AbhishekBypassing LFI (Local File Inclusion)LFI (Local File Inclusion) allows an attacker to expose a file on the target server. With the help of directory traversal(../) we can…Jun 3, 20213Jun 3, 20213
AbhishekPassword reset poisoning to ATO and OTP bypass.A common way to implement password reset functionality is to generate a secret token and send an email with a link containing the token…Aug 1, 20202Aug 1, 20202
AbhishekBug Bounty in Lockdown (SQLi and Business Logic)I hope you all are doing well in this lockdown. I kinda have a hard time concentrating on bug bounty for now cause of staying home all the…Jun 24, 20202Jun 24, 20202
AbhishekClickjacking to Account TakeoverClickjacking is an attack in which a user is tricked to click on something that he didn’t intend to, meaning an attacker could possibly…May 28, 20202May 28, 20202
AbhishekStrange Redirect (Fixed but no bounty)The target has a bug bounty program but they fixed it without any response. 🤷🏻♂️Apr 17, 20201Apr 17, 20201
AbhishekRCE via Apache Struts2 - Still out there.Apache struts2 was discovered years ago but still we can find instances of it around the internet.Feb 27, 20202Feb 27, 20202
AbhishekHyperlink Injection - Easy Money (sometimes)What is Hyperlink Injection, its basically spoofing or injecting a link while sending an email…Jan 28, 20201Jan 28, 20201
AbhishekMy First RCE (Stressed Employee gets me 2x bounty 🤑)This was an easy find tbh, but since it was my first and a weird one i would like to share.Jan 10, 20202Jan 10, 20202
AbhishekBypassing Captcha !I don’t really look for captcha bypass, but this one specified that if captcha bypass is found it will be…Dec 20, 20193Dec 20, 20193