Finding Origin IP that leads to Sensitive Information Disclosure
Hello Everyone, In this article I will explain how did find the Origin IP address of a website, and fuzzing the IP address lead me to a directory that had a python script that contains the logins of phpmyadmin, hence the Origin IP that leads to Sensitive Information Disclosure. As its a private program, let’s […]
Finding Phone Number (OTP Bypass) bypass in Porsche
Hello Everyone, In this article I am going to explain you How I was able to bypass the Phone Number OTP, or OTP bypass in Porsche via Response Manipulation. Here’s How I did it. Register First. (Also the application doesn’t checks for real email or a temporary email which can lead to creation of fake […]
Finding Race Condition Vulnerability in the invite function that bypass maximum members limit.
Hello Everyone, in this post I am going to explain you how I have found a race condition vulnerability that bypass the maximum members limit which lead me to got a bounty of $250. Its a private website so lets say the website is www.redacted.com The website allows to create teams, and in the team […]
Finding HTML Injection Vulnerability
Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain how did I found a HTML Injection Vulnerability which got me a bounty of $150. Its a private website so lets say the website is www.redacted.com The website allows to send group invitations as well as custom e-mails to […]
Session Not Expiring
Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain about a simple vulnerability/bug/logical-issue. It happens due to poor authorisation configuration. I will not be explaining how I found the bug or what are the steps, Here I am just going to explain you about the impact, and how […]
Finding No Rate Limit to Account Take Over
Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain how did I found a No Rate Limit vulnerability in the Authentication Point that leads to Account Take Over in an OTT platform website. Its a private website so lets say the website is www.redacted.com Before proceeding further, let […]
Finding IDOR To Get User’s Details
Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain how did I found an IDOR that reveals User Details in an OTT platform website. Its a private website so lets say the website is www.redacted.com The IDOR vulnerability lies in the GET request of GET User data via […]
Finding Stored XSS in the widget builder feature of a website.
Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain how did I found a Stored XSS in the widget builder feature of a website that made me 50$ Bounty. Its a private website so lets say the website is www.redacted.com First thing first, I was just simply browsing […]