Account Takeover using SSO LoginsCompanies often provide various login methods for users to authenticate their accounts.Dec 12, 20246Dec 12, 20246
User info extraction abusing placeholder injection in ZendeskIn this blog, I will share how I found template injection affecting Zendesk customers with default configuration.Oct 31, 20241Oct 31, 20241
Authorization bypass due to cache misconfigurationThis writeup is about one of my favorite findings as it was a very unexpected issue.Aug 21, 202419Aug 21, 202419
Abusing auto mail responders to access internal workplacesWhen ever you send an email to a company address support@example.com , contact@example.com you might have noticed you will be greeted with…Jun 8, 20242Jun 8, 20242
Published inPenTester NepalFacebook email disclosure and account takeoverI have a preference for apps over web when it comes to hunting, so in January I decided to dive deep into apk endpoints hoping to find…Sep 8, 20213Sep 8, 20213
Published inPenTester NepalFacebook Email/phone disclosure using Binary searchSo in December I decided to hunt on Facebook, and chose to go with the Facebook Android AppJul 9, 2021Jul 9, 2021
JavaScript analysis leading to Admin portal accessI love hunting on small scoped websites cause i can be assured that i have seen every corner and analyzed every endpoint of the that…Dec 16, 2020Dec 16, 2020
How I dumped PII information of customers in an ecommerce site?Like every website, the most interesting endpoint is always the image upload section. So I fired my burp and was checking how the images…Dec 10, 20203Dec 10, 20203
How I was able to do Mass Account Takeover[Bug Bounty]This was one of the interesting bug that i found on a target.Aug 5, 2020Aug 5, 2020