Exploring Origin Display Manipulation on Permission PromptsIs It a Security Bug or an Intentional Design Choice?Feb 24Feb 24
Exploiting XXE and SSRF Vulnerabilities in Tibco WebFOCUS and Epson ePOS PrinterIn today’s post, I’ll discuss a recent discovery I made while hunting on a private bug bounty program. During this, I uncovered several XML…Aug 14, 2024Aug 14, 2024
Breaking the Barrier: Remote Code Execution via SSTI in FreeMarker Template EngineIn 2023, I discovered a significant vulnerability in an application that was using outdated version of the FreeMarker template engine. The…Jul 6, 2023Jul 6, 2023
Exploiting DOM Based XSS via Misconfigured postMessage() FunctionToday, we will be discussing how to exploit DOM-based XSS through Misconfigured Postmessage function. Two sites can communicate with each…Mar 31, 2022Mar 31, 2022
PDFReacter SSRF to ROOT Level Local File Read which led to RCEWhat is PDFReacter? - PDFReacter is a parser which parses HTML content from HTML to PDF.Apr 18, 2019A response icon3Apr 18, 2019A response icon3
Scary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack HackersOne day I was playing with a tool debookee (Network Traffic Interception) in the office, I noticed that the tool was intercepting facebook…Apr 6, 2019A response icon4Apr 6, 2019A response icon4
Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack.While testing an application, there was a module “Delete User” in which an admin can delete any user.Mar 12, 2019A response icon1Mar 12, 2019A response icon1
Abusing ACL Permissions to Overwrite other User’s Uploaded Files/Videos on s3 BucketHi all, Today I am writing a blog about on a recent finding on HackerOne’s one of the program. I was looking for IDORs in an application…Dec 30, 2018Dec 30, 2018
Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution )Hi everyone, After completing my OSCP certification I thought to give a try to bug bounty, as OSCP has sharpened my exploitationSkills.Sep 18, 2018A response icon3Sep 18, 2018A response icon3
How i hacked my Internet Service Provider and automated the attack. ( Hacked to Learn)I’ll be using victim.com as a site name in the article as i cannot disclose the name.It was a normal day and i was looking for some good…Feb 17, 2018A response icon5Feb 17, 2018A response icon5
