Pentester Nepal

Tackling IDOR on UUID based objects

Hi there! I hope all of you are doing well. I am back with my new writeup. In this writeup, i will be discussing about…

Access control worth $2000 (everyone missed this IDOR+Access control between two admins.)

My Bug Reporting Experience on Facebook

Last year, I encountered an unexpected glitch on Facebook that led me on a unique adventure. Here’s a simple look at what happened and what I learned from it.

Two Factor Authentication Bypass On Facebook

Summary: I discovered the lack of rate-limiting issue in instagram which could have allowed an attacker to bypass two factor authentication on facebook by confirming the targeted user’s already-confirmed facebook mobile number using the Meta Accounts…

Hacking Dutch Government For a lousy T-shirt

Good day, everyone! Greetings, As this is my first post on Pentester Nepal, I’d…

How I passed my C|EH Practical and how you can too ?

A tale of zero click account takeover

Hello there!
I hope everything is going well with you; today I’m back with the story of my…

Facebook Email/phone disclosure using Binary search

Facebook email disclosure and account takeover

I have a preference for apps over web when it comes to hunting, so in January I…