Openredirection + clickjacking + csrf -> Account Takeover Hola Hackers, This writeup is about my first bug bounty in which the submission was duplicate, even though they rewarded me for chaining the bugs and reported it with an effective approach of a real-life attack scenario. Let’s Start First we will…

OTP Bypass — Hello Hackers, This time I am going to discuss an OTP leaking vulnerability that leads to account takeover in an e-commerce website. Let’s Start What is OTP? A one-time password, also known as a one-time PIN, one-time authorization code or dynamic password, is a password that is valid for only one…

Room link :: https://tryhackme.com/room/neighbour Overview Easy-rated machine dealing with IDOR, created by cmnatic. This is a very very easy machine that can be solved within minutes. What is IDOR? An Insecure direct object reference is a type of access control vulnerability in digital security. This can occur when a web application…

Bypassing XSS filters using Double Encoding — Hello Hackers, Recently I started my bug hunting journey and got an XSS by Bypassing Cloudflare WAF (you can read about it here). Now I am back with another XSS by Double Encoding. This attack technique consists of encoding user request parameters twice in hexadecimal format to bypass security controls…

HOSTED BY SNYK Hello everyone, i hope you all are doing well. This is my first writeup, feel free to comment your suggestions which helps me to improve. In this writeup I am solving some challenges from the recent FETCH THE FLAG CTF by SNYK. Going directly in to it… …