Open in app

Sign In

Write

Sign In

M7arm4n
M7arm4n

550 Followers

Home

About

Published in

InfoSec Write-ups

·May 9

Discovery of an XSS on Opera

Discovering XSS in large companies is one of my hobbies. Today I want to talk about Opera XSS which took 15 minutes. The power of finding XSS so fast is searching out-of-the-box endpoints. To do this, you first need to find a list of all subdomains, even the ones that…

Infosec

2 min read

Discovery of an XSS on Opera
Discovery of an XSS on Opera
Infosec

2 min read


Published in

InfoSec Write-ups

·May 4

Mass Assignment leads to the victim’s account being inaccessible forever

Hi Guys, My name is m7arm4n and today I wanna talk about one of my findings on a private program that was vulnerable to Mass Assignment leads to make victim’s accounts inaccessible. …

Infosec

4 min read

Mass Assignment leads to the victim’s account being inaccessible forever
Mass Assignment leads to the victim’s account being inaccessible forever
Infosec

4 min read


Published in

InfoSec Write-ups

·May 1

Unauthorized access to the admin panel via leaked credentials on the WayBackMachine

Hello my friends, Today I want to talk about one of my admin panel bypass methods which leads me to easily bypass the admin panel. In my pervasive write-up, I noticed the power of the Wayback Machine and how it helped me to discover the hidden endpoints and exploit…

Infosec

2 min read

Unauthorized access to the admin panel via leaked credentials on the WayBackMachine
Unauthorized access to the admin panel via leaked credentials on the WayBackMachine
Infosec

2 min read


Published in

InfoSec Write-ups

·Apr 10

Exploit Privilege Escalation Like a Pro

Hi amazing researchers, Here is my Privilege Escalation vulnerability on a private program that let attackers take over the whole Company and even kick out the main manager. For discovery such this type of vulnerability, I always recommend working with the website deeply and organizing all features, user levels, etc. …

Info

3 min read

Exploit Privilege Escalation Like a Pro
Exploit Privilege Escalation Like a Pro
Info

3 min read


Published in

InfoSec Write-ups

·Apr 3

Let’s Hack Citizens Bank

Hello team, Here again, to review another of my findings but this time on the Citizens Bank, an American bank headquartered in Providence, Rhode Island, which operates in Connecticut, Delaware, etc. Here is the Citizens Bank Responsible Disclosure Program

Xss Attack

4 min read

Let’s Hacking Citizens Bank
Let’s Hacking Citizens Bank
Xss Attack

4 min read


Published in

InfoSec Write-ups

·Mar 23

Account Takeover Via Host Header Poisoning in ASDA

Hi amazing researcher, Welcome to another review of the vulnerability discovery on ASDA. Today I want to discuss Host Header Poisoning leading to a one-click-to-account takeover BUT that wasn’t a normal one. technically I used open redirect and Port Poisoning to exploit this vulnerability. Be my guest… Let’s talk about…

Infosec

7 min read

Account Takeover Via Poising Forget Password Port in ASDA
Account Takeover Via Poising Forget Password Port in ASDA
Infosec

7 min read


Published in

InfoSec Write-ups

·Mar 10

Default Credentials on Sony- Swag Time

Hi Guys, Again I'm here to review another of my finding on the Sony program, This write-up is about how to automate process helps you find High or even critical vulnerability easier. What’s the default credential vulnerability !? The term “default credentials vulnerability” describes a security problem where software, hardware…

Infosec

3 min read

Default Credentials on Sony- Swag Time
Default Credentials on Sony- Swag Time
Infosec

3 min read


Published in

InfoSec Write-ups

·Mar 4

Unauthorized Access To Admin Panel via Swagger

Hi guys, My name is Arman and you know me as M7arm4n. Today I want to talk about how I was able to access the admin panel in Coca-Cola for the 2022 World Cup 🏆 The essential part of discovering this vulnerability is continuous RECON, about 1 month before Hunting…

Infosec

3 min read

Unauthorized Access To Admin Panel via Swagger
Unauthorized Access To Admin Panel via Swagger
Infosec

3 min read


Published in

InfoSec Write-ups

·Dec 21, 2022

Zero Click To Account Takeover (IDOR + XSS)

Hello dear friends, This write-up is about one of my findings on BugCrowd’s programs that lead attackers to use IDOR to inject XSS payload on the victim profile and send a request to update the password function till change victim's password. Recon is the most important part of the bug…

Bug Bounty

3 min read

Zero Click To Account Takeover (IDOR + XSS)
Zero Click To Account Takeover (IDOR + XSS)
Bug Bounty

3 min read


Published in

System Weakness

·Jan 21, 2022

Multi XSS Exploit in Upload File

Hello amazing hunters, Today i want to notice 4 ways to find XSS in file upload that i found all of them in bug bounty programs or pentest programs. Let’s play this game… XSS via SVG file This is my favorite one that leads an attacker to upload an SVG…

Xss Attack

2 min read

Multi XSS Exploit in Upload File
Multi XSS Exploit in Upload File
Xss Attack

2 min read

M7arm4n

M7arm4n

550 Followers

Maybe Hunter But absolutely a movie fan :)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams