Open in app

Sign In

Write

Sign In

M7arm4n
M7arm4n

230 Followers

Home

About

Published in System Weakness

·Dec 21, 2022

Zero Click To Account Takeover (IDOR + XSS)

Hello dear friends, This write up is about one of my finding on BugCrowd’s programs that lead attacker use IDOR to inject XSS payload on victim profile and send request to update password function till change victim password. Recon is the most important part of bug bounty. How much you…

Bug Bounty

3 min read

Zero Click To Account Takeover (IDOR + XSS)
Zero Click To Account Takeover (IDOR + XSS)
Bug Bounty

3 min read


Published in System Weakness

·Jan 21, 2022

Multi XSS Exploit in Upload File

Hello amazing hunters, Today i want to notice 4 ways to find xss in file upload that i found all of them in bug bounty programs or pentest programs. Let’s play this game… XSS via SVG file This is my favorite one that leads an attacker to upload an SVG…

Xss Attack

2 min read

Multi XSS Exploit in Upload File
Multi XSS Exploit in Upload File
Xss Attack

2 min read


Published in System Weakness

·Jan 13, 2022

C.S.T.I Lead To Account Takeover $$$

Hello amazing hunter, Today I want to tell you a short story but this story has a long memory for me. In this story, I found some vulnerabilities with a payload. Let’s play this game… I decided to hunt a program on Bugcrowd, I had 131 domains to recon. So…

Bug Bounty

3 min read

C.S.T.I Lead To Account Takeover $$$
C.S.T.I Lead To Account Takeover $$$
Bug Bounty

3 min read


Published in System Weakness

·Jan 9, 2022

Host Header Injection Lead To Account Takeover

Hello amazing hacker, Today, I want to talk about one of my findings in a private pentest program that leads me to take over other user accounts with one click. …

Bug Bounty

3 min read

Bug Bounty

3 min read


Jan 1, 2022

One Click To Account Takeover

Hello amazing hunters. Today , I want to tell a story about my favorite endpoint , Again. I noticed in the last story , How i able to takeover user’s account with zero click. Today , I want to try another way to takeover account but this time we need…

Bug Bounty

2 min read

Bug Bounty

2 min read


Dec 14, 2021

Zero Click To Account Takeover

Hello amazing hunter. Today, I want to explain one of my favorite reports which lead me to take over any user account without one click from user. My favorite endpoint for test is reset password function; In this endpoint we have a lot of different options for test. Let me…

Writeup

2 min read

Zero Click To Account Takeover
Zero Click To Account Takeover
Writeup

2 min read


Dec 4, 2021

Easy Way For Bounty , OTP Bypass !!!

Hello amazing Hunter. Today I want Talk about one of my Report that i can’t Believe after a long time other Hunters dose not report it as soon as possible. First of all my name is Arman and this is my first post and i hope be Helpful for you…

Application Security

2 min read

Application Security

2 min read

M7arm4n

M7arm4n

230 Followers

Maybe Hunter But absolutely a movie fan :)

Following
  • Sm4rty

    Sm4rty

  • Jerry Shah (Jerry)

    Jerry Shah (Jerry)

  • Medusa

    Medusa

  • Ratnadip Gajbhiye

    Ratnadip Gajbhiye

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech