Before moving forward with this blog if you don’t have any context over what IDOR is you can refer the same over here So to begin with, the story started when I was asked to test HackerResume since new features were being added on to see if there’s any security…

It’s quite common to see when you are searching something for a long time and it has always been there obvious and you fail to notice it, that’s the similar story what we will be going to see here. To those who aren’t familiar with Blind XSS(Cross Site Scripting) here’s…

Based on the title it would have been clear what this blog is all about, for those who didn't get it till now to be precise this story describes the journey of mine how did I get into infosec domain and started Freelancing with minimal coding knowledge and later learning…

In this blog, I would be giving an Insight about XXE(XML External Entity) injection and a practical attack case study where I did Responsible Disclosures to Indian Government through NCIIPC back in 2021. Why does an XXE attack persist in a Web Application or any other Software which has an…

As mentioned in my previous blog here is my another blog on Account Takeover which is unique from the previous one. So getting started with it, after achieving my 1st P1 on Bugcrowd which was for IDOR to Account Takeover the next day I got a private program invite with…

Hello Everyone here is my another blog for Account Takeover which I Discovered back in November 2019 on a Hackerone Private Program. I have already reported 3–4 bugs to this program but only 2 got rewarded and another one got Informative so I moved further to discover more and I…

Hello Everyone this was my 1st Account Takeover Since I have been in Bug Bounty! This was an External Program running a Bug Bounty Program and I got to know about this website by my classmate Pratik Yadav as he recommended me to try my luck on it. CSRF(Cross Site…

Getting Started with IDOR, What is IDOR? IDOR refers to Insecure Direct Object Reference which means you get access to something which is not intended to be accessible to you, or you don’t have the right privileges to execute that action on the web application. Technically it’s an access control…