PinnedHow I Test for SQL Injection ( In the Most Human Way Possible )How I Test for SQL Injection ( In the Most Human Way Possible )Sep 7A response icon6Sep 7A response icon6
Sensitive info leaks ( What i learned, that could help you as well )Hey bug bounty hunters ! I’ve reported info disclosure / sensitive data exposure vulns that all got accepted.. Here’s what I’ve learned…Nov 3A response icon2Nov 3A response icon2
Testing XSS in chatbot instancesHere’s a little tip for testing XSS in chatbot instances; when you inject an XSS payload as a user message and it doesn’t execute, don’t…Nov 2A response icon2Nov 2A response icon2
How a Resend-Link Flow Exposed Critical User PIIs ( CWE-284 )I discovered a critical access control vulnerability in an administrative API that exposed sensitive personally identifiable information (…Sep 28A response icon2Sep 28A response icon2
Why I Started a 30-Day Bug Bounty Hunting Challenge Before Going Full-Time.Jul 26A response icon3Jul 26A response icon3
Bug Bounty Hunting : It’s Not Always What You ThinkWhy I Focus on Broken Access and Info Disclosure over other vulnerabilities ( XSS, SSRF, e..t..c ) Jun 28A response icon3Jun 28A response icon3
The Ultimate Guide to Starting a Career in Website Application Bug Bounty Hunting ( For Absolute…Bug bounty hunting is one of the most exciting, rewarding fields in cybersecurity. If you’re curious about how hackers find vulnerabilities…Jun 1A response icon14Jun 1A response icon14
I Bypassed Business Email Restrictions on REDACTED.COM Using the Invite Feature ( Logic Flaw )While checking out the registration process on redacted.com, I ran into something not good. redacted.com enforces a policy that blocks…May 18A response icon2May 18A response icon2
Email Verification Flaw : Allows Me To Verify Any Email ID Without The Owner’s InteractionWhile testing the REDACTED website application (https://app.REDACTED.com), I came across a surprising behavior. Normally, when you sign up…May 17May 17
