Some Information on this Post such as Target URL, Endpoint, and several others was modified due to Protect the Privacy of the Program I like finding bugs in apps that have a lot of features. T...
SSRF in PDF Renderer using SVG
Some Information on this Post such as Target URL, Endpoint, and several others was modified due to Protect the Privacy of the Program A few times ago, I had the opportunity to do Bug Hunting...
From Git Folder Disclosure to Remote Code Execution
A few moments ago I did Bug Hunting activities in one of the Private Programs on Bugcrowd. As usual, the hunting process begins with Recon and Enumeration. The hunting process is carried out on thi...
From Unvalidated Redirect and Parameter Tampering to Account Takeover
In this simple write-up, I would like to tell how I found an Account Takeover vulnerability with a unique method. There’s no special or unique bypass thing. Just try to find another exploitation wa...
How I accidentally found Bug in Google Search Console
In this simple write-up, I would like to tell how I found an Access Control bug in the Google Search Console application, where I can get information related to the domain that I added to the appli...
XSS to Account Takeover - Bypassing CSRF Header Protection and HTTPOnly Cookie
When doing a Bug Hunting and finding a Stored XSS bug, the imagination will usually get a big enough bounty that has been spinning around on the head. But sometimes the imagination fades when we tr...
Exploiting Cookie Based XSS by Finding RCE
When doing penetrating on this target, I collaborated with YoKo Kho to get the highest privileges. In this paper, you may find a little similarity with his trick. But in the real case, what we w...
AWS Metadata Disclosure via "Hardcoded Host" Download Function
Sometimes, when visiting a website, we find a link to download files from that site. The downloaded file can be a guide, tutorial, or another document. When hunting private programs on Bugcrowd,...