When Exposed API Keys Spill the Sensitive Data 😱😱Hello readers! Recently, I teamed up with my friend Swapnil Bobale to work on a few bug bounty programs, and together, we discovered some…Sep 26, 202497Sep 26, 202497
Breaking Through the Template Barrier: The Dark Art of Server-Side InjectionDuring my participation in a recent bug bounty program for a Private Company with Responsible Disclosure, I discovered a Server-Side…Feb 26, 202318Feb 26, 202318
How I found Command Injection via Obsolete PHPThumb P1 vulnerabilityHello Readers, after a great response to my previous write-up on Account Takeover Chained to Host Header Injection. I would like to thank…Oct 30, 20212803Oct 30, 20212803
Account Takeover Chained to Host Header InjectionHello Readers, Hope you all are doing well this Pandemic. And in this Lock Down of Work From Home you might have upgraded your skills. Lets…May 30, 20212873May 30, 20212873
Apache Struts-2 Remote Code Execution CVE-2018–11776Hello Guys, Today I am going to tell you about my finding on a web based application and it is a very well known vulnerability found on…Apr 1, 202023Apr 1, 202023