When Exposed API Keys Spill the Sensitive Data 😱😱Hello readers! Recently, I teamed up with my friend Swapnil Bobale to work on a few bug bounty programs, and together, we discovered some…Sep 26, 2024Sep 26, 2024
Breaking Through the Template Barrier: The Dark Art of Server-Side InjectionDuring my participation in a recent bug bounty program for a Private Company with Responsible Disclosure, I discovered a Server-Side…Feb 26, 2023Feb 26, 2023
How I found Command Injection via Obsolete PHPThumb P1 vulnerabilityHello Readers, after a great response to my previous write-up on Account Takeover Chained to Host Header Injection. I would like to thank…Oct 30, 20213Oct 30, 20213
Account Takeover Chained to Host Header InjectionHello Readers, Hope you all are doing well this Pandemic. And in this Lock Down of Work From Home you might have upgraded your skills. Lets…May 30, 20213May 30, 20213
Apache Struts-2 Remote Code Execution CVE-2018–11776Hello Guys, Today I am going to tell you about my finding on a web based application and it is a very well known vulnerability found on…Apr 1, 2020Apr 1, 2020
