cyberpro151OAuth Based CSRF: Exploiting The Flaw In Implementation Of State ParameterHey there! A few days ago, while doing penetration testing on one of the assets of our client, I came through a scenario that is worth…Sep 61Sep 61
cyberpro151Two Factor Authentication Bypass via using Victim’s DeviceIDHey there! It’s cyberpro151 back with another writeup about a unique technique of bypassing Two Factor Authentication that I uncovered in a…Aug 163Aug 163
cyberpro151OAuth CSRF: Exploiting the Authorization Code Flow for Account TakeoverHello everyone! It’s cyberpro151 back with another writeup about an Account Takeover vulnerability that I found using CSRF vulnerability in…Jun 243Jun 243
cyberpro151Unlocked Secrets: How Leaked Credentials Fuel Bug BountiesHey there! It’s cyberpro151 back with another writeup about a finding for which I’ve got a lot of requests for writeup. In this writeup, I…May 234May 234
cyberpro151OTP Bruteforce Chained with Response Manipulation Leads to Zero Click Account TakeoverHey there! It’s cyberpro151 back with another PoC writeup for y’all.Apr 174Apr 174
cyberpro151My First Account Takeover Via Password Reset PoisoningHey there everyone! It’s cyberpro151 here and in today’s article, I’ll share with y’all that how I was able to find an Account Takeover…Feb 1610Feb 1610