Finding Origin IP that leads to Sensitive Information Disclosure

Origin IP that leads to Sensitive Information Disclosure

Hello Everyone, In this article I will explain how did find the Origin IP address of a website, and fuzzing the IP address lead me to a directory that had a python script that contains the logins of phpmyadmin, hence the Origin IP that leads to Sensitive Information Disclosure. As its a private program, let’s […]

Finding Phone Number (OTP Bypass) bypass in Porsche

OTP Bypass

Hello Everyone, In this article I am going to explain you How I was able to bypass the Phone Number OTP, or OTP bypass in Porsche via Response Manipulation. Here’s How I did it. Register First. (Also the application doesn’t checks for real email or a temporary email which can lead to creation of fake […]

Finding HTML Injection Vulnerability

HTML Injection

Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain how did I found a HTML Injection Vulnerability which got me a bounty of $150. Its a private website so lets say the website is www.redacted.com The website allows to send group invitations as well as custom e-mails to […]

Session Not Expiring

Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain about a simple vulnerability/bug/logical-issue. It happens due to poor authorisation configuration. I will not be explaining how I found the bug or what are the steps, Here I am just going to explain you about the impact, and how […]

Finding No Rate Limit to Account Take Over

NO RATE LIMIT BUG POC VULNERABILITY

Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain how did I found a No Rate Limit vulnerability in the Authentication Point that leads to Account Take Over in an OTT platform website. Its a private website so lets say the website is www.redacted.com Before proceeding further, let […]

Finding IDOR To Get User’s Details

IDOR-BUG-BOUNTY-WRITE-UP-POC

Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain how did I found an IDOR that reveals User Details in an OTT platform website. Its a private website so lets say the website is www.redacted.com The IDOR vulnerability lies in the GET request of GET User data via […]

Finding Stored XSS in the widget builder feature of a website.

Stored Cross Site Scripting (XSS)

Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain how did I found a Stored XSS in the widget builder feature of a website that made me 50$ Bounty. Its a private website so lets say the website is www.redacted.com First thing first, I was just simply browsing […]

Achievements🏆

All the mentioned companies below, I have reported security vulnerabilities for which I have either received acknowledgement as Hall of Fame or received monetary reward as Bug Bounties. 

  • Telekom.
  • Sony.
  • Dell.
  • Adobe.
  • Frill.Co
  • Lenskart.
  • NCIIPC RVDP. (Goverment of India)
  • Magicpin.
  • Vercel.
  • YourDost.
  • Porche.
  • Channable.
  • OpenMoney.
  • Uizard.