M7arm4nStory of a strange IDOR without IDHave you ever thought about exploiting an IDOR without any ID!? Returns sensitive data without any specific ID!?3 min read·Apr 15, 2024----
M7arm4ninInfoSec Write-upsFinding the hidden function led to a $300 IDORThe story of finding hidden functions which allow me to unauthorized access…3 min read·Mar 19, 2024--1--1
M7arm4ninInfoSec Write-upsStory of Lock up users’ account by DOS attack cost $1,100A misconfiguration on reset password led the attacker to block the victim to use their own account.3 min read·Mar 6, 2024--5--5
M7arm4ninInfoSec Write-ups[CORS] Easy peasy lemon squeezyThis blog post provides an accessible explanation of CORS and its misconfigurations.2 min read·Sep 18, 2023----
M7arm4ninInfoSec Write-upsAn IDOR leads join any group makes me $2,500Simple IDOR rewards $2,500 💰3 min read·Aug 18, 2023--1--1
M7arm4ninInfoSec Write-upsLet’s Go For Whole CompanyThis time we are not going to talk about the effects of a vulnerability on users.we want to talk about taking over an entire organization…3 min read·Jul 13, 2023--1--1
M7arm4ninInfoSec Write-upsDiscovery of an XSS on OperaDiscovering XSS in large companies is one of my hobbies. Today I want to talk about Opera XSS which took 15 minutes. The power of finding…2 min read·May 9, 2023--1--1
M7arm4ninInfoSec Write-upsMass Assignment leads to the victim’s account being inaccessible foreverHi Guys, My name is m7arm4n and today I wanna talk about one of my findings on a private program that was vulnerable to Mass Assignment…4 min read·May 4, 2023--2--2
M7arm4ninInfoSec Write-upsUnauthorized access to the admin panel via leaked credentials on the WayBackMachineHello my friends, Today I want to talk about one of my admin panel bypass methods which leads me to easily bypass the admin panel2 min read·May 1, 2023--3--3
M7arm4ninInfoSec Write-upsExploit Privilege Escalation Like a ProHere is my Privilege Escalation vulnerability on a private program that let attackers takeover whole company…3 min read·Apr 10, 2023--1--1