Armaan PathanExploiting XXE and SSRF Vulnerabilities in Tibco WebFOCUS and Epson ePOS PrinterIn today’s post, I’ll discuss a recent discovery I made while hunting on a private bug bounty program. During this, I uncovered several XML…Aug 14Aug 14
Armaan PathanBreaking the Barrier: Remote Code Execution via SSTI in FreeMarker Template EngineIn 2023, I discovered a significant vulnerability in an application that was using outdated version of the FreeMarker template engine. The…Jul 6, 2023Jul 6, 2023
Armaan PathanExploiting DOM Based XSS via Misconfigured postMessage() FunctionToday, we will be discussing how to exploit DOM-based XSS through Misconfigured Postmessage function. Two sites can communicate with each…Mar 31, 2022Mar 31, 2022
Armaan PathanPDFReacter SSRF to ROOT Level Local File Read which led to RCEWhat is PDFReacter? - PDFReacter is a parser which parses HTML content from HTML to PDF.Apr 18, 20193Apr 18, 20193
Armaan PathanScary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack HackersOne day I was playing with a tool debookee (Network Traffic Interception) in the office, I noticed that the tool was intercepting facebook…Apr 6, 20194Apr 6, 20194
Armaan PathanBrute Forcing User IDS via CSRF To Delete all Users with CSRF attack.While testing an application, there was a module “Delete User” in which an admin can delete any user.Mar 12, 20191Mar 12, 20191
Armaan PathanAbusing ACL Permissions to Overwrite other User’s Uploaded Files/Videos on s3 BucketHi all, Today I am writing a blog about on a recent finding on HackerOne’s one of the program. I was looking for IDORs in an application…Dec 30, 2018Dec 30, 2018
Armaan PathanChain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution )Hi everyone, After completing my OSCP certification I thought to give a try to bug bounty, as OSCP has sharpened my exploitationSkills.Sep 18, 20183Sep 18, 20183
Armaan PathanHow i hacked my Internet Service Provider and automated the attack. ( Hacked to Learn)I’ll be using victim.com as a site name in the article as i cannot disclose the name.It was a normal day and i was looking for some good…Feb 17, 20184Feb 17, 20184
Armaan PathaninInfoSec Write-upsChaining Self XSS with UI Redressing is Leading to Session Hijacking (PWN users like a boss)while i was testing the web application i have found self xss. which has no impact. but i wanted to exploit this vulnerability, so have…Sep 18, 20171Sep 18, 20171