M7arm4nStory of a strange IDOR without IDHave you ever thought about exploiting an IDOR without any ID!? Returns sensitive data without any specific ID!?Apr 151Apr 151
M7arm4ninInfoSec Write-upsFinding the hidden function led to a $300 IDORThe story of finding hidden functions which allow me to unauthorized access…Mar 193Mar 193
M7arm4ninInfoSec Write-upsStory of Lock up users’ account by DOS attack cost $1,100A misconfiguration on reset password led the attacker to block the victim to use their own account.Mar 66Mar 66
M7arm4ninInfoSec Write-ups[CORS] Easy peasy lemon squeezyThis blog post provides an accessible explanation of CORS and its misconfigurations.Sep 18, 2023Sep 18, 2023
M7arm4ninInfoSec Write-upsAn IDOR leads join any group makes me $2,500Simple IDOR rewards $2,500 💰Aug 18, 20231Aug 18, 20231
M7arm4ninInfoSec Write-upsLet’s Go For Whole CompanyThis time we are not going to talk about the effects of a vulnerability on users.we want to talk about taking over an entire organization…Jul 13, 20231Jul 13, 20231
M7arm4ninInfoSec Write-upsDiscovery of an XSS on OperaDiscovering XSS in large companies is one of my hobbies. Today I want to talk about Opera XSS which took 15 minutes. The power of finding…May 9, 20231May 9, 20231
M7arm4ninInfoSec Write-upsMass Assignment leads to the victim’s account being inaccessible foreverHi Guys, My name is m7arm4n and today I wanna talk about one of my findings on a private program that was vulnerable to Mass Assignment…May 4, 20232May 4, 20232
M7arm4ninInfoSec Write-upsUnauthorized access to the admin panel via leaked credentials on the WayBackMachineHello my friends, Today I want to talk about one of my admin panel bypass methods which leads me to easily bypass the admin panelMay 1, 20233May 1, 20233
M7arm4ninInfoSec Write-upsExploit Privilege Escalation Like a ProHere is my Privilege Escalation vulnerability on a private program that let attackers takeover whole company…Apr 10, 20231Apr 10, 20231