Hello amazing hunters, Today i want to notice 4 ways to find xss in file upload that i found all of them in bug bounty programs or pentest programs. Let’s play this game… XSS via SVG file This is my favorite one that leads an attacker to upload an SVG…

Hello amazing hunter, Today I want to tell you a short story but this story has a long memory for me. In this story, I found some vulnerabilities with a payload. Let’s play this game… I decided to hunt a program on Bugcrowd, I had 131 domains to recon. So…

Hello amazing hacker, Today, I want to talk about one of my findings in a private pentest program that leads me to take over other user accounts with one click. In One Click To Account Takeover, I noticed that how we can find parameters in JSON and change the host…

Hello amazing hunters. Today , I want to tell a story about my favorite endpoint , Again. I noticed in the last story , How i able to takeover user’s account with zero click. Today , I want to try another way to takeover account but this time we need…

Hello amazing hunter. Today, I want to explain one of my favorite reports which lead me to take over any user account without one click from user. My favorite endpoint for test is reset password function; In this endpoint we have a lot of different options for test. Let me…

Hello amazing Hunter. Today I want Talk about one of my Report that i can’t Believe after a long time other Hunters dose not report it as soon as possible. First of all my name is Arman and this is my first post and i hope be Helpful for you…