Account Takeover using SSO LoginsCompanies often provide various login methods for users to authenticate their accounts.Dec 12, 2024A response icon10Dec 12, 2024A response icon10
User info extraction abusing placeholder injection in ZendeskIn this blog, I will share how I found template injection affecting Zendesk customers with default configuration.Oct 31, 2024A response icon1Oct 31, 2024A response icon1
Authorization bypass due to cache misconfigurationThis writeup is about one of my favorite findings as it was a very unexpected issue.Aug 21, 2024A response icon21Aug 21, 2024A response icon21
Abusing auto mail responders to access internal workplacesWhen ever you send an email to a company address support@example.com , contact@example.com you might have noticed you will be greeted with…Jun 8, 2024A response icon3Jun 8, 2024A response icon3
Published inPenTester NepalFacebook email disclosure and account takeoverI have a preference for apps over web when it comes to hunting, so in January I decided to dive deep into apk endpoints hoping to find…Sep 8, 2021A response icon3Sep 8, 2021A response icon3
Published inPenTester NepalFacebook Email/phone disclosure using Binary searchSo in December I decided to hunt on Facebook, and chose to go with the Facebook Android AppJul 9, 2021Jul 9, 2021
JavaScript analysis leading to Admin portal accessI love hunting on small scoped websites cause i can be assured that i have seen every corner and analyzed every endpoint of the that…Dec 16, 2020Dec 16, 2020
How I dumped PII information of customers in an ecommerce site?Like every website, the most interesting endpoint is always the image upload section. So I fired my burp and was checking how the images…Dec 10, 2020A response icon3Dec 10, 2020A response icon3
How I was able to do Mass Account Takeover[Bug Bounty]This was one of the interesting bug that i found on a target.Aug 5, 2020Aug 5, 2020
