Open in app

Sign In

Write

Sign In

Swapmaurya
Swapmaurya

493 Followers

Home

About

Dec 3, 2022

3 Step IDOR in HackerResume

Before moving forward with this blog if you don’t have any context over what IDOR is you can refer the same over here So to begin with, the story started when I was asked to test HackerResume since new features were being added on to see if there’s any security…

Bug Bounty

5 min read

3 Step IDOR in HackerResume
3 Step IDOR in HackerResume
Bug Bounty

5 min read


Nov 5, 2022

Blind XSS to Rescue

It’s quite common to see when you are searching something for a long time and it has always been there obvious and you fail to notice it, that’s the similar story what we will be going to see here. To those who aren’t familiar with Blind XSS(Cross Site Scripting) here’s…

Bug Bounty

4 min read

Blind XSS to Rescue
Blind XSS to Rescue
Bug Bounty

4 min read


Oct 1, 2022

Switching from Red Team to Blue Team

Based on the title it would have been clear what this blog is all about, for those who didn't get it till now to be precise this story describes the journey of mine how did I get into infosec domain and started Freelancing with minimal coding knowledge and later learning…

Infosec

5 min read

Switching from Red Team to Blue Team
Switching from Red Team to Blue Team
Infosec

5 min read


Published in System Weakness

·May 1, 2022

Exploiting IRCTC along with few other government domains through XXE

In this blog, I would be giving an Insight about XXE(XML External Entity) injection and a practical attack case study where I did Responsible Disclosures to Indian Government through NCIIPC back in 2021. Why does an XXE attack persist in a Web Application or any other Software which has an…

Bug Bounty

4 min read

Exploiting IRCTC along with few other government domains through XXE
Exploiting IRCTC along with few other government domains through XXE
Bug Bounty

4 min read


May 16, 2020

Password Reset Poisoning leading to Account Takeover

As mentioned in my previous blog here is my another blog on Account Takeover which is unique from the previous one. So getting started with it, after achieving my 1st P1 on Bugcrowd which was for IDOR to Account Takeover the next day I got a private program invite with…

Bug Bounty

3 min read

Password Reset Poisoning leading to Account Takeover
Password Reset Poisoning leading to Account Takeover
Bug Bounty

3 min read


Apr 9, 2020

Response Manipulation to Account Takeover

Hello Everyone here is my another blog for Account Takeover which I Discovered back in November 2019 on a Hackerone Private Program. I have already reported 3–4 bugs to this program but only 2 got rewarded and another one got Informative so I moved further to discover more and I…

Bug Bounty

4 min read

Response Manipulation to Account Takeover
Response Manipulation to Account Takeover
Bug Bounty

4 min read


Apr 5, 2020

CSRF to Account Takeover

Hello Everyone this was my 1st Account Takeover Since I have been in Bug Bounty! This was an External Program running a Bug Bounty Program and I got to know about this website by my classmate Pratik Yadav as he recommended me to try my luck on it. CSRF(Cross Site…

Bug Bounty

2 min read

CSRF to Account Takeover
CSRF to Account Takeover
Bug Bounty

2 min read


Feb 11, 2020

A Simple IDOR to Account Takeover

Getting Started with IDOR, What is IDOR? IDOR refers to Insecure Direct Object Reference which means you get access to something which is not intended to be accessible to you, or you don’t have the right privileges to execute that action on the web application. Technically it’s an access control…

Bug Bounty

3 min read

A Simple IDOR to Account Takeover
A Simple IDOR to Account Takeover
Bug Bounty

3 min read

Swapmaurya

Swapmaurya

493 Followers

https://swapmaurya.in

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech