Some Information on this Post such as Target URL, Endpoint, and several others was modified due to Protect the Privacy of the Program I like finding bugs in apps that have a lot of features. T...

Some Information on this Post such as Target URL, Endpoint, and several others was modified due to Protect the Privacy of the Program A few times ago, I had the opportunity to do Bug Hunting...

A few moments ago I did Bug Hunting activities in one of the Private Programs on Bugcrowd. As usual, the hunting process begins with Recon and Enumeration. The hunting process is carried out on thi...

In this simple write-up, I would like to tell how I found an Account Takeover vulnerability with a unique method. There’s no special or unique bypass thing. Just try to find another exploitation wa...

In this simple write-up, I would like to tell how I found an Access Control bug in the Google Search Console application, where I can get information related to the domain that I added to the appli...

When doing a Bug Hunting and finding a Stored XSS bug, the imagination will usually get a big enough bounty that has been spinning around on the head. But sometimes the imagination fades when we tr...

When doing penetrating on this target, I collaborated with YoKo Kho to get the highest privileges. In this paper, you may find a little similarity with his trick. But in the real case, what we w...

Sometimes, when visiting a website, we find a link to download files from that site. The downloaded file can be a guide, tutorial, or another document. When hunting private programs on Bugcrowd,...