American e-book and audiobook subscription service that includes one million…
Student and bug bounty hunter