Omar AhmedThe great chain of duplicates. Utilizing Javascript and Logic in the bug bounty field.Nov 4, 20232Nov 4, 20232
Omar AhmedGraphql path traversal lead to disclosure of PII.Hi, I’m here to share a path traversal bug I found on a private program on h1 which allowed me to access restricted internal API with…Nov 3, 2023Nov 3, 2023
Omar AhmedThe UUID is attatched to the account itself, so for example If I want to identify an account I…Aug 29, 20231Aug 29, 20231
Omar AhmedِAccount takeover hidden in Javascript files plus some extra work? my type.Hey guys, after my latest account takeover I decided to collaborate with one of my friends on the same program I got the first ATO on. Was…Aug 29, 20232Aug 29, 20232
Omar AhmedAccount takeover hidden in Javascript files.Hey guys, I’m here to share a broken access control bug I found on a private program on h1 which enabled me to take over any account with…Jul 4, 20231Jul 4, 20231
Omar AhmedIDOR, unpin posts for fun.Hey guys, I’m here to share my recent IDOR on LinkedIn bug bounty program on h1 which enabled me to unpin any pages/companies’ posts…Jun 13, 2023Jun 13, 2023